AD Server Showing "Connection Timed Out" So Captive Portal Redirection not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

AD Server Showing "Connection Timed Out" So Captive Portal Redirection not working

L3 Networker

Hi Team,

 

I am having an query regarding the Captive Portal issue. Herewith, I have network flow diagram to understand better on the scenario.

 

Network Schema:

Network Schema.PNG

 

**** Both end Firewall are of same device Palo Alto only.

 

=> From Head Office Firewall, we are able to reach the AD Server residing on Data Center Firewall without any issues. However while I am checking the status on Server Status it is showing as " Connection Timed Out".

=> Credentials that we have given to authenticate the server is under the administrator role for the AD Server.

=> Due to this User-IP-Mapping is not happening on the Head Office Firewall. So we need to sort of the Connection Timed Out problem of that AD Server.

So please share us your inputs for the same on how to resolve this issue and i am eagerly waiting for an update on this regards. Thanks in advance !!

 

Best Regards,

Sahul Hameed

 

6 REPLIES 6

Cyber Elite
Cyber Elite

@SahulH,

Was this working previously or is it a new setup? You'll want to ensure that you have granted the user permissions to Event Log Readers, Server Operators, and Distributed COM Users to actually be able function correctly. 

@BPry 

 

Thanks for your response !!

 

This is not a new setup, it was previously worked as expected however suddenly it is not working for the past 3 days.

Yes, I have verified all the user level permission is added for the service user which is used under WMI Credentials. 

Please let me know if you have any additional query in order to find a solution on this issue. Thanks in advance !!

 

Best Regards,

Sahul Hameed

 

@SahulH,

If that's the case I would reach out to TAC so that they can take an in-depth look at the useridd.log file and see if it gives any additional information as to why the connection isn't functional, such as a stat_tls_s return error or something of the sort. It could also be worth simply restarting the management server if you haven't already done so to cycle the associated processes. 

@BPry 

Thanks for your suggestion, I will give it a try by restarting the Management server and see if that help us in this scenario.

 

Best Regards,

Sahil Hameed

Hello,

Also check the logs to see where you are getting dropped. By default the PAN will use the management interface to communicate with the agents.

 

Regards,

@BPry 

 

I have tried restarting the Management Server but unfortunately that doesn't help in this scenario.

 

@OtakarKlier

 

Sure, I will check on this as well and let you know with an update. 

  • 3671 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!