Enabling "logoff detection", The firewall disconnect users after some minutes

Hi Herberth,

That means the WMI query is failing. Start STAS and perform a WMI\Registry read access verification to user’s IP address. If query is failed, follow the steps:

• Windows firewall or Antivirus could block WMI\Registry read access query. Add exception for TCP port 445 and 135 in client machine.
• Make sure that RPC, RPC locator, DCOM, WMI services are enabled in the system.
• Client machine should resolve AD FQDN, if not add host entry into machine or use AD IP as primary DNS.
• If there is any router/firewall in between, make sure that port 135 and 445 is open.
• Ensure that administrator account used in STAS is having administrator rights on client system.

Any help? Also, what is the firmware version of XG.

Hi sachingurung Thank you.

But my tests are all OK. 

 

• Windows firewall or Antivirus could block WMI\Registry read access query. Add exception for TCP port 445 and 135 in client machine.

OK

• Make sure that RPC, RPC locator, DCOM, WMI services are enabled in the system.

OK

• Client machine should resolve AD FQDN, if not add host entry into machine or use AD IP as primary DNS.

OK

• If there is any router/firewall in between, make sure that port 135 and 445 is open.

OK

• Ensure that administrator account used in STAS is having administrator rights on client system.

OK

Then is it something to do with the firmware version as reported in other threads? What is the firmware version?

Thanks

Hello!!!

We are using SFOS 16.05.4 MR-4 

Show me a picture of the log off detection tab in the STAS and from Authentication | Services | Global settings and Web Client.

Thanks

 

 

 

 

Try this, in STAS under "STAS Collector Tab" where the XG IP "192.168.1.252" is added, instead of that please add IP as "192.168.1.0 & subnet as 255.255.255.0 (/24)". Any Help?

Hi !

When you testing WMI connection via Sophos STAS or WMIC the workstations respond ? If no and like you said applied WMI exception in Windows Firewall. I already catched one of these problems, and when i dump packets of the wmi communication with wireshark, i receive AP_ERR_KERBEROS, it's because there are a problem with security communication besides workstation and Domain Controller, after take off and put in workstation again in domain the problem was solved. WMI communication happened

Hi !

When you testing WMI connection via Sophos STAS or WMIC the workstations respond ? If no and like you said applied WMI exception in Windows Firewall. I already catched one of these problems, and when i dump packets of the wmi communication with wireshark, i receive AP_ERR_KERBEROS, it's because there are a problem with security communication besides workstation and Domain Controller, after take off and put in workstation again in domain the problem was solved. WMI communication happened

Hey Kevin,

Have you ever found a solution for this issue? Were you able to enable the logoff detection successfully?

 

[],

Same problem for me. Clients are disconnected after some minutes. User not showed in live users tab.

I have to disconnect and reconnect again.

 

I an working with 17.5 realese.

 

Any suggestions?

 

Best regards,

Alessandro