SFOS 16.05.6 MR-6 Broken STAS?

Hi All,

 

We have an XG 230 that I upgraded the firmware on. Since then users are getting the authentication pop up from the XG where others are fine.

Rebooting their PC fixes some so it might lead to a fresh login event fixing it. The Firewall shows them logging in but then logging out and then I get a Authentication fail.

Seems STAS is working for many but randomly fails others since the Firmware update.

I run two DCs with STAS enabled (Latest version of STAS) and I can see live users active yet others not. The inactivity time outs are set high so they would need to walk away for a few hours to be timed out.

EDIT: I disabled the Inactivity time out but still have the issue.

  

The logs just show NTML Client failed to Authenticate

Anyone else having this issue?

 

 

Edit: I can see a few others having the same since the update so I will roll back my Firmware for now until a fix is released.

  • Hi Ian,

    Please update us if the rollback to the previous firmware fixes the issue.

    Thanks

  • In reply to sachingurung:

    Hi Sachingurung,

     

    Yes rolling back to MR-5 fixed it right away.

     

    So MR-6 and STAS appears to have some issues. I did notice a few others in forums noting the same.

    I did try the latest STAS agents etc before rolling back but no fix - it was like the Timeout kicked in right after they authenticated.

     

    I will skip MR-6 and hopefully MR-7 will fix this

  • In reply to sachingurung:

    on MR-6 release notes other people are reporting that STAS is broken.

    Can you investigate on that and let us know?

    Thanks

  • In reply to lferrara:

    Hi Luk,

    There is no case reported yet, I would request all to report this to the support team and provide me the case#.

    Thanks

  • In reply to sachingurung:

    , , , can you report the STAS here and even the ticket open with Sophos Support?

    Thanks

  • In reply to lferrara:

    I reverted to previous firmware; opened a ticket (#7438609) but I don't' intend to apply the firmware just to debug.

    In my case users showed in STAS agents but no on UTM and also login from authentication page failed in some cases.

  • Very strange, STAS is working fine for me on MR6.  I'll be following this thread very closely though. 

  • In reply to lferrara:

    Case # 7440971

    I put this in the support ticket:

     

    XG230 running 16.05.5 MR-5 working fine. I have STAS set up and and on two collectors - one server 2008 R2 DC and another on Server 2016 DC. I have around 160 users a day logging in and using the XG230 Proxy without problem.

    Two nights ago i loaded the new MR-6 Firmware - right from the morning users were complaining about no internet access and being shown the captive portal. Reboot PC didnt fix it in many cases so not an event issue. Some did get the internet back after a reboot but lost it again within an hour.

    STAS showed Live users however in the Authentication logs I could see User Authenticated and right after Denied.

    It was so bad I had to roll back to MR-5 and working as normal again.

     

    Not a problem since - so STAS with Proxy / XG230 / Authentication or instant time out was causing the captive portal to open and SSO was not working.

  • In reply to Bill Roland:

    Bill Roland

    Very strange, STAS is working fine for me on MR6.  I'll be following this thread very closely though. 

     

     

    Out of curiosity what OS are your collectors installed on?

  • In reply to Kara Thrace:

    I have one on Server 2008 R2 and one on Server 2016

  • In reply to Kara Thrace:

    Windows Server 2012R2 for me.

  • In reply to lferrara:

    lferrara

    , , , can you report the STAS here and even the ticket open with Sophos Support?

    Thanks

     

     

    Sure can. Case number is "[#7428479] Initiating STAS for Authentication method fails"

    I have managed to get it working and so far it seems to be sturdy but, and a huge but, I have had to alter security to allow the account to perform WMI probes. Not sure I like that.

  • In reply to Bill Roland:

    I did have an older version of the STAS Collector on both DC's but updated both to the latest 2.2.1.0 before I rolled back thinking this might be the issue.

  • In reply to Ian Melton:

    Ian Melton

    I have one on Server 2008 R2 and one on Server 2016

     

     

    and which one is getting hit the most? I have two collectors also but it seems only one gets hit with queries

  • In reply to Kara Thrace:

    Yeah mine is similar.

    If I open STAS Collector on my Server 2008 R2 box I can only see two live users - The XG reports 162 live users right now.

    The server 16 STAS has no live users