Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 9642 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS not working on 17, but does work on 16 and 9.5

RyanDonohue

 I just installed a new SG310 in one of our datacenters. We have multiple locations, and several Sophos appliances running different versions. As the title suggests on the newest appliance I've installed I actually pulled out an appliance running UTM 9.5 and put in a new one running XG 17. On version 9.5 STAS worked. Now on 17 it does not. I've looked at it with support and they seem to be stumped. Running the tests from the STAS client it says it's successful, and the client is showing "live users" so that portion seems to be working. But on the actual firewall none of the users are populating. AD authentication does work. If I direct a user to the user portal they can log in there and their user does show up after that. Also, the authentication portion of the logs is filled with errors saying "User jdoe failed to login to Firewall through AD,AD,Local authentication mechanism from x.x.x.x because of wrong credentials" (username and ip have been removed). These login failures all appear to be caused by an issue with SSO because there isn't anything on the firewall itself that our users log into, we don't really use or advertise the user portal unless it's needed for a specific reason. Anyone seen this before, and/or have any recommendations on what to check. I've set up quite a few of these appliances before and have never had trouble getting this working.



This thread was automatically locked due to age.
  • 0

    Not that it helps, but we have STAS working on a 210 and a 430 HA pair.  Do you see anything in the logs, and what version of STAS are you running, we use 2.2.1.0!

  • 0 in reply to CMR

    I'm running 2.2.1.0 as well. Our domain has two separate sites, and each site has two domain controllers. In our secondary site I have STAS set up on those two DC's working with an SG310 running XG 16. In our primary site though, I've got a nearly identical setup, but it won't work. Only difference I can see is that this one is running XG 17. I'm trying to find some logs with any useful information for this. So far just a bunch that say "authentication failed".

  • 0 in reply to RyanDonohue

    Well after several hours of troubleshooting with support they still have no idea why it isn't working. They've escalated it again and we'll keep working on it tomorrow. What they did find is that AD is working correctly, the STAS agents and collectors are working correctly and they are talking to the firewall. The issue seems to be on the firewall itself, it's essentially getting all the information but not doing anything with it. So my best guess is that it's a bug. So this would make bug #3 that I've stumbled on in the 4 days I've been running firmware 17. Ugh..... I'll update if we get it working. At least this isn't as bad as the other bug I'm dealing with that locks up the whole firewall and prevents anyone from logging into it until it's rebooted. Ouch. Really disappointed with Sophos' quality control lately.

  • 0 in reply to RyanDonohue

    I came across a very similar situation with 17. The resolution for our condition was to move the DC's into two separate collector groups on the XG.