Solved

Sonicwall NSA240 SSO not working.

Posted on 2012-03-19
6
755 Views
Last Modified: 2012-08-22
I'm working to implement some content filtering across my network.   There are three sites connected via MPLS.  Never had any really networking issues.

However...   When trying to implement these new firewall rules in one site.  I'm having an issue with the SSO agent properly identifying the logged in user.   The error I'm getting is:

error:[11]Access is denied.   Please check system is up, it is a windows machine, login privileges and windows firewall is turned OFF.

I've verified that all these settings are working.   I'm wondering if there is something I'm missing.
0
Comment
Question by:C_Parlato
  • 2
  • 2
  • 2
6 Comments
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37740833
Check gateway of the remote computer....
0
 
LVL 2

Author Comment

by:C_Parlato
ID: 37742247
Gateway is configured through the DC, which is also host for the SSO agent
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37745809
Host Gateway should ba SNA ip address, plz look below KB
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7782
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 3

Expert Comment

by:Konsultant
ID: 37748602
If I remember correctly the SSO should be installed on the domain member server not of the DC. Please verify this.
I have installed SSO many times and I never had any problems with it.
0
 
LVL 2

Author Comment

by:C_Parlato
ID: 37782433
Konsultant:   I tested the SSO agent on both the DC and on a Member Server.   I still have the issue both ways.

Syed_M_Usman:  I followed those steps to install originally.  LDAP works perfectly, and in 2 sites the same configuration works flawelessly.

In one site, there is something going on where the WMI call to the machine is being rejected.  If you spam the test option for SSO, the agent will eventually authenticate the user.      This is very frustrating, and I'm not sure what it could possibly be.
0
 
LVL 3

Accepted Solution

by:
Konsultant earned 500 total points
ID: 37788088
Hi

The SSO agent will not work on the DC as per Release Notes. It requires a member server.

Please keep in mind that the SSO agent relays on Active Directory if this part is not configure correctly you may see problems. Also in case of windows 2008 server you may need to open port 2258 (TCP/UDP) so the sonicwall can connect to the agent. Do you have Windows firewall of 3rd party software firewall running on the server?
Pre-shared key is HEX so the letters end with fF. It has to be 16 characters. I have seen issues around it. To simple to troubleshoot ;-)

I have seen SSO working on 2003 and 2008 servers (including 64bit).

Please provide more information (systems, visio diagram, etc,) I will be happy to take another stab at this.

Good luck!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Nimble Storage 3 112
Cisco Edge Routers for BGP 6 55
Home firewall recommendations 11 59
Palo Alto site-to-site vpn monitoring 5 23
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This article will shed light on the latest trends when it comes to your resume building needs. For far too long, the traditional CV format has monopolized the recruitment market.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question