This posting is provided AS-IS with no warranties or guarantees and confers no rights. Microsoft MVP - Directory Services Complete List of Technical Blogs:
#WEBSENSE FILTER BY SUBNET WINDOWS#
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Have you tried Barracuda's tech support forum? We haven't seen an ipconfig /all from any of the DCs, so it's hard to rule out any basic config issues.Īre you an employee or consultant? If a consultant, do you have other customers with a similar installation, with the same issues? The Barracuda agent, that may indicate where it's at.Īnd there are no event IDs showing any errors on any of the DCs? If there are any issues with Kerberos workstation sessions or any other type of AD communications from How does the Barracuda agent get the user's workstation's IP address (assuming it's the workstation IP)? DHCP? DNS? A user's attribute in AD?Īre the Barracuda engineers (assuming you've escalated it), able to specify how that works? Maybe this is the key to finding where it's going wrong. Web filter side of it but rather on the AD side. The fact that a gpupdate fixes it tells me there really isn't anything broken on the Some out of way GPO setting that stretches the authentication token refresh time to a period longer than Windows is willing to accept but I have yet to find anything. While our AD environment is 100% 2008 R2 now, when I inherited it two years ago it was a rarely used Win2k domain (shop was primarily Netware) that I suspect was poorly designed over a decade ago and never touched. It doesn't there is no set time or any trigger which I can point to when it will happen again. If you run gpupdate from the user's workstation poof! everything works again and reporting is done as expected until Look at the web filter it reports back an incorrect user, in this case it is always a service account used with our Cisco IP phones. Sporatically though people with expanded web access will start getting block messages. Right off the bat it works great, you look in the web log and it shows the right user assigned to the computer and either allows you or blocks you. That relationship is then used to determine how policy should be applied. Our Barracuda uses an agent on our domain controllers to associate a user with an IP address.
The issue started when we used Websense tied to AD, and we thought it was just a Websense issue, but we recently moved to a Barracuda Web Filter and we're
Hello all, we've got an issue that involves our web filtering solution(s) and Active Directory.