Jump to content
andytruelove

Issues with Windows Server AD Authentication

Recommended Posts

Hi

I'm new to ESET having just taken over a client who's got a license so sorry if this question is a bit vague.  We've just installed a new network for this client with a Server 2019 AD domain and Windows 10 Pro clients joined to the AD domain.  I've installed the ESET End Point on the client PC's and have pretty much left the settings at default. I'm getting an intermittant issue with the users logging on.  They can login in OK but once Windows loads their Desktop etc. it's as if they lose their login connection to the server.  Mapped drives etc. are unavailable and it's as if they've logged in with a local user and then try and access resources on the domain.  If I manually enter their credentials again on the pop-up box then they get reauthenticated and can work OK.  It doesn't happen every time, maybe 1 in 5 logins.

ESET is the only thing that's different on this setup to the last 20 or so sites I've setup so I was wondering if anyone in the ESET community has seen this before?  I'm "blaming" ESET as so I've uninstalled it on 3 of the PC's and so far they've not experienced the same issue although it's only been two days.  Guess it could be something else of course.

Thanks in advance.

Andy.

Share this post


Link to post
Share on other sites

If you can easily reproduce the issue, does it go away after temporarily uninstalling ESET? Is Endpoint Antivirus or Endpoint Security installed on the troublesome machines?

Share this post


Link to post
Share on other sites

Yes so far it's gone away on the 3 PC's where I've uninstaleld End Point.  It's only been 3 days into a new install so I've not tried putting it back on to prove the problem.  It's Endpoint Security I've installed, whichever the latest version from the download site.

Share this post


Link to post
Share on other sites

To update we've still had no issues on the PC's where we've uninstalled ESET and one more occurence on a PC still running ESET where the user had no AD auth after logging in.  For this one we logged off\on and it was OK then but at lunchtime in the middle of them working they lost authentication again.  We removed ESET and rebooted and it's been OK since.

Share this post


Link to post
Share on other sites

Try the following, one at a time and check if the issue goes away:
- disable the firewall in the advanced setup
- disable HIPS and reboot the machine
- disable real-time protection in the advanced setup

Let us know about your findings.

Share this post


Link to post
Share on other sites

Thanks for the reply.  Today we got the issue on a PC where we'd uninstalled ESET and have since found the problem with a rogue DNS server left over from the previous install.  Guess it's always easy to blame what you don't know!  We quite like the look of ESET and are considering changing vendors so good to see we've not had actually had an issue with it.

Share this post


Link to post
Share on other sites

All's well that ends well :) Since you are new to ESET, I would also like to inform you about our offerings that you might be interested in.

For small business and enterprise customers we offer additional cloud protection ESET Dynamic Threat Defense. In a nutshell, this is an extra paid service that enables ESET Security products to detect new, never-yet-seen threats by uploading files potentially carrying malware to the ESET EDTD cloud where we utilize 3 different machine learning models to evaluate the submitted file. Afterwards the sample is run through a full sandbox which simulates user behavior to trick anti-evasive techniques. Finally all clients within your organization receive information about the result of analysis, typically within 5 minutes since the file was submitted. Mail server products utilizing EDTD defer delivery of email until the result of analysis is received. You can also configure ESET to temporarily block files downloaded from the Internet or received by email until results of analysis are received. EDTD is also an additional protection layer against ransomware besides the Ransomware shield that is included in our security products by default.

EDTD doesn't require any additional software or hardware, just extension of the license if it's not already included in the pack. For more information, please read https://www.eset.com/int/business/dynamic-threat-defense/.

 

For enterprise users we offer ESET Enterprise Inspector which enables granular visibility and identification of anomalous behavior and breaches in your network, risk assessment, incident response, investigation and effective remediation. For more information, please read https://www.eset.com/int/business/enterprise-inspector/

Besides that we also offer products such as Full Disk Encryption, ESET Secure Authentication or EEI-related services ESET Threat Monitoring and ESET Threat Hunting.

If you have any questions, don't hesitate to ask.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...