Frequently encountered issues

The following points list some of the most frequently encountered problems. Check these points to resolve malfunctions.

 

Symptom:

SN SSO Agent cannot log in to the firewall

Solutions:
  • Check the SSL encryption key i.e. pre-shared key (password),
  • Check that port 1301 is not blocked by a firewall or on the machine hosting SN SSO Agent,
  • Check logs from the firewall administration interface in Monitoring > Audit logs > Users. For more information, refer to the section Looking up logs on the firewall.

 

Symptom:

SN SSO Agent cannot log in to the domain controller

Solutions:
  • Check that the account associated with SN SSO Agent has read privileges on the event viewer in Active Directory,
  • Check that ports 139 and 445 are not blocked by a firewall or on the machine hosting SN SSO Agent.

 

Symptom:

No authentication on the firewall

Solution

If there are no authenticated users on the firewall based on what was reported in log files, you are advised to test the authentication method using an authentication rule with Any as the User value and as the Source.

 

Symptom:

Hosts do not respond to the ping (users de-authenticated from the firewall).

Solution

If SN SSO Agent is unable to test a host by pinging it, the firewall will automatically delete the login from its table of authenticated users. This action is logged in SN SSO Agent logs. For more information, refer to the section Looking up logs on the host machine.

  • Check that ICMP is allowed on machines in the domain (configuration of the Windows firewall).

 

Symptom:

Could not connect to the registry database.

Solutions:

If SN SSO Agent is unable to access a machine, it will be logged in SN SSO Agent logs. For more information, refer to the section Looking up logs on the host machine.

  • Check that ICMP has been allowed and that ports 139 and 445 are open on the machines in the domain (configuration of the Windows firewall).
  • Also check that the remote registry is running in Windows services and that the account used by SN SSO Agent has administration privileges on these machines.

 

Symptom:

Change of IP address not detected.

Solutions:

Changes to IP addresses have been detected by DNS requests:

  • Check that the DNS servers have been configured for hosts in the domain.

If the hosts are configured in DHCP, the DHCP server must update the entries in the DNS servers.

  • Check that the reverse lookup zone was created. For more information, refer to the section Changing IP addresses in Specific cases.