Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 41 subscribers
  • Views 2850 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to install STAS service ("account name is invalid")

JamesGolden

I'm trying re-install STAS on a DC, but when I try to specify the account to run the service as, I'm getting a Fatal Error.

"the Account name is invalid or does not exist, or the passwords is invalid for the account name specified".

Of course, I've verified the original service account used, as well as tried my domain admin account and creating a new service account. I've verified their passwords and that I can log in with them. I've verified that they have been granted the "log on as a service" right. 

I've tried running ProcessMonitor to see if I get access denied to registry keys somewhere, but the only thing I get is for the configSTAS.exe process  that's querying a key under wow6432node\microsoft\ctf. 

Has anyone else run into this? Any suggestions?



This thread was automatically locked due to age.
Parents
  • 0

    I had the same issue on a DC - I ended up exporting the config from another STAS and then importing it to this instance and loading that and it worked.

    Like you no matter what I put it wouldn't accept it.

    Sophos XG 450 (SFOS 18.5.1 MR-1)

    Sophos R.E.D 50 x 2

    Always configuring new stuff.....

  • 0 in reply to M8ey

    Thanks. That's what I ended up doing as well. Even with the service installed, I still can't change the user through the STAS gui.  Testing the WMI connection to a workstation, I get "Parameter is incorrect", even though I can successfully query WMI on the workstation through wmic command line. I suspect that the 2 problems are related.

Reply
  • 0 in reply to M8ey

    Thanks. That's what I ended up doing as well. Even with the service installed, I still can't change the user through the STAS gui.  Testing the WMI connection to a workstation, I get "Parameter is incorrect", even though I can successfully query WMI on the workstation through wmic command line. I suspect that the 2 problems are related.

Children
  • 0 in reply to JamesGolden

    JamesGolden said:
    Parameter is incorrect"

    Ha yeah that too.

    Also trying to sync config from a good STAS to the bad STAS fails as does checking connectivity.

     

    I never did work it out - reinstalling etc did nothing.

    Sophos XG 450 (SFOS 18.5.1 MR-1)

    Sophos R.E.D 50 x 2

    Always configuring new stuff.....

  • 0 in reply to M8ey

    And the strangest thing is seeing the service trying to log into workstations with a username of 'mohit". I can't find where that's even coming from. Needless to say it's not working; not finding the users.

    I've got a customer I want to roll this and XG out to but they are heavy users of user and group filtering. So this is worrisome.

     

    ERROR [0x1758] 2/12/2020 12:33:37 : wrkstpoll_workerthread_wmi: couldnt connected to WMI Namespace '\\192.168.xx.xxx\root\cimv2': 0x800706ba

    DEBUG [0x1758] 2/12/2020 12:33:38 : wrkstpoll_workerthread_wmi: connecting to WMI Namespace '\\192.168.xxx.xxx\root\cimv2'

    MSG [0x1758] 2/12/2020 12:33:38 : wrkstpoll_workerthread_wmi: username:.\mohit

     

     

  • 0 in reply to JamesGolden

    What i have noticed is when you try to configure STAS to run under as a service account or use a AD user to logon as a service and publish a GPO, this logon as a service can affect other systems that currently have logon as a service setup locally on their pc's, servers. Sophos advice to run STAS under a domain admin account to logon as a service which most IT admins will not favour. As sophos continue to evolve with new security concepts and address existing issues i am hoping for a better solution.

    I followed this guide initially to setup STAS

    https://www.fastvue.co/sophos/blog/sophos-stas-authentication-step-by-step/

     

     

  • 0 in reply to lara20

    Thanks for the article. Great Post!

    I've used STAS with a UTM before. I've just never run into problems installing the stas agent itself.

Unfiltered HTML