locked
Changing RADIUS secret, refresh time/trigger? RRS feed

  • Question

  • I changed my RADIUS secret in the ATA UI  (and in my RADIUS client) but after more than 30 minutes and a lightweight gateway service restart, I still see this in "\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs\Microsoft.Tri.Gateway-Errors.log"

    Error [RadiusEventListener] Failed to validate Radius Accounting request, shared secret is invalid

    The datestamp on the GatewayConfiguration.json has not changed, but that may not be an indicator because it doesn't appear to hold the secret anyway.

    How long does this refresh take, and how can I see proof of it?

    Saturday, November 11, 2017 3:20 PM

Answers

  • Please update to 1.8 Update 1 (1.8.6765.36693)
    • Marked as answer by hukel Tuesday, November 14, 2017 12:55 PM
    Monday, November 13, 2017 9:10 PM

All replies

  • I ultimately stopped and restarted the RADIUS listener so I feel confident it has the correct secret now.  But I still get:

    Error [RadiusEventListener] Failed to validate Radius Accounting request, shared secret is invalid

    Any other tips?

    2017-11-11 15:03:27.6850 4892 5   00000000-0000-0000-0000-000000000000 Debug [RadiusEventListener] Uninitialized
      "RadiusEventListenerConfiguration": {
    2017-11-11 15:03:38.6050 4892 6   ffe763de-2347-4bbd-a396-e363ead804e0 Debug [RadiusEventActivityTranslator] Initializing
    2017-11-11 15:03:38.6518 4892 6   ffe763de-2347-4bbd-a396-e363ead804e0 Debug [RadiusEventActivityTranslator] Initialized
    2017-11-11 15:03:38.6518 4892 6   ffe763de-2347-4bbd-a396-e363ead804e0 Debug [RadiusEventListener] Initializing
    2017-11-11 15:03:38.6830 4892 6   ffe763de-2347-4bbd-a396-e363ead804e0 Debug [RadiusEventListener] Initialized
    2017-11-11 15:04:05.2498 4892 16  cf23396e-30c7-4865-80d2-e27386ee6c55 Debug [RadiusEventActivityTranslator] Starting
    2017-11-11 15:04:05.2498 4892 16  cf23396e-30c7-4865-80d2-e27386ee6c55 Debug [RadiusEventActivityTranslator] Started
    2017-11-11 15:04:05.2498 4892 16  cf23396e-30c7-4865-80d2-e27386ee6c55 Debug [RadiusEventListener] Starting
    2017-11-11 15:04:05.2498 4892 16  cf23396e-30c7-4865-80d2-e27386ee6c55 Debug [RadiusEventListener] Started

    Saturday, November 11, 2017 7:03 PM
  • What version of ATA ?

    If you feel there is a sync problem somewhere, you can try to restart the center service, then the GW service,

    this will force a reload of all the updated config from the DB (although it is done automatically normally, so you shouldn't have to)

    Also, when you updated the password in the UI, did you see all the GWs in teh GW list get synced until green?

    Saturday, November 11, 2017 7:45 PM
  • Version 1.8.

    I only see the green bar for sync activity when I do an on/off toggle of RADIUS accounting.  Just changing the secret doesn't show that status in the UI.

    I'm using a generic RADIUS accounting test tool, so the issue may not be with ATA - but I would expect shared secret processing to be consistent across all devices.

    https://www.iea-software.com/products/radiusnt/radlogin4.cfm

    Monday, November 13, 2017 1:38 PM
  • Did it used to work before you changed the shared secret ? 

    What is your VPN vendor ?

    Monday, November 13, 2017 2:20 PM
  • This is a new setup, has never worked.  I was using that test tool to try to seed some data into the system.
    Monday, November 13, 2017 3:05 PM
  • Can you verify if you are using 1.8.0 or 1.8.1?

    If it's 1.8.0, please upgrade to 1.8.1, as in 1.8.0 there is a known issue there.

    Monday, November 13, 2017 8:33 PM
  • For the center,

    Version  1.8.6645.28499

    Deployed on Thursday, October 26, 2017

    All of the Gateways are listed in the Center console as up to date.

    Is there another RADIUS test/simulation tool you can recommend?  Unfortunately I don't have a spare VPN concentrator I can use

    Monday, November 13, 2017 9:05 PM
  • Please update to 1.8 Update 1 (1.8.6765.36693)
    • Marked as answer by hukel Tuesday, November 14, 2017 12:55 PM
    Monday, November 13, 2017 9:10 PM
  • That works.  I now get a response from the gateway.   I still don't see any data in the Telemetry table but I'm probably not sending the right attributes yet.  


    Tuesday, November 14, 2017 12:55 PM
  • What Telemetry table are you referring to?

    Tuesday, November 14, 2017 1:03 PM
  • I was guessing that the Telemetry collection in the ATA DB is where the RADIUS usage data goes.   I'm still working on the concept I asked about in this thread (feeding other usage data into ATA via RADIUS).

    Extend VPN monitoring - other data sources?

    Tuesday, November 14, 2017 1:28 PM
  • No, it's completely unrelated,

    if data arrived and kept, you can see in in collections that starts with "VpnAuthenticationEvent"

    Eli

    Tuesday, November 14, 2017 1:50 PM