Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 2446 views
  • Users 0 members are here
Options
Suggested

How to troubleshoot Synchronized User ID Issues

seroal

Hi,

we want to use SynchronizedUser ID Auth, but we are stuck, the users are not being created on the Firewall. Is there an advice for troubleshooting? How to proceed? How can I get an idea, where the root cause could be?

I already read through this:

 Sophos Firewall: Heartbeat stops showing any endpoint clients on GUI 

Thanks.



Added TAGs
[edited by: emmosophos at 5:11 PM (GMT -7) on 30 May 2024]
Parents
  • 0

    Firewall and endpoint are registered within same Account in central?
    Feature "Security Heartbeat" is enabled within Firewall / Central ?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Yes to both questions... There is an improvment, the domain configured for ad server was wrong. But we still don´t see all users, that are logged in on clients with Endpoint Protection installed...

  • 0 in reply to seroal

    access_server.log Logfile with debug mode enabled also does not show anything about that user. In the SntpService.log we can see "Session logon for:" events while logging in to that machine.

  • 0 in reply to seroal

    For users appearing in the firewall, we can see such entries...:

    INFO May 31 06:14:27.084760Z [access_server]: print_auth_tlv: -----------------AUTH_TLV--------
    INFO May 31 06:14:27.084769Z [access_server]: print_auth_tlv: TLV Type: 0
    INFO May 31 06:14:27.084778Z [access_server]: print_auth_tlv: TLV Length: 4
    INFO May 31 06:14:27.084787Z [access_server]: print_auth_tlv: ---------------------------------
    DEBUG May 31 06:14:27.084795Z [access_server]: (process_sso_client_login_request): clienttype: 33
    INFO May 31 06:14:27.084806Z [access_server]: print_auth_tlv: -----------------AUTH_TLV--------
    INFO May 31 06:14:27.084813Z [access_server]: print_auth_tlv: TLV Type: 1
    INFO May 31 06:14:27.084821Z [access_server]: print_auth_tlv: TLV Length: 8
    INFO May 31 06:14:27.084829Z [access_server]: print_auth_tlv: ---------------------------------
    DEBUG May 31 06:14:27.084840Z [access_server]: (lc_utf8_bytes): lowercase = 'testusr1'
    DEBUG May 31 06:14:27.084852Z [access_server]: (process_sso_client_login_request): username: 'testusr1'
    INFO May 31 06:14:27.084862Z [access_server]: print_auth_tlv: -----------------AUTH_TLV--------
    INFO May 31 06:14:27.084869Z [access_server]: print_auth_tlv: TLV Type: 15
    INFO May 31 06:14:27.084876Z [access_server]: print_auth_tlv: TLV Length: 11
    INFO May 31 06:14:27.084882Z [access_server]: print_auth_tlv: ---------------------------------
    DEBUG May 31 06:14:27.084891Z [access_server]: (lc_utf8_bytes): lowercase = 'test.de'
    DEBUG May 31 06:14:27.084899Z [access_server]: (process_sso_client_login_request): domainname: test.de
    INFO May 31 06:14:27.084939Z [access_server]: print_auth_tlv: -----------------AUTH_TLV--------
    INFO May 31 06:14:27.084946Z [access_server]: print_auth_tlv: TLV Type: 5
    INFO May 31 06:14:27.084954Z [access_server]: print_auth_tlv: TLV Length: 12
    INFO May 31 06:14:27.084961Z [access_server]: print_auth_tlv: ---------------------------------
    DEBUG May 31 06:14:27.084971Z [access_server]: (process_sso_client_login_request): ipaddress: 1.2.3.4
    INFO May 31 06:14:27.084980Z [access_server]: PCA called for 1.2.3.4

    Are there specific log entries regarding problems/erros one can search for?

Reply
  • 0 in reply to seroal

    For users appearing in the firewall, we can see such entries...:

    INFO May 31 06:14:27.084760Z [access_server]: print_auth_tlv: -----------------AUTH_TLV--------
    INFO May 31 06:14:27.084769Z [access_server]: print_auth_tlv: TLV Type: 0
    INFO May 31 06:14:27.084778Z [access_server]: print_auth_tlv: TLV Length: 4
    INFO May 31 06:14:27.084787Z [access_server]: print_auth_tlv: ---------------------------------
    DEBUG May 31 06:14:27.084795Z [access_server]: (process_sso_client_login_request): clienttype: 33
    INFO May 31 06:14:27.084806Z [access_server]: print_auth_tlv: -----------------AUTH_TLV--------
    INFO May 31 06:14:27.084813Z [access_server]: print_auth_tlv: TLV Type: 1
    INFO May 31 06:14:27.084821Z [access_server]: print_auth_tlv: TLV Length: 8
    INFO May 31 06:14:27.084829Z [access_server]: print_auth_tlv: ---------------------------------
    DEBUG May 31 06:14:27.084840Z [access_server]: (lc_utf8_bytes): lowercase = 'testusr1'
    DEBUG May 31 06:14:27.084852Z [access_server]: (process_sso_client_login_request): username: 'testusr1'
    INFO May 31 06:14:27.084862Z [access_server]: print_auth_tlv: -----------------AUTH_TLV--------
    INFO May 31 06:14:27.084869Z [access_server]: print_auth_tlv: TLV Type: 15
    INFO May 31 06:14:27.084876Z [access_server]: print_auth_tlv: TLV Length: 11
    INFO May 31 06:14:27.084882Z [access_server]: print_auth_tlv: ---------------------------------
    DEBUG May 31 06:14:27.084891Z [access_server]: (lc_utf8_bytes): lowercase = 'test.de'
    DEBUG May 31 06:14:27.084899Z [access_server]: (process_sso_client_login_request): domainname: test.de
    INFO May 31 06:14:27.084939Z [access_server]: print_auth_tlv: -----------------AUTH_TLV--------
    INFO May 31 06:14:27.084946Z [access_server]: print_auth_tlv: TLV Type: 5
    INFO May 31 06:14:27.084954Z [access_server]: print_auth_tlv: TLV Length: 12
    INFO May 31 06:14:27.084961Z [access_server]: print_auth_tlv: ---------------------------------
    DEBUG May 31 06:14:27.084971Z [access_server]: (process_sso_client_login_request): ipaddress: 1.2.3.4
    INFO May 31 06:14:27.084980Z [access_server]: PCA called for 1.2.3.4

    Are there specific log entries regarding problems/erros one can search for?

Children
No Data
Unfiltered HTML