locked
ATA is listening to ASA VPN Traffic Radius events are being sent to the Lightweight gateway but not reaching the Console. RRS feed

  • Question

  • So we have deployed 6 Gateways and One Center, we have ( For the purposes of  troubleshooting configured our ASA to only log to a single gateway, that gateway is reporting all it's other traffic normally. 

    I've captured the Radius message from the ASA, and what I have assertained is that maybe the ATA does not understand UPN ( User Principal Name ) as the Username category is joe.blogs@contoso.com where as the SamaccountName is jblogs. 

    The only thing that makes me think this is that trying joe.blogs@contoso.com does not resolve in the ATA Console. I've checked the MongoDB and there are no "VPN Sessions" being identified. 

    There really is not much "Debugging" documentation around either, but that is another thread 

    Monday, March 11, 2019 4:41 PM

All replies

  • Are there any errors in the gateway logs?
    Monday, March 11, 2019 9:05 PM
  • Sorry Nope... 

    There are a few Out of Memory Errors but those have been fixed by adding more RAM 

    Some Cannot Access a Disposed Object at 3AM... 

    that is about it 

    Tuesday, March 12, 2019 9:52 AM
  • Check perfmon.exe

    under Microsoft ATA Gateway category, add all the counters that start with "RadiusEventActivity" and see if you can see how much data we are getting there... that would be a good start.

    Also, any health alerts on the Center?


    Tuesday, March 12, 2019 10:34 AM
  • Sorry Nope and one the Lightweight Gateway it is not reporting any unknown or event messages/sec

    Tuesday, March 19, 2019 12:09 PM
  • If all RadiusEventActivity counters are  always 0, that means the evens are not reaching the GW, or they fail on entry due to incorrect format.
    Tuesday, March 19, 2019 4:30 PM