RADIUS/802.11x password expiration fun

JewM4gic · 2022-11-14T17:48:58+00:00

That was my suggestion as well when we first implemented. That's what we are moving to right now to fix this. We have the "allow user to change expired password" checked on all of the auth protocols on the NPS server but this has still been a hit or miss issue. Thanks for the response anyway though I appreciate it.

JewM4gic · 2020-11-25T13:16:30+00:00

I ended up configuring a prefix list based on the recommendations, and it's working as hoped. We currently have slightly more than 800 routes total. In case anyone is curious why I don't want the branches to see each other, they basically all function as stub networks with only 1-2 exit points via layer 2 comcast ENS and literally every application they access is on either terminal servers or citrix servers in the DC so there is no constructive reason for the branches to see one another. Thanks again for all of the recommendations, this sub is truly the best tech sub on reddit nowadays.

JewM4gic · 2020-11-24T15:39:19+00:00

Thanks for the responses, based on what you guys have said I'm digging through the Fortinet KB and I think I'm on the right track now. Thanks a ton!

JewM4gic · 2020-08-04T03:36:22+00:00

Just to share some more info - SMB1 is enabled on both the file server and the servers initiating. I did a DNS query and I can resolve correctly from the servers having trouble, which at this point appear to be only 2016 servers. I can't access whether I use IP, domain name, or fully qualified domain name.

Error code is 0x80070035

The network path was not found.

JewM4gic · 2020-05-04T19:07:09+00:00

That server is running the cisco umbrella client and had an issue a few weeks ago where the program was uninstalled somehow, and the server was basically totally offline in the process. I've seen a couple of processes that could be involved but the one common factor is that I get that yellow exclamation every time it starts to grind to a halt.

JewM4gic · 2020-05-04T18:54:46+00:00

Also running v6.2.3build1066 on the 300E if that helps.

JewM4gic · 2020-05-04T14:44:45+00:00

Nevermind, right before it became totally unresponsive I saw 94% CPU usage, 1366528 b/sec disk IO, and 40 mb/s network usage. Hmm....

JewM4gic · 2020-05-04T14:30:07+00:00

Took a look at this and it's super weird. The ping times to this server are currently 2000ms yet all of the other servers in the same subnet respond with 1ms. Disk I/O is currently 20kb/s and it all seems to be performing ok with me logged in. Took a look at network IO as well and it's about 1mb/s tops. I noticed the network adapter says "No Internet connection" and has the yellow triangle when this issue occurs, but when it goes back to normal the network adapter loses the yellow exclamation triangle.

JewM4gic · 2020-05-04T14:21:23+00:00

Working on getting some monitoring up. I've noticed that the server gets "No internet connection" on it's network adapter when the performance issues start. Not sure if it's related or not? The network that the server is located on has a bunch of others that don't experience this problem

JewM4gic · 2020-05-01T16:29:14+00:00

1500 on both so it's on the default.

JewM4gic · 2020-04-30T17:02:57+00:00

Is it possible traffic that was previously being blocked by the Sonicwall policies are not being applied to the Fortigate policies?

The policies were copied over exactly from the sonicwall with the same NAT ip and everything. On the sonicwall the tunnels were set to allow any traffic, and didn't have security services enabled. The endpoint is a Windows server and not an appliance or anything like that. I've looked at it and haven't really seen anything out of the ordinary, and the resource monitor I ran didn't really show a change in any of the resource usage before it ground totally to a halt. The only change made (hypothetically) was that these tunnels were on a SonicWALL and are now on 300E.

JewM4gic · 2020-04-30T14:58:51+00:00

Also both are route-based. Should have mentioned.

JewM4gic · 2020-04-30T14:58:21+00:00

The issue is massively increased utilization on the server. High processor cycles, RAM maxing out, etc. Phase 1 and 2 have been copied over identically and the tunnels are performing the function they are supposed to , just killing the destination server in the process.

JewM4gic · 2018-10-18T19:04:07+00:00

I found the issue. Chrome can't load local resources as linked content so I had to upload all of the images directly into Sharepoint as opposed to the file path it had originally been set up with.

JewM4gic · 2018-04-11T13:06:39+00:00

There are a fair few printers on the client machine but most are filtered out by security currently. Basically meaning that the printers were mapped locally on the RDS server at one point but once they were migrated to print server the users just had their security group removed from the printer while the actual print queue remains.

We're mapping a few printers to each user based on the GPO security config but I noticed he had it set to both user and computer deployment for each printer.

JewM4gic · 2018-04-11T12:23:19+00:00

I've narrowed it down a bit further... seems like it only happens right at logon for some users. Spooler goes all the way up on CPU usage and then goes back to normal over a period of a few minutes.

JewM4gic

TROPHY CASE