Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
We'd love to hear about it! Click here to go to the product suggestion community
i have an XG firewall (latest firmware), running 5 vlans, single domain controller.
i have installed the STAS application on my domain controller, followed the KB to the word
i even changed the user account for the stas app to the domain administrator, i have disabled the firewall on the DC...
but, no matter what i do, no live users are showing up in the advanced tab on STAS.
in the stas agent i have configured all our vlans, all 5 of them
in the stas collectors tab i have specified the xg ip address that is on the DC vlan (should i mention all its ip addresses on all vlans?)
in the advanced tab - test to sophos ip address is successful!
i dont understand what is wrong!
maybe screenshots would help a little:
Never found the trick to run it reliably either.
In reply to Big_Buck:
Lets get back to the topic.
First of all.
Agents is reporting all Users to Collector.
Collector is reporting to XG.
XG is using Collector to look up the Users.
Collector is fetching all Users and "verify" them via WMI.
Suite installs both components. Do you have multiple Collectors / agents ? This could cause a issue, if not setup properly.
You need to know, which of the steps above causes your Issue.
Do you see Users in the Collector (Live User Collector) but not XG?
Seems like something is broken between Collector and XG.
Do you see no Live users in Collector?
Seems like something is broken between Agent and Collector.
There is a Log on Collector and XG. You can actually use both to get a clue, what is going on.
In reply to LuCar Toni:
so, i have a single instance of stas running on a single domain controller.
meaning no multiple agents and no multiple collectors.
i dont see live users not on stas and not in xg.
i'm getting absolutely nothing
In reply to Avi Bar Ilan:
Avi Bar Ilan Please make sure on DC you have done,
- Go to Start > Administrative Tools > Local Security Policy to view Security Settings. Browse to Security Settings > Local Policies > Audit Policy and double click on Audit account logon events to view the Audit account logon events Properties window.
Select both the Success and Failure options and click OK to close the window.
- While still in the Local Security Policy, browse to Security Settings > Local Policies > User Rights Assignment and double click on Log on as a service to view the Log on as a service Properties.
If the Administrative user being used to install and run STAS is not listed here, select Add User or Group and add the user. Select OK to close the window.
Configure the Windows Firewall and/or 3rd party firewall software to allow communication over the following ports:
Note: RPC, RPC locator, DCOM and WMI services should be enabled on workstations for WMI/Registry Read Access.
if all above steps are done, check on your domain controller if the event id 4768 is getting logged. To check this in event viewer -> Windows -> security, filter for event id 4768.
If no events, try a restart of the DC and check again.
In reply to AWP:
i have already followed your suggested steps since they are all taken from the KB.
all event id 4768 are indeed showing in the DC event viewer
but still - no live users are showing up in SATS
Just to confirm, problem is no users are shown in the live users on stas agent installed.
Is the STAS installed on DC or member server.
STAS is installed on a DC
using latest STAS 2.5, maybe try 2.2
So you see all those Login Events in the Event Log of DC?
Can you actually see any entries in the Log of STAS?
i do see all those events in event viewer on the DC.
nothing in stas.
i changed the agent mode from eventlog to netapi...
that seemed to work for a few hours but now its not working again.
unstable is an understatement
cant find the 2.2...
do you have the 2.2 installer to share with me?
This should not help, i mean the old version should not have any changes regarding picking up the Event Log.
My question is, do you have any extra software on the DC, something special which could prevent STAS to hook up the Events?
And do you see something in the Logs of STAS?
i have no other software installed on the DC.
i have a lot of info on the logs, what exactly should look for?
Can you export some of the STAS Logs and check those Logs, whether you can find a root cause of not be able to sign in those Users or other reasons for not working.