This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auth Error after Backup Restore

Ich musste aufgrund eines Crash eine Backup zurückspielen, was die Funktionalität auf einer SG450 auch soweit wieder hergestellt hat. Zwischen dem Zeitpunkt der Erstellung des Backups und dem Restore wurden 2 User von der AD zur SG gesynct, um diese für einen SSL-VPN-Zugriff mit OTP zu erlauben, was bis dato auch funktioniert hatte. Nach dem Restore waren diese beiden User natürlich nicht mehr vorhanden, weshalb ich diese über "Prefetch Directory Users" wieder auf die SG gesynct habe. Danach zur Gruppe der Allowed Portal Users hinzugefügt und den Zugriff getestet. Leider erhalte ich immer:
2020:05:29-07:19:05 SERVER111 aua[4035]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 30"
2020:05:29-07:19:05 SERVER111 aua[4035]: id="3006" severity="info" sys="System" sub="auth" name="Child 4848 is running too long. Terminating child"
2020:05:29-07:19:05 SERVER111 aua[22668]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="xxxx" host="" user="xxxx" caller="portal" reason="DENIED"
Ich habe bereits die User wieder auf der SG gelöscht, den Auth-Cash gelöscht, den User wieder gesynct - alles ohne Erfolg. Andere/Neue User aus der AD funktionieren einwandfrei. Auch habe ich die Appliance schon neu gebootet. Eine Anmeldung des Users in der AD funktioniert. Woran kann das liegen? Hat die SG vielleicht noch irgendwo "Reste" vom OTP im System, dass sie jetzt eine Anmeldung mit zusätzlichem OTP erwartet? Ich stehe echt auf dem Schlauch :-(

Version 9.702-1

This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi MueTi,

    Thank you for reaching out to the community! 

    Could you please check if you have these two users are allowed to access User Portal. Navigate to Management > User Portal > Global > Allowed Users. 

    By default, all users are allowed to access the User Portal, where “all users” means users known to the system. For backend authentication, the user directory must be synchronized with the UTM for those users to be able to log in to the User Portal.

    If you want to grant access to particular users or groups, unselect the Allow all users checkbox and select users or user groups individually.



  • Yes, the two users are allowed to access User Portal. Without OTP it works fine, if I activate OTP for these 2 users I get an access denied because of: Invalid username/password, or access denied by an internal  specification
    All other users who was configured before last backup work fine with OTP.

  • Hallo MueTi,

    This is the first time I can remember seeing this problem here, so I wonder if this isn't an issue with AD???

    For these two users, did they renew their SSL VPN configurations?

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • They can´t renew their SSL VPN Configurations because it isn´t possible to download themselves - they can´t open User Portal for download.
    Ok, I can provide the configuration but what does it help? The authentication with OTP doesn´t work.

  • They can´t renew their SSL VPN Configurations because it isn´t possible to download themselves - they can´t open User Portal for download.
    Ok, I can provide the configuration but what does it help? The authentication with OTP doesn´t work.

  • I haven't seen this issue before, so I would want to "normalize" these two users first by sending them their new SSL VPN configurations.  Any change after that?

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Sorry, I don´t understand why doing the second step before the first. But I tried myself
    User Portal and SSL VPN access work without OTP. If I activate OTP no access is possible anymore - either for User Portal nor using SSL VPN.
    Logfile shows me Authentication failed.

    The same errors appears with new AD-Users, existing AD-Users work well.

  • Update: The problem exist now only for the two users. It seems that some old fragments keep in database after restore which I can´t see. New Users work good.
    I dont´t know if Sophos Support changed anything during support.