Troubleshoot intermittent IWA Direct problems

book

Article ID: 167356

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Intermittently, the ProxySG appliance returns an exception that says "General error communicating with Active Directory" or "The Active Directory domain is offline".

Resolution

Several improvements and bug fixes have been made for IWA Direct on SGOS. Should you encounter intermittent problems with IWA Direct, use the following as a general reference for troubleshooting:

  • Symantec recommends that you run the latest General Availability (GA) version of SGOS 6.5 or higher. This includes numerous fixes for IWA Authentication bugs. (See SGOS Release Notes for more information on this).
  • Create a custom snapshot for https://<IP_address>:8082/LSA/Stats (this URL is only available in newer SGOS 6.x versions) with 100 stored copies taken at a reasonable duration. Use 1 minute if the problem is happening at that time.
  • Create a similar snapshot for https://<IP_address>:8082/LSA/Debug with 100 stored copies taken at a reasonable duration. Use 1 minute if the problem is happening at that time.
  • Go to https://<IP_address>:8082/LSA/Debugmask and enable all debug masks apart from MODULE_SGOS_FDIO. MODULE_SGOS_FDIO should be left unchecked. Click Set Mask to apply the change.
  • Start a packet capture on the ProxySG appliance. When the problem resurfaces, stop the packet capture.
  • Upload the System_Information, Event Log, default snapshots, custom snapshots for LSA Stats and LSA Debug, and packet captures to Symantec Support.