Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Unable to View User Details In Web Gateway GUI Reports

Created: 12 Feb 2013 | 12 comments
Discussion Filed Under:

Comments 12 CommentsJump to latest comment

DW_123's picture

Grateful for assistance with the above problem,

I've installed the Web Gateway in a virtual environment.

I have configured to use LDAP and kerberos and the authentication test is successful.

Unfortunately, I do not see any user details on the Web Gateway GUI reports after configuring a policy and browsing the Internet with an Active Directory user account on a virtual client PC.

I have the following message in the dcinterface error log:

path: c:\dcinterface_4_5_4\dcinterface_4_5_4\dcinterface.txt

02/12/2013  13:41:09 192.168.1.3 assigned stunnel port: 33277

02/12/2013  13:41:09 hosts defined: 1

02/12/2013  13:41:12 stunnel conf path: c:\dcinterface_4_5_4\dcinterface_4_5_4\stunnel.conf

02/12/2013  13:41:12 Secure Tunnel start: "start c:\"dcinterface_4_5_4"\"dcinterface_4_5_4"\stunnel"

02/12/2013  13:41:13 no msg Recovery Configured

02/12/2013  13:41:13 Service started

 

DW_123's picture

Hi Ben

I've checked the DC and it's logging 4624 and 4768 security events for users when they log on. However, still getting no user details on reports. I'm running Windows Server 2008 R2.

Grateful for more pointers.

BenDC's picture

Anything in the dcinterface error log?

 

DW_123's picture

Apologies for the delay in my reply.

The dcinterface error log message is as above in my first post on 12 Feb.

 

 

 

 

 

SMLatCST's picture

Just to confirm, have you configured and applied the SWG's Authentication Policies?

After the setup of authentication on the SWG Config side, you then have to apply a policy to say which subnets should be enabled for authentication

DW_123's picture

I've configured for LDAP.

I've added an AD account with DC role and tested the LDAP connection. Comes back saying "Successful connection to LDAP server" under the Authentication config.

I've not configured NTLM as the guidance states configuring LDAP and NTLM together will cause problems.

I have configured a subnet Work Group policy that the defines the network subnet and deployed it to monitor web browsing.

When I browse on a client PC the Custom Reports list the AD name of the client PC under Hostname but nothing for the logged on user. 

I have noticed I can see no option within policy config that allows me to define User Authentication. Is this only defined if NTLM is configured?

"Configure User Authentication on Symantec Web Gateway (SWG)"

http://www.symantec.com/connect/articles/configure-user-authentication-symantec-web-gateway-swg

 

SMLatCST's picture

Ahh yeah, the User Authentication p-olicy option is only available when using NTLM:

http://www.symantec.com/docs/HOWTO54152

Clearly dcinterface error log is not showing any errors at this time, I don't suppose any new entries have appeared since you last looked?  The below article shows common dcinterface errors:

http://www.symantec.com/docs/TECH98438

Alternatively, is it possible that the test users/machine authenticated against a different DC than has dcinterface installed?

Also, be aware you have to do a logoff/logon on the test client in order for the required events to be generated on the DC.  Only after the events are there can these be sent to the SWG by dcinterface

DW_123's picture

Hi,

No other errors on the dcinterface error log.

I have only one DC configured. I am running all machines in a virtual environment using VMWare (if that brings up issues) and with a trial version of SWG before deciding whether to purchase.

Yes, I have logged on/off the client PC when browsing the web after changing policies. 4624 and 4678 events are being generated within Event Viewer on the DC for the user.

Again, simply comes back with the hostname of the client PC and web pages browsed.  I am clearly missing something but I cannot see what.

SMLatCST's picture

Yeah, it does sound odd.

Just out of interest, can you confirm what versions you're running?  Also, can you try identifying the SWG by IP address within the dcinterface config file?

DW_123's picture

Solution!

Just checked the dcinterface.txt file. Failed to include the "recovery 4" command.

I have added to the file and now find the users are showing in the Custom Reports.

It appears the problem is resolved.

This was the cause of the message "no Message Recovery configured" in the error log.

 

Thanks for sticking with me through this problem and helping me out. Cheers.