I upgraded our instance in AWS to 9.309 tonight and now i'm unable to login. I've tried WebAdmin, UserPortal, and SSL VPN. Basically, I"m going to have to rebuild it from scratch.
if its a general problem other people will be angry about this.. but your voice is first moaning about it... i updates 3 utm myself in our company without problem, others did many more i read...
so i think its not a problem of the update ?!?
edit: nice to see that topic is chanced.... No more "do not upgrade" in it.. /edit
fair comment, but to date I haven't had a need to post anything (hence the low post count [:)]
I too have updated 3 utm's (well, technically 5 since 2 of them were in HA) prior to this, but when i performed the same upgrade (see note below) in our Amazon Web Services (AWS) Virtual Private Cloud (VPC) no user could login to VPN, UserPortal, and none of our admins can login to the WebPortal. therefore this situation was a huge shock as to date this process has been smooth.
also, i didn't change the topic, (it must have been the moderators) but I still don't recommend the upgrade FOR AWS. That's just my opinion. I was mainly trying to call for help after not finding similar issues (as you eluded) and to see what kind of support response we would receive.
Further, I should mention we were on 9.307 and were jumping two upgrades and we have Sophos' OTP authentication enabled.
I've tried several steps to recover since last night mainly different combinations of terminating, spinning up a new instance, (upgrading), restoring from backup, and attempting to log back in, but nothing has worked. as soon as i perform the restore, i'm unable to login. i'm going to try an older backup next.
again, thanks for the reply, but yes, i think it is a problem of the upgrade and again i wanted to warn other AWS users and seek assistance.
EDIT: I just spun up a fresh instance of UTM from 9.209, upgraded to 9.307, restored from backup from 2 weeks ago, and immediately lost connectivity (was running a ping) and AWS Console reports 1/2 health checks failed (instance reachability check). same behavior when i tried with last week's backup.
ok, good news is I was able to get in. the issue is the OTP Service. All users have a -3 offset.
EDIT: still not sure what's up with the inability to restore from backups. i've tried again a couple times and no matter what, it kills connectivity to the instance even though it's an identical configuration from ec2's perspective.
good to hear you find the issue. my personal interest in this case... is the OTP Service from the UTM or from the AWS Service? cant get the "cannot restore backup" connected with the OTP service in my logic brain ;-)
OTP Service we're using is from UTM (Definitions & Users > Authentication Services > One-time Password). I tend to agree these are likely two separate issues (when it rains it pours [;)] and the latter (backups) is clearly not related to this update.
I found an admin account was able to login (which led me to believe it was entirely OTP related) so I then modified the OTP settings, and voila! users could log in again. We then resynced time on the box to NIST instead of pool.ntp.org; and started having everybody login again. then tightened up the OTP settings again and we've been good since then.
