Hello,
We have SEP 11.0.5 server, all clients are Windows Xp SP3 and Microsoft Firewall is turned off on all of the machines.
We recently installed Sonicwall NSA 2400 UTM firewall. In order to prevent users from having to login every time they open a web browser, we configured SSO Agent. It is a directory connector that connects through LDAP and verifies the user logged into the local machine. Then once SSO verifies who is logged in, it then determines what Groups does user belong to and then it matches the Group to Content Filtering policy (Sonicwall CFS). What`s happening is from time to time users open the browser and everything is blocked. I have a couple of policies on Sonicwall that allow access to certain categories I also have a Default policy that blocks access to everything if user isnot a part of the group that has access to certain categories. This prevents unauthorized users from browsing the web and also allows to track web browsing a little better. What`s happening now is that form time to time users are blocked from accessing any web page and then users have to restart the PC after which they are able to have access to whatever content their policy allows them access to. SSO Agent periodically checks who is logged on to which machine. This was happening on and off, but it is becoming quite an annoyance. I beleive that SEP maybe blocking something between the SSO Agent and the client machines, but I'm not sure where or what to look for anymore.
On the server that runs SSO Directory connector, I'm getting a lot of errors (they are all basically the same)
---
Source: SonicWALL SSO Agent
Event ID:16
"Failed to get Logged in User for IP: xx.x.x.xxx; Error: error [53]
The network path was not found"
---
or this one
---
Failed to get Logged in User for IP: 10.0.0.69; Error:Error:[5] You do not have enough privileges.
----
I found an article from Sonicwall but I'm not sure of where to go from here: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4777
System error 51 occurs when Windows File and Printer Sharing is disabled, or when a 3rd party software (including Microsoft Internet Firewall) is blocking inbound traffic on TCP port 445. Please make sure that nothing is restricting the NETAPI call to the computer.
System error 53 occurs when there is either a routing issue, or when the device is a NON-Windows machine
System error 5 occurs when Access is denied to the remote desktop. This can occur if the computer is a non-domain computer
Like I said MS Firewall is disabled.
My own PC also had logegd a couple of errors in the event log on the SSO Agent server, basically the same [53] error.
How do i check if 445 is blocked and to unblock it on SEP. On the other hand if port 445 was blocked then SSO shouldn't have been able to connect to the computers in the first place.
In sonicwall I can go to Users/SSO/Configure/Test
then I'm able to check agent connectivity to the computer as well as check with user is logged in to the computer all thorugh SOnicwall SSO.
When users are stopped form browsing the web, I'm unable to check for it. Like I said this doesn't happen to all users and it may happen 3 - 4 times a week.
I have no idea where to go from here....
Any ideas ?