Video Screencast Help

SWG Dcinterface - does not detect latest login time for same user on same machine

Created: 28 Aug 2013 | 4 comments
ddynzaza's picture

Hi,

I need to know if this is expected behavior of SWG or is there a solution/corrective action I need to do. I used DCinterface.

I have domain User A, set to Policy A in SWG that reads LDAP workgroup status from AD. This user logs into computer A. He gets correct policy, no issue.

After some time, User A got promoted so his LDAP workgroup in AD is changed and he gets Policy B in SWG. This user logs into same computer A.

My problem is:

1. SWG does not detect User A login to Computer A after the reboot. The last login time shown is before the reboot. 

2. User A still got Policy A, even after I reboot the computer. He should be getting Policy B based on his new LDAP workgroup.

    - Is it because the login time is not properly shown in SWG? I check in AD, the login session for User A after the reboot is shown in the event viewer, so DCinterface should be able to pick that info right?

- I click the refresh button in SWG, and SWG can show the new LDAP workgroup for User A just fine.

If I login to computer A with another domain account, logoff and login again as User A, the last login time for User A is shown correctly and User A also receive the new policy B.

Pls help.

 

Tq.

 

 

 

 

 

Operating Systems:

Comments 4 CommentsJump to latest comment

ddynzaza's picture

Hi Ben,

It's 1 hour. Do I need to wait 1 hour for the changes to take effect?

Tq.

SMLatCST's picture

If the SWG is correctly registring the correct LDAP group, then I see no reason why it shouldn't work once that is updated.

Regarding the working after a logon/logoff but not after a reboot however, this might just be using the cached creds.  What happens if you allow a few minutes before logging in after a reboot?

ddynzaza's picture

Yes, the SWG can see the new LDAP workgroup as soon as I click the refresh button on SWG.

However, the new policy still does not take effect after logon/logoff and also reboot. It will only work if another domain user login to the same computer, logoff, login again as actual user, then only the new policy take effect immediately.

The longest time I've wait after making LDAP changes is 30 minutes. Maybe I should simulate again and test after 1 hour.

Tq.