Thread Info
  • State Suggested Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 35061 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stas started, and connection test success, but no user showing in live users/advance

TingYu

stas start = ok

connection test to utm, and between agent and collector = ok

VMI test = ok

but when I go to advance/view live users, it shows blank

My server is window 2003 domain.

Please help. thanks in advance.



This thread was automatically locked due to age.
  • 0 in reply to ErenERTAS

    Many thanks Erin,

    I have followed that kb article.

    And, apologies, we are on a 2012 R2 domain.

    Users appearing in STAS 'Show Live Users' is very hit & miss!

    Users authenticating against the domain appear in both STAS logs 'View Log' & 'View Logging Events'  but do not appear in 'Show Live Users'.

    Therefore they do not appear in 'Live Users' on the XG.

    Users then get the Captive Portal to authenticate against when they shouldn't.

    To add to this, I've also found the Captive Portal drops out randomly!! Even though 'Preserve captive portal after login' is set to 'no' and 'User inactivity timeout' is set to 'unlimited'.

     


      

     

     

     

     

  • 0 in reply to Tam Ben-Jusu

    I can't say "that is the problem" but Server 2003 is not supported on STAS software. And it is the most problematic domain tree in ldap world. I need a deep check of the system. Maybe you can recheck your configuration from https://community.sophos.com/kb/en-us/123156 Sorry

    Eren ERTAS

    SCA-CCNA-ATCT-HCNA-MCT-MCSE

  • 0 in reply to ErenERTAS
    Also, I even had to turn off our second domain controller, as the STAS agent on it was not informing the STAS collector (on the 
     
    primary DC) that it had authenticated users.
     
    I am beginning to wish I had stuck with Sonicwall..!
  • 0 in reply to ErenERTAS

    Many thanks Eren.. 

    The Sophos Engineer had already enabled that on our DC during the initial install of the XG. 

  • 0

    You need to enable windows logon events from secpol.msc or windows security policy on Domain Controller to collect logs and report to stas that users get connected/disconnected. You can find it under secpol.msc>local>audit and select both success and failure from both "logon" type events.

    Eren ERTAS

    SCA-CCNA-ATCT-HCNA-MCT-MCSE

  • 0 in reply to JoeT

    Did you ever get an answer to this problem.?

    I too am having issues with it. Not all STAS users appear in 'Show Live Users'.

    It seems fairly random who shows and who does not.

    Those that do not appear are then prompted with the Captive Portal - which is a real pain!

  • 0 in reply to Alex Dokutovich

    HI i have the same problem here Stas Suite installed on all dc´s tests are all sucessfull windows firewall turned off events logged in the eventlogs but no active users displayed.

    Any Idea why?

  • 0 in reply to ErikFranzén

    In the post above, I've already written, windows firewalls were disabled, for test. But STAS does not work. Maybe have you got another idea, how to fix it?

  • 0 in reply to Alex Dokutovich

    Create a windows firewall rule which allows traffic from UTM using the STAS application. Test this first by deactivating Windows firewall temporarily.

    If this work, create a windows firewall rule using gpo and apply it on the domain controller or else where STAS is running.

  • 0 in reply to TingYu

    I've got the same behavior. All tests go ok, but STAS does not work. I don't see online users and log shows me

    2017:01:23-17:17:19 utm argos[5633]: [stas_event]: Read 11 bytes from IP 192.168.111.26:53786
2017:01:23-17:17:19 utm argos[5633]: [process_stas_request]: Processing STAS request STA_LIVE_REQ
2017:01:23-17:17:20 utm argos[5633]: [stas_check_collector_timeout]: Checking for collectors who have time-out
2017:01:23-17:17:49 utm argos[5633]: [stas_event]: Received STAS package

    All settings were made according STAS_manual-en.pdf
    AND all tests passed! Firewall was disabled for simplicity.
Unfiltered HTML