Vidéos d'aide de Screencast

Unable to View User Details In Web Gateway GUI Reports

Created: 12 Fév. 2013 | 12 comments
Discussion Filed Under:

Commentaires CommentairesAccéder au dernier commentaire

l'image des DW_123

Grateful for assistance with the above problem,

I've installed the Web Gateway in a virtual environment.

I have configured to use LDAP and kerberos and the authentication test is successful.

Unfortunately, I do not see any user details on the Web Gateway GUI reports after configuring a policy and browsing the Internet with an Active Directory user account on a virtual client PC.

I have the following message in the dcinterface error log:

path: c:\dcinterface_4_5_4\dcinterface_4_5_4\dcinterface.txt

02/12/2013  13:41:09 192.168.1.3 assigned stunnel port: 33277

02/12/2013  13:41:09 hosts defined: 1

02/12/2013  13:41:12 stunnel conf path: c:\dcinterface_4_5_4\dcinterface_4_5_4\stunnel.conf

02/12/2013  13:41:12 Secure Tunnel start: "start c:\"dcinterface_4_5_4"\"dcinterface_4_5_4"\stunnel"

02/12/2013  13:41:13 no msg Recovery Configured

02/12/2013  13:41:13 Service started

l'image des DW_123

Hi Ben

I've checked the DC and it's logging 4624 and 4768 security events for users when they log on. However, still getting no user details on reports. I'm running Windows Server 2008 R2.

Grateful for more pointers.

l'image des BenDC

Anything in the dcinterface error log?

l'image des DW_123

Apologies for the delay in my reply.

The dcinterface error log message is as above in my first post on 12 Feb.

l'image des SMLatCST

Just to confirm, have you configured and applied the SWG's Authentication Policies?

After the setup of authentication on the SWG Config side, you then have to apply a policy to say which subnets should be enabled for authentication

l'image des DW_123

I've configured for LDAP.

I've added an AD account with DC role and tested the LDAP connection. Comes back saying "Successful connection to LDAP server" under the Authentication config.

I've not configured NTLM as the guidance states configuring LDAP and NTLM together will cause problems.

I have configured a subnet Work Group policy that the defines the network subnet and deployed it to monitor web browsing.

When I browse on a client PC the Custom Reports list the AD name of the client PC under Hostname but nothing for the logged on user. 

I have noticed I can see no option within policy config that allows me to define User Authentication. Is this only defined if NTLM is configured?

"Configure User Authentication on Symantec Web Gateway (SWG)"

http://www.symantec.com/connect/articles/configure-user-authentication-symantec-web-gateway-swg

l'image des SMLatCST

Ahh yeah, the User Authentication p-olicy option is only available when using NTLM:

http://www.symantec.com/docs/HOWTO54152

Clearly dcinterface error log is not showing any errors at this time, I don't suppose any new entries have appeared since you last looked?  The below article shows common dcinterface errors:

http://www.symantec.com/docs/TECH98438

Alternatively, is it possible that the test users/machine authenticated against a different DC than has dcinterface installed?

Also, be aware you have to do a logoff/logon on the test client in order for the required events to be generated on the DC.  Only after the events are there can these be sent to the SWG by dcinterface

l'image des DW_123

Hi,

No other errors on the dcinterface error log.

I have only one DC configured. I am running all machines in a virtual environment using VMWare (if that brings up issues) and with a trial version of SWG before deciding whether to purchase.

Yes, I have logged on/off the client PC when browsing the web after changing policies. 4624 and 4678 events are being generated within Event Viewer on the DC for the user.

Again, simply comes back with the hostname of the client PC and web pages browsed.  I am clearly missing something but I cannot see what.

l'image des SMLatCST

Yeah, it does sound odd.

Just out of interest, can you confirm what versions you're running?  Also, can you try identifying the SWG by IP address within the dcinterface config file?

l'image des DW_123

Solution!

Just checked the dcinterface.txt file. Failed to include the "recovery 4" command.

I have added to the file and now find the users are showing in the Custom Reports.

It appears the problem is resolved.

This was the cause of the message "no Message Recovery configured" in the error log.

Thanks for sticking with me through this problem and helping me out. Cheers.