SSO eventlogmonitor fails with some windows 11 PCs
We are using Authentication Gateway 12.10.2 (only eventlogmonitor enabled) installed on the primary AD Domain controller.
Some Windows 11 PCs on the network are unable to be authenticated via SSO.
Here is part of the log after enabling debugging via telnet on port 4114 and issuing "get user 192.168.135.34", from which I cannot get answer.
2024-12-20T14:25:28 [tid:12] [All CMDs Agent Received] [PARSE RESPONSE] valid parseParam for async prefix async-8454-000A-192.168.135.34-10-1 2024-12-20T14:25:28 [tid:12] GET USER response dump async-8454-000A-192.168.135.34-10-1 7 ERROR 2024-12-20T14:25:28 [tid:12] [All CMDs Agent Received] [PARSE RESPONSE] [Get User Command] Failed to get user from destination IP 192.168.135.34, the detailed reason is that error occurred in SSO Client side 2024-12-20T14:25:28 [tid:12] [All CMDs Agent Received] [PARSE RESPONSE] [Get User Command] [192.168.135.34] Construct command for execute get user command again. Command: async-8454 get user 192.168.135.34 2024-12-20T14:25:28 [tid:12] No more Event Log Monitor dest can be used to deliver command 2024-12-20T14:25:28 [tid:12] [All CMDs Agent Received] [PARSE RESPONSE] [Get User Command] [192.168.135.34] Center Dispatch case #5: Invalid get user response. IP=192.168.135.34, try to dispatch again. 2024-12-20T14:25:28 [tid:12] [Get User Command] 192.168.135.34 async-8454 get user 192.168.135.34, AD authentication is disabled, so return directly 2024-12-20T14:25:28 [tid:12] From Event Log Monitor Connection 2024-12-20T14:25:28 [tid:12] [All CMDs Agent Received] Event Log Monitor Connection received command from 127.0.0.1:4135: EVENT_LOG_MONITOR
2024-12-20T14:23:09Z [tid:5188] ERROR: [Read Event Log Process] [192.168.135.34] [3-4] Open Event Log failed. Details:The system cannot find the file specified. [2]. 2024-12-20T14:23:09Z [tid:5188] INFO: [3-4]:Finished request 2024-12-20T14:23:09Z [tid:5168] INFO: [Thread Body] [Thread: Response to Get User Command] send message: async-7700-000A-192.168.135.34-10-1 7 ERROR (to socket[1]) 2024-12-20T14:23:09Z [tid:5168] INFO: [Thread Body] [Thread: Response to Get User Command] send message: async-7700-000A-192.168.135.34-10-1 7 ERROR (to socket[3])
Sniffing traffic with wireshark on port 445 of the client, I can see the "OpenEventLogW" request, but then the client 192.168.135.34 returns the error nca_s_fault_ndr (0x000006f7).
Any idea ?
0
Sign In to comment.
Comments
Best to open a support case on this.