Keep me logged in is not working after Win 10 1903 update

[tomasvalenta]

Dears,
after logging to Nagios LogServer website (with Keep me logged in checked) and for example opening some dashboard
after a few seconds I am logged off. But I know I am logged off only when I change time value in time window in dashboard
or by running another dashboard. The message is "No result. ....no indexes found" and icon on left of username in the right top of the
page is changed from "green check" to yellow rectangle with mouse over text "Could not authenticate Invalid token given".
We are not able to work in Logserver because this happened very quickly after logging. We are running latest version 2.0.8,
browser used is Google chrome latest. We tried Internet explorer on the same computer and the same result. On different
computer the problem does not exist. We did big comparison of these two computers and there was only one different - OS build info.
Windows 10 build 1903 is not working and Windows 10 build 1803 yes. We did the upgrade of the good computer to the build 1903
and now both computers have the same issue. So the problem is connected with the OS build version. What is interesting is
we are using also Nagios XI and here we do not have this issue on the affected computers. Can you help us, please ?
Thanks
Regards
Tomas

[scottwilkerson]

On different
computer the problem does not exist.

Are the date/time and timezones the dame on both of these computers (one that works and one that doesn't)?

[tomasvalenta]

All computers are in Windows domain and has the same time and date. On one computer I run Device manager and update driver on
Ethernet adapter and Wifi network adapter. Without restart I tested today and it looks good - 1 hour without the issue.

[scottwilkerson]

All computers are in Windows domain and has the same time and date. On one computer I run Device manager and update driver on
Ethernet adapter and Wifi network adapter. Without restart I tested today and it looks good - 1 hour without the issue.

Great, let us know if it returns.

[tomasvalenta]

So the situation is better than before but still after longer time it will do the same.
On second computer the updates of the network drivers does not have affect.

[scottwilkerson]

I did some looking around and found the following about 1903

Windows Defender Application Guard enhancements:

Standalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settings. Enterprise users can check their settings to see what their administrators have configured for their machines to better understand the behavior.

WDAG is now an extension in Google Chrome and Mozilla Firefox. Many users are in a hybrid browser environment, and would like to extend WDAG’s browser isolation technology beyond Microsoft Edge. In the latest release, users can install the WDAG extension in their Chrome or Firefox browsers. This extension will redirect untrusted navigations to the WDAG Edge browser. There is also a companion app to enable this feature in the Microsoft Store. Users can quickly launch WDAG from their desktop using this app. This feature is also available in Windows 10, version 1803 or later with the latest updates.

To try this extension:
Configure WDAG policies on your device.
Go to the Chrome Web Store or Firefox Add-ons and search for Application Guard. Install the extension.
Follow any additional configuration steps on the extension setup page.
Reboot the device.
Navigate to an untrusted site in Chrome and Firefox.

WDAG allows dynamic navigation: Application Guard now allows users to navigate back to their default host browser from the WDAG Microsoft Edge. Previously, users browsing in WDAG Edge would see an error page when they try to go to a trusted site within the container browser. With this new feature, users will automatically be redirected to their host default browser when they enter or click on a trusted site in WDAG Edge. This feature is also available in Windows 10, version 1803 or later with the latest updates.

https://docs.microsoft.com/en-us/window ... rsion-1903

Can you add your log server URL as a trusted URL? Not sure what else to suggest as you seem to have isolated this to a Windows version bug.

[tomasvalenta]

Thanks for the info, I checked it but all thinks we have disabled by GPO. Today I found the same issue is now also on Windows 2008 R2 server
and running browsers from it. The affect is not so quick as on Windows 10 (approx. 1 hour). I will proceed with troubleshooting by identification
if the issue is not connected with one node in our cluster and if it is possible to turn on debug logging of www service in NAGIOS environment.
If you have hint how to do second task it will save my time )
Thanks

[scottwilkerson]

if the issue is not connected with one node in our cluster and if it is possible to turn on debug logging of www service in NAGIOS environment.
If you have hint how to do second task it will save my time )

The logins are all done through the php sessions and cookies on the browser, so you would need to open the developer tools for the browser (usually F12)

[tomasvalenta]

I tested direct connection (by IP address) to LogServers from affected computers and it is working well.
So it looks like the issue exist when I use DNS name. We have DNS record for logserver with 2 IP addresses (2 nodes in cluster) - DNS
load balancing. I will do network sniffing with Wireshark because I can imagine the Nagios LS webpages can ask during session
for IP from DNS and it can receive IP of second node and logon session is opened to the first one. If I confirm this hypothesis then it could be identified as the bug in Nagios.

[scottwilkerson]

I tested direct connection (by IP address) to LogServers from affected computers and it is working well.
So it looks like the issue exist when I use DNS name. We have DNS record for logserver with 2 IP addresses (2 nodes in cluster) - DNS
load balancing. I will do network sniffing with Wireshark because I can imagine the Nagios LS webpages can ask during session
for IP from DNS and it can receive IP of second node and logon session is opened to the first one. If I confirm this hypothesis then it could be identified as the bug in Nagios.

Ok, this is likely going to be a problem depending on how your DNS load balancing is setup.

If you have 2 IP's going to the same host record, it will likely drop the session if DNS returns a different IP as the php session will not be recorded on the other server.