AD server added and enabled but can't import groups or login with a user?

Adam,

Did you install stas agent in DC?

In XG, integration with AD has changed.

Follow this guide

Luk

Got the STAS suite installed and configured it per the guide but the service wont start saying 'login failure'

This is running on the DC and i tried doing (domain)\administrator and .\administrator and it complained in both scenarios.

Any ideas on how to proceed?

Did you try "Administrator" only?

Otherwise go to windows services, search for Sophos and change the startup credential configuration to "Local Service" and start the service.

Launch the Sophos STAS again.

Luk

I did try more than one user but Sophos XG can seem to login as if I put wrong password in the edit page and click the test button it fails, but if I put the right details in then it will succeed.

Changing the startup user for the service allowed it to start, but still Sophos can not import groups or even have users login through the user portal.

I have actually spun up a test VM and made a new AD forest just in case it was something on my current domain but still no luck, I have even tried turning off the firewall on the server to see if maybe requests were being blocked.

but again just keep getting the same error screen when importing groups

http://prntscr.com/ac0ksv

So here is my brief understanding

Sophos itself can login both with an administrator account or a user account in the test screen.
So you would think Sophos can communicate with the server outside of that screen like on the user portal.
But as I am experiencing neither importing groups or having users login is working so far.

Not really understanding why it's not working for me.

I see others on the forums have it working and I followed both guides fully so I am not sure whats wrong at the moment.

I did try more than one user but Sophos XG can seem to login as if I put wrong password in the edit page and click the test button it fails, but if I put the right details in then it will succeed.

Changing the startup user for the service allowed it to start, but still Sophos can not import groups or even have users login through the user portal.

I have actually spun up a test VM and made a new AD forest just in case it was something on my current domain but still no luck, I have even tried turning off the firewall on the server to see if maybe requests were being blocked.

but again just keep getting the same error screen when importing groups

http://prntscr.com/ac0ksv

So here is my brief understanding

Sophos itself can login both with an administrator account or a user account in the test screen.
So you would think Sophos can communicate with the server outside of that screen like on the user portal.
But as I am experiencing neither importing groups or having users login is working so far.

Not really understanding why it's not working for me.

I see others on the forums have it working and I followed both guides fully so I am not sure whats wrong at the moment.

Inside Base DN, put a OU where Groups exist. For example, CN=Users,DC=DUCK,DC=local

Luk

Tried that, still not finding any groups in my OU or the default users OU.

Adam,

Can you share your AD configuration inside XG?

Luk

http://prntscr.com/ac180v

Tried putting the OU which contains the users in the search base but that didn't change a thing, and it seems to find the users fine as you can see from the event logs above.

I also have it set as top priority firewall authentication service,

Adam,

base DN syntax is wrong.  Write CN=Users,DC=fancy,DC=local without space too.

Luk

That was it :)

No idea why I was putting DN (probably from base DN)

Thanks for your help.