Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 4831 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote AD SSO keeps failing

cthorpe
I'm having AD SSO issues where our new Sophos 120 units at our branch offices in NY and FLA keep disconnecting from our primary AD server in AZ and because of that, our users there are getting pop-ups for authentication.  To resolve this issue I had to re-join the domain and it'll work for 3 to 4 hours and then it breaks again.

We have Win2008 R2 RODC servers at both locations under one domain name.

The Sophos units are all connected via Site to Site VPN (IPSEC - AES256). MTU Discovery is checked at all remote gateways.

We have an older Astaro 320 here at the main office in AZ.  All units are on 8.306 (Can't wait for v9 to come out)

The web filter log shows this when users can not authenticate: (this log also appears on the FLA unit as well)

AD SSO works well at the AZ site and I'm guessing there might be some tweaking that needs to be done on the VPN side?

2012:09:13-17:02:23 ny01-proxy httpproxy[6205]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9d432f8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
2012:09:13-17:02:23 ny01-proxy httpproxy[6205]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.252" dstip="" user="Administrator" statuscode="407" cached="0" profile="REF_HttProBlockUsersProfi (Blocked Users Profiles)" filteraction=" ()" size="4593" request="0x9d432f8" url="www.yahoo.com/" exceptions="" error=""
2012:09:13-17:03:02 ny01-proxy httpproxy[6205]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9d432f8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
2012:09:13-17:03:02 ny01-proxy httpproxy[6205]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.252" dstip="" user="administrator" statuscode="407" cached="0" profile="REF_HttProBlockUsersProfi (Blocked Users Profiles)" filteraction=" ()" size="4593" request="0x9d432f8" url="www.yahoo.com/" exceptions="" error=""
2012:09:13-17:05:37 ny01-proxy httpproxy[6205]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9d43898" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
2012:09:13-17:05:37 ny01-proxy httpproxy[6205]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.252" dstip="" user="cthorpe" statuscode="407" cached="0" profile="REF_HttProBlockUsersProfi (Blocked Users Profiles)" filteraction=" ()" size="4593" request="0x9d43898" url="www.yahoo.com/" exceptions="" error=""
2012:09:13-17:05:44 ny01-proxy httpproxy[6205]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9d43e38" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
2012:09:13-17:05:44 ny01-proxy httpproxy[6205]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.1.252" dstip="" user="Administrator" statuscode="407" cached="0" profile="REF_HttProBlockUsersProfi (Blocked Users Profiles)" filteraction=" ()" size="4612" request="0x9d43e38" url="versioncheck.addons.mozilla.org/" exceptions="" error=""
2012:09:13-17:05:44 ny01-proxy httpproxy[6205]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9d47478" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
2012:09:13-17:05:44 ny01-proxy httpproxy[6205]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.1.252" dstip="" user="Administrator" statuscode="407" cached="0" profile="REF_HttProBlockUsersProfi (Blocked Users Profiles)" filteraction=" ()" size="4608" request="0x9d47478" url="services.addons.mozilla.org/" exceptions="" error=""


This thread was automatically locked due to age.
Parents
  • 0
    The issue came back and here's the web filter log:

    2012:09:24-11:36:56 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="721" message="server 'cffs13.astaro.com' access time: 640ms"
    2012:09:24-11:45:32 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8bfbcf8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:32 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4609" request="0x8bfbcf8" url="www.google-analytics.com/ga.js" exceptions="" error=""
    2012:09:24-11:45:41 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8c7c748" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:41 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4710" request="0x8c7c748" url="api.bing.com/qsml.aspx
    2012:09:24-11:45:42 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8c7cb80" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:42 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4702" request="0x8c7cb80" url="api.bing.com/qsml.aspx
    2012:09:24-11:45:43 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8c99478" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:43 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4702" request="0x8c99478" url="api.bing.com/qsml.aspx
    2012:09:24-11:45:44 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8c991a8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:44 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4703" request="0x8c991a8" url="api.bing.com/qsml.aspx
    2012:09:24-11:45:45 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf5e295e8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:45 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4593" request="0xf5e295e8" url="www.yahoo.com/" exceptions="" error=""
    2012:09:24-11:45:47 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf5e29cf0" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:47 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4604" request="0xf5e29cf0" url="www.yahoo.com/favicon.ico" exceptions="cache" error=""
    2012:09:24-11:46:14 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="720" message="reloading config"
    2012:09:24-11:46:15 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="561" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
    2012:09:24-11:46:15 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="2598" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
    2012:09:24-11:46:16 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="755" message="reloading config done, new version 49"
    2012:09:24-11:46:46 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="720" message="reloading config"
    2012:09:24-11:46:47 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="561" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
    2012:09:24-11:46:47 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="2598" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
Reply
  • 0
    The issue came back and here's the web filter log:

    2012:09:24-11:36:56 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="721" message="server 'cffs13.astaro.com' access time: 640ms"
    2012:09:24-11:45:32 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8bfbcf8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:32 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4609" request="0x8bfbcf8" url="www.google-analytics.com/ga.js" exceptions="" error=""
    2012:09:24-11:45:41 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8c7c748" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:41 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4710" request="0x8c7c748" url="api.bing.com/qsml.aspx
    2012:09:24-11:45:42 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8c7cb80" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:42 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4702" request="0x8c7cb80" url="api.bing.com/qsml.aspx
    2012:09:24-11:45:43 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8c99478" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:43 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4702" request="0x8c99478" url="api.bing.com/qsml.aspx
    2012:09:24-11:45:44 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8c991a8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:44 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4703" request="0x8c991a8" url="api.bing.com/qsml.aspx
    2012:09:24-11:45:45 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf5e295e8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:45 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4593" request="0xf5e295e8" url="www.yahoo.com/" exceptions="" error=""
    2012:09:24-11:45:47 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf5e29cf0" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="888" message="Authorization denied (NT_STATUS_NO_TRUST_SAM_ACCOUNT)"
    2012:09:24-11:45:47 ny01-proxy httpproxy[14743]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.28" dstip="" user="rvasslides" statuscode="407" cached="0" profile="REF_HttProHttpsRestr (HTTPS Restrictions)" filteraction=" ()" size="4604" request="0xf5e29cf0" url="www.yahoo.com/favicon.ico" exceptions="cache" error=""
    2012:09:24-11:46:14 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="720" message="reloading config"
    2012:09:24-11:46:15 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="561" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
    2012:09:24-11:46:15 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="2598" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
    2012:09:24-11:46:16 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="755" message="reloading config done, new version 49"
    2012:09:24-11:46:46 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="720" message="reloading config"
    2012:09:24-11:46:47 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="561" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
    2012:09:24-11:46:47 ny01-proxy httpproxy[14743]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="2598" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
Children
No Data