Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PSA3000 intermittent AD issues

SOLVED
Go to solution
Highlighted
wfortner@icr-team.com
wfortner@icr-team.com
New Contributor
‎05-28-2019 07:49:AM
‎05-28-2019 07:49:AM

PSA3000 intermittent AD issues

We utilize a PSA3000 VPN with AD and every month or two the box all the sudden stops authenticating Active Directory users and requires a hardware reboot of the PSA to restore function. This recently happened again this weekend with the log entries below. I don't know that its related, but it repeats those same 4 lines since the issue started. Running 8.3R7 code. Anyone know what could be causing this? We've been using this box a while, and my thinking is maybe the recent code upgrade from R4 back in Dec/Jan timeframe could be a potential culprit?

 

Info STS30667 2019-05-28 08:00:29 - ive - [127.0.0.1System()[] - Number of NCP connections: 2 Info STS20641 2019-05-28 08:00:28 - ive - [127.0.0.1System()[] - Number of concurrent users logged in to the device: 10

Major ADM20652 2019-05-28 07:54:07 - ive - [127.0.0.1System()[] - NTP server 'XXXXXXXX' is unreachable or the symmetric key provided is incorrect.

Major ADM20652 2019-05-28 07:54:03 - ive - [127.0.0.1System()[] - NTP server 'XXXXXXXX' is unreachable or the symmetric key provided is incorrect.

0 Kudos
Reply
4 REPLIES 4
zanyterp
Moderator
Moderator
‎05-28-2019 12:40:PM
‎05-28-2019 12:40:PM

Re: PSA3000 intermittent AD issues

Time skew will cause problems with authentication. can you confirm that the firewall should be allowing that communication through? if you have a symmetric key for authentication, did that change?
is it possible it is related to the R4 upgrade? yes. do i think it is probable (based on experience)? no.
i would definitely recommend checking the communication with the NTP servers
Reply
Ray
Moderator
Moderator
‎05-28-2019 01:07:PM
‎05-28-2019 01:07:PM

Re: PSA3000 intermittent AD issues

@zanyterp is absolutely right about the time skew part. I have seen issues with AD authentication, when there is a time drift between AD and VPN server smaller as 5 minutes.

 

On the AD logs, we would see "Login_Failure" events recorded, however no pointers about the time drift.

Pulse Connect Secure Certified Expert
Reply
wfortner@icr-team.com
wfortner@icr-team.com
New Contributor
‎05-30-2019 10:03:AM
‎05-30-2019 10:03:AM

Re: PSA3000 intermittent AD issues

Time was off by 6 minutes even though its supposedly using our Domain Controller for time. Corrected ti manually, and the box started authenticating properly again. I'll monitor over the next few weeks to see if the behavior creeps up again, but I think that solved the issue without a reboot, at least in the short term. Thanks!

Reply
zanyterp
Moderator
Moderator
‎06-09-2019 06:18:AM
‎06-09-2019 06:18:AM

Re: PSA3000 intermittent AD issues

glad to hear both the time and login issues were corrected successfully; i hope all is continuing to be successful
0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.