Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
STAS users keep disconnecting and have done since I purchased the 2 XG230 units. I've had a support ticket open since Feb 2018.
All tests in STAS (WMI, Reg, Agent, Collector) show as successful.
Live users appear in STAS and then randomly drop off, anywhere between 4min-4hrs.
Recently added another domain controller running the Sophos STAS agent. Any clients authenticated against that DC, in 'Show Live Users', display the XG's ip address?!
Then, suddenly appear again (twice) with the correct IP address and then drop off.
Any advise would be greatly appreciated.
Can you please post Screenshots of your Config.
Please both appliances. And Explain the IP addresses.
In reply to LuCar Toni:
Apologies again for the late response, MBP.
Screen shots of collector&agent/domain controller (attached) and ip addresses explained.
Many thanks as always.
MBP, and STAS agent (192.168.0.5) screenshots.
All tests to itself as an agent and to 192.168.0.6 the Collector and Sophos were successful
In reply to Tam Ben-Jusu:
missed the answer.
So can you test the Client via wmic?
Does it work or not? From collector.
Also please post the screenshot of STAS from XG.
Have a look at this KB article for implementing STAS with multiple Active Directory Domain Controllers:
Also, change the Logoff Detection Settings from "Workstation Polling" to "Ping" and see whether that makes a difference.
In reply to envercpt:
We had the same issue and workstation polling over WMI was the issue. Make sure your host firewalls allow it or just disable it.
I have stopped the firewall on the clients and, both, the WMI and Reg Read tests show as successful in STAS.
In reply to maph_:
I have turned the firewall on the clients off. Both the WMI and Reg Read tests show as successful in STAS.
Many thanks again
i do not talk about the WMI Test in Collector.
I talk about wmic over CMD on the DC.
Please perform those tests instead of the WMI test on the collector tab.
You mean these commands?
wmic:root\cli>/user: <DOMAIN>\administratorEnter the password :********wmic:root\cli>/node: <IP-ClientPC>wmic:root\cli>computersystem get username /value
Yep, I have run those and they all work.
I will get a screen shot for you.
I'm pretty sure I tried and clients still disconnected but that was a few iterations of firmware ago.
Will try again.
Yep the WMIC commands comeback as successful from the client to the DC
Are these the STAS settings from the XG you mean?
Here is a screenshot of the WMIC commands.
It is from the collector DC (192.168.0.6), in the domain PRIMARY, for user test321, on client PC 192.168.4.121
Thanks, as always
Within 20-30min of taking this screenshot the user test321 disappeared from STAS > Show Live Users.
Whilst still connected and surfing the internet.
After Logout, do you get the same output out of WMIC?