Sonicwall NSA240 SSO not working.

I'm working to implement some content filtering across my network.   There are three sites connected via MPLS.  Never had any really networking issues.

However...   When trying to implement these new firewall rules in one site.  I'm having an issue with the SSO agent properly identifying the logged in user.   The error I'm getting is:

error:[11]Access is denied.   Please check system is up, it is a windows machine, login privileges and windows firewall is turned OFF.

I've verified that all these settings are working.   I'm wondering if there is something I'm missing.
LVL 2
C_ParlatoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Syed_M_UsmanSystem AdministratorCommented:
Check gateway of the remote computer....
0
C_ParlatoAuthor Commented:
Gateway is configured through the DC, which is also host for the SSO agent
0
Syed_M_UsmanSystem AdministratorCommented:
Host Gateway should ba SNA ip address, plz look below KB
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7782
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

KonsultantCommented:
If I remember correctly the SSO should be installed on the domain member server not of the DC. Please verify this.
I have installed SSO many times and I never had any problems with it.
0
C_ParlatoAuthor Commented:
Konsultant:   I tested the SSO agent on both the DC and on a Member Server.   I still have the issue both ways.

Syed_M_Usman:  I followed those steps to install originally.  LDAP works perfectly, and in 2 sites the same configuration works flawelessly.

In one site, there is something going on where the WMI call to the machine is being rejected.  If you spam the test option for SSO, the agent will eventually authenticate the user.      This is very frustrating, and I'm not sure what it could possibly be.
0
KonsultantCommented:
Hi

The SSO agent will not work on the DC as per Release Notes. It requires a member server.

Please keep in mind that the SSO agent relays on Active Directory if this part is not configure correctly you may see problems. Also in case of windows 2008 server you may need to open port 2258 (TCP/UDP) so the sonicwall can connect to the agent. Do you have Windows firewall of 3rd party software firewall running on the server?
Pre-shared key is HEX so the letters end with fF. It has to be 16 characters. I have seen issues around it. To simple to troubleshoot ;-)

I have seen SSO working on 2003 and 2008 servers (including 64bit).

Please provide more information (systems, visio diagram, etc,) I will be happy to take another stab at this.

Good luck!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Content Management

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.