Connection could not be loaded

I've named my connection same as SSL VPN Remote access policy and another same as Sophos Client Connect Name in XG. However, I'm always getting the same error message.
I know that the client does connect to the user portal as I'm getting another error with wrong login credentials.

In scvpn.log I see "err Failed to download the configuration: <name>"

What would be the issue here, do I may need an XG V18? Currently I'm running V17.5.11.

Parents Reply
  • Hello Fred,

     

    After the tests performed on your setup, I tried it and I do not have the problem you are seeing. I even have the special character in my password. There is a setup problem in your case and we need to figure it out. There are two things that was different in your setup. The user you were trying yesterday belonged to the Adminstrators group. Second can you try create another user in AD who is not part of the administrators group and then send an update.

    Ramesh

Children
  • Hello Ramesh,

    yes, I can confirm that this belongs to Adminstrators group. I've created a user in AD an was able to connect. Once it was changed in XG to Adminstrators group I could not connect anymore.

    Please note, its important to be able to use administrators as well (especially as they are not real administrators but only have the capability of security profiles). Also there is no way to change a user back to users group.

    Thanks for assistance.

    Fred

  • Thank you Fred for the update. We will look into this issue. Also I need to understand this statement. "Once it was changed in XG toAdminstrators group". So this is what the step is. After you login as the new AD user from the User Portal with the OTP, you then move this user to the administrator group (see the step below and try it one more time please). From that point on it stops working? Is that how to re-create this issue?

     

    Can you please try one more thing for me. After you move the user to the administrator group, please delete the OTP for this user and re-login to the user portal and generate a new OTP. Then try the  provisioning. Please let me know after you try this step.

  • steps I've done:

     

    create user & otp
    delete existing connection
    add connection
    test login -> possible

    changed user to admin group
    test login -> possible

    delete existing connection
    add connection
    test login -> NOT possible

    removed OTP & created new one
    test login -> NOT possible

    only way to let them login is now to remove the user (and theretofore OTP)
    get new OTP (now he is a user again)
    test login -> possible