Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 3 subscribers
  • Views 2845 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD Base user internet issue in HA

yualme
Dear Team,

I have 2 ASG 8.309(Node-1 & Node-2) 525 In HA (Active/Passive) , configuration.

And we have Cluster licence(Active/Active) & planning for the same but we are facing the issue in the Node-2(When it is master)

We are using Active Directory Single-Sign-On (SSO) for user authentication.

Node-1=>  (When Master)No Issue with AD User.

Node-2 => (When Master)Username & Password Window Pop-Up to AD User , at that time there is no issue with IP base users.(Winbindd service stoppes of Node)

So we need to manually fetch the users in Node-2 from AD to start winbindd service

OR

Need to give this command in Node-2 => /var/mdw/scripts/ntlm start

After that the internet works normally

PFA log of HA & Fallback massages.

And Some comman errors I'm getting while the issue

Do let me know if extra log or information is needed from my side


This thread was automatically locked due to age.
Parents
  • 0
    Manfred, how much luck have you had just doing a quick Backup/Restore to force a reload of the config file?  I think I'd try that first.  If that didn't work, I'd try Rebooting Node 2 when it is the Slave.  If that didn't work, I'd try a Factory-Reset on Node 2 .  This is done by turning HA off when Node 1 is Master causing a Factory Reset on the Slave.  Wait a minute to confirm it's resetting, and then turn Hot-Standby back on.

    But, I'm afraid in this case that your "brutal method" may be the only thing that will work. [:(]

    Yagnesh, please let us know what worked!

    Cheers - Bob
Reply
  • 0
    Manfred, how much luck have you had just doing a quick Backup/Restore to force a reload of the config file?  I think I'd try that first.  If that didn't work, I'd try Rebooting Node 2 when it is the Slave.  If that didn't work, I'd try a Factory-Reset on Node 2 .  This is done by turning HA off when Node 1 is Master causing a Factory Reset on the Slave.  Wait a minute to confirm it's resetting, and then turn Hot-Standby back on.

    But, I'm afraid in this case that your "brutal method" may be the only thing that will work. [:(]

    Yagnesh, please let us know what worked!

    Cheers - Bob
Children
  • 0 in reply to BAlfson
    Hi Team,

    Sorry for the late reply

    Fallback log & HA log's error resolved after running the NTP server.

    But I came to know that the Web security log's error , I'm getting is from the IP base user only(Not from the AD base user) & this issue is still continue.

    IP base user(My definition [:)]) => Defined in the "Web Filtering Profile => Proxy profile" , and they 
    are not the member of AD base internet access.

    Now any clue to stop them.

    2013:04:15-15:34:30 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc3152030" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:38:07 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc298ccc0" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:38:12 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xa081a18" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:38:17 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc2395b70" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:38:22 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xa3d72f0" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:38:29 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ffa498" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:41:33 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xbf87a030" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:42:11 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc298c9f0" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:42:14 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xa1301b8" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:47:16 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xbfe01e78" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:47:18 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc2143b88" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:47:49 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc2978b98" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:47:54 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xbf87a030" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:48:18 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ffa600" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:48:20 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xbc9fd738" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:49:35 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc2b61cd8" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"
    2013:04:15-15:50:53 FW_INTRA_HO-2 httpproxy[6793]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xbf83fa20" function="auth_adir_getsid_callback" file="auth_adir.c" line="518" message="winbindd request failed ()"