joukiejouk
asked on
Websense denying internet use for a user. Seems like the user always seem to have this issue after a McAfee on-demand scan takes place.
This is somewhat of a bizarre issue that we've never seen before. This happens to a few users each day, and we cannot figure it out. During an on-demand scan (McAfee), the service account being used for that scan hooks on to the the user's authentication, therefore causing the user's machine to authenticate to websense using the mcafee service account. When this happens, the user is not able to access certain websites. To fix this, we usually have to clear out the service account used for the McAfee ODS scan. This is becoming an annoyance.
We've addressed the issue to both Mcafee and Websense, but they both seem to point the finger at each other. Has anyone experience this problem before? If I am not making any sense in explaining this, please ask me what you need to know. Thanks experts!
We've addressed the issue to both Mcafee and Websense, but they both seem to point the finger at each other. Has anyone experience this problem before? If I am not making any sense in explaining this, please ask me what you need to know. Thanks experts!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Supposedly the patch will have solved that issue but in your case it is the user account that conflict with WS. We can try leaving empty account but there is no sure mean this can work as the approach is work around for failed authentication which is not really your case .. but it should take on logon user profile if undefined - need McAfee support to confirm
I was having the same issue, but mine was an easy fix. When setting up the task, under task tab I entered a domain admin login credentials to run the task. I spoke with a McAfee tech that told to leave it blank, save it, and wake up the agents and force a policy and task update. I'm no longer getting Authentication Failed on the clients.https://community.mcafee.com/thread/36079?tstart=0
ASKER
Thanks btan. We decided to run ODS without using a service account, which resolved this issue.
ASKER
I'd like to try your first approach with McAfee first. Please see screenshot. Our ODS task is configured to use a service account (with domain admin rights) that trigger at noon, and run. Across the board, our users have VSE 8.8.0 (Patch 5 and up). Are you suggesting that I should try removing the service account from the ods task in ePO, and leaving it blank? If I leave it blank, will it then use a local system or network account to run the task for the user's PC?