Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 37 subscribers
  • Views 1733 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

can't delete AD user in FW XG

Fabiano Pamplona dos Santos

Hi guys,

We can't delete some users from sophos firewall. When we tried do this, this message was presented: " Couldn't delete user. A firewall rule, VPN connection, web policy rule, or SSL/TLS inspection rule exists for this user"

We already delete the user from AD and now can't delete from table users on firewall.

When open the csc.log we found this information:

MESSAGE Mar 15 12:46:48Z [worker:11107]: {"request":{"method":"opcode","name":"delete_user","version":"1.6","type":"json","length":486,"data":{ "currentlyloggedinuserip": "127.0.0.1", "___cmenabled": 0, "___meta": { "sessionType": 4 }, "Entity": "user", "transactionid": "1535581", "APIVersion": "1900.1", "___serverport": 19951, "userIds": [ "example_user@companyname.com.br" ], "___serverprotocol": "HTTP", "mode": 33, "webfilterid": "Allow All", "___cmrequest": 0, "appfilterid": "Allow All", "___username": "admin_central_sa", "Event": "DELETE", "___serverip": "127.0.0.1", "___component": "GUI", "currentlyloggedinuserid": 3 }}}
ERROR Mar 15 12:46:48Z [delete_user:11107]: get_query_status: DB has returned error code: 23503
ERROR Mar 15 12:46:48Z [delete_user:11107]: get_query_status:Query Error: ERROR: update or delete on table "tbluser" violates foreign key constraint "tblfwuser_userid_fkey" on table "tblfwuser"

which function refer the table informed on the log above ?

Is that possible delete those users using sophos firewall gui ?

Thanks all for help us.



This thread was automatically locked due to age.
  • 0

    Hello,

    Greetings,

    As per the error, it seems like that the user is exist in the firewall rule and hence you are unable to delete. Once it is identified and removed from the usage. You may use the option called "Purge AD users" from Configure -> Authentication -> Users. This will delete all the users which has been removed from the AD server.

    If you fails to identify where the user is used in firewall rule. You may DM me with the username and firewall access ID.

    Mayur Makvana
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to MayurMakvana

    Hi  ,

    Thanks a lot for your help, on last friday we upgrade the firewall and this issue was resolved.

    But the question wasn't response yet, because the upgrade in theory doesn't delete any rule, and for me this solution doesn't make sense.

    However, the issue on the users table resolved.

Unfiltered HTML