STAS with AD / Collector Failover

HI Christian, 

The STAS Suite, which contains both Colletor and Agent is used to collect the Events on your AD server and would push the request to your UTM . This would no act as a Load balancing or Load Failover . If you have multiple Ad servers then you would need to install the suite in all of them, and your AD server should be configured as Failover in such scenario. 

In such case, if the AD server which was primary failed, then your Events would land on the secondary server and would Sync with UTM. 

We've done just that. We simply install the entire suite on all DC's and add them into the UTM.

There is an issue however that the UTM only seems to query the first STAS server in it's list. You need to enter this collector in all of the STAS agents to make sure everybody is logged.

Hi Christian,

If the STAS Suite is installed on the primary collector and the STAS Agent is installed on the secondary collector then the STAS will not do Load Balance it will just fetch and forward the auth request from secondary to primary AD.

Alongside, if you install the STAS Suite on both the Domain Controllers and add them in different collector groups then this will make the XG query to both the collectors at the same time and handle failover. 

Hope that helps.

Hi,

are you saying that I should install as per follows:

1. Add STAS suite (Collector & Agent) to all DC's (single domain)

2. Add all Collectors into all UTM's

3. Do not specify anything under "Collectors to be served" on each STAS suite?

1. Add STAS suite (Collector & Agent) to all DC's (single domain)

Yes

2. Add all Collectors into all UTM's

Yes 

3. Do not specify anything under "Collectors to be served" on each STAS suite?

Keep it blank

HI Sachin,

the problem is in the logs, it only ever shows the UTM querying the first collector in the list. I do not see any reference to it querying the other collectors until such time as the first one fails and then it moves down to the next one in the list on the UTM and query's that.

As we have multiple DC's over 4 sites, users get authenticated on different DC's. Now if the UTM did query all 4 collectors specified in the UTM, it wouldn't be an issue but it clearly doesn't. The logs show it only querying the first one which only results in the users who get authenticated on that DC to show up.

My workaround was to put the collectors in the STAS agent list in the same order so that all agents would send to STAS collector 1 first. If STAS collector 1 failed ie the DC failed, the UTM would switch to STAS collector 2 and so would the agents as they could get through to STAS collector 1.

Hi Louis,

So did you defined the collectors in the STAS Agent list and did that work?

Thanks