SSO Gateway - Exchange Monitor - wrong resolve

SSO Gateway 12.7.2 / Exchange Monitor 12.0 x64 / exchange 2016 server

EM resolves most IPs to [email protected]

any ideas or known issues ?

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Norman

    Event log monitor is likely scraping logs that show that user logging in (If it detects no user, it'll show no user logged in.)

    Do you have any processes that are logging in and running updates or anything else?

    Since ELM is just reading the last user that logged in via the computer's event logs, it will read whatever user actually appears in those logs.

    -James Carson
    WatchGuard Customer Support

  • edited October 2022

    it is the exchange monitor = EM not the ELM
    but , maybe a service running on all PCs with [email protected] as service account is connecting to exchange ?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Norman

    Exchange is the slowest of the options to update as it can't poll very often. It's effectively scraping the logs of the exchange server to get the user that is currently logged into a mailbox.

    I'd suggest opening a support case so that our team can take a look at the logs with you.

    -James Carson
    WatchGuard Customer Support

  • edited October 2022

    ok i found something in the IIS log.
    some ews addon app is causing this

  • some more questions on auth:

    • is it normal that users from bovpn locations do not show up ?
    • how does the pc sso software client work ? (it has zero configuration so it does not know the sso gateway , only the default gateway )
    • does the pc sso client work, if it has a other router as default gateway
  • Q: how does the pc sso software client work ?
    A: review the "About the SSO Client" section, here:
    How Active Directory SSO Works
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/sso_about_c.html

    Q: does the pc sso client work, if it has a other router as default gateway
    A: if the SSO Agent can access the SSO client, then it will work, if not then the SSO Agent can't get info from such a SSO client.
  • james.carsonjames.carson Moderator, WatchGuard Representative

    @Norman
    -BOVPNs only work via Event Log Monitor -if- SSO across bovpns are turned on.

    -PC client software reads the event codes on the PC itself. It gets configuration form the SSO Gateway software. It gets the IP of that from the firewall.

    -It will likely not work well if something else is the default gateway, as it uses the gateway to get the location of the SSO Gateway.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.