Grateful for assistance with the above problem,
I've installed the Web Gateway in a virtual environment.
I have configured to use LDAP and kerberos and the authentication test is successful.
Unfortunately, I do not see any user details on the Web Gateway GUI reports after configuring a policy and browsing the Internet with an Active Directory user account on a virtual client PC.
I have the following message in the dcinterface error log:
02/12/2013 13:41:09 192.168.1.3 assigned stunnel port: 33277
02/12/2013 13:41:09 hosts defined: 1
02/12/2013 13:41:12 stunnel conf path: c:\dcinterface_4_5_4\dcinterface_4_5_4\stunnel.conf
02/12/2013 13:41:12 Secure Tunnel start: "start c:\"dcinterface_4_5_4"\"dcinterface_4_5_4"\stunnel"
02/12/2013 13:41:13 no msg Recovery Configured
02/12/2013 13:41:13 Service started
Be sure your DC is logging login events.
I've checked the DC and it's logging 4624 and 4768 security events for users when they log on. However, still getting no user details on reports. I'm running Windows Server 2008 R2.
Grateful for more pointers.
Anything in the dcinterface error log?
Apologies for the delay in my reply.
The dcinterface error log message is as above in my first post on 12 Feb.
Just to confirm, have you configured and applied the SWG's Authentication Policies?
After the setup of authentication on the SWG Config side, you then have to apply a policy to say which subnets should be enabled for authentication
I've configured for LDAP.
I've added an AD account with DC role and tested the LDAP connection. Comes back saying "Successful connection to LDAP server" under the Authentication config.
I've not configured NTLM as the guidance states configuring LDAP and NTLM together will cause problems.
I have configured a subnet Work Group policy that the defines the network subnet and deployed it to monitor web browsing.
When I browse on a client PC the Custom Reports list the AD name of the client PC under Hostname but nothing for the logged on user.
I have noticed I can see no option within policy config that allows me to define User Authentication. Is this only defined if NTLM is configured?
"Configure User Authentication on Symantec Web Gateway (SWG)"
Ahh yeah, the User Authentication p-olicy option is only available when using NTLM:
Clearly dcinterface error log is not showing any errors at this time, I don't suppose any new entries have appeared since you last looked? The below article shows common dcinterface errors:
Alternatively, is it possible that the test users/machine authenticated against a different DC than has dcinterface installed?
Also, be aware you have to do a logoff/logon on the test client in order for the required events to be generated on the DC. Only after the events are there can these be sent to the SWG by dcinterface
No other errors on the dcinterface error log.
I have only one DC configured. I am running all machines in a virtual environment using VMWare (if that brings up issues) and with a trial version of SWG before deciding whether to purchase.
Yes, I have logged on/off the client PC when browsing the web after changing policies. 4624 and 4678 events are being generated within Event Viewer on the DC for the user.
Again, simply comes back with the hostname of the client PC and web pages browsed. I am clearly missing something but I cannot see what.
Yeah, it does sound odd.
Just out of interest, can you confirm what versions you're running? Also, can you try identifying the SWG by IP address within the dcinterface config file?
Just checked the dcinterface.txt file. Failed to include the "recovery 4" command.
I have added to the file and now find the users are showing in the Custom Reports.
It appears the problem is resolved.
This was the cause of the message "no Message Recovery configured" in the error log.
Thanks for sticking with me through this problem and helping me out. Cheers.
No worries, glad to hear it's all sorted!