@sweber I am having the same issue on 2.7.0-RELEASE. I have also imported the signing certs and tried the "Add this Certificate Authority to the Operating System Trust Store" on and off. The diagnostics options are too vague and not detailed enough. I performed a packet capture while testing with the authentication diagnostics and while the actual error is the "unknown CA" packet message, the pfSense authentication diagnostics logs just says "/diag_authentication.php: ERROR! Could not bind to LDAP server LDAP. Please check the bind credentials.". The logs also say "/diag_authentication.php: LDAP Debug: LDAP connection error flag: false" despite me enabling the "Set debug flag" in the Diagnostics / Authentication test page.

@stephenw10 Yes, it uses TSS.MSR TPM stack in order to do device attestation based on the TPM More about hat: https://learn.microsoft.com/en-us/azure/iot-dps/concepts-tpm-attestation

@furom again other then dhcp, which you don't have to enable at all really. When you add a new interface there are no rules. so any client on that network - even if static pointing to pfsense as its gateway or dns, or trying to talk to some other dns or anything on the internet wouldn't get anywhere.

@stephenw10 yes.. I changed it for another option

Yes, something has changed there. Unclear what though. Still digging.

@stephenw10 said in Negate 1100 booting into SOC Boot loader menu.:

Steve

Thanks a ticket has been submitted

@Happydog The purple note on option 1 for the MS doc I posted is:

"This option is not compatible with Microsoft Security Defaults. We recommend using Modern Authentication when connecting with our service. Although SMTP AUTH now supports OAuth, most devices and clients have not been designed to use OAuth with SMTP AUTH. As a result, there are no plans to disable Basic Authentication for SMTP AUTH clients at this time. To find out more about OAuth, see Authenticate an IMAP, POP or SMTP connection using OAuth.

You must also verify that SMTP AUTH is enabled for the mailbox being used. SMTP AUTH is disabled for organizations created after January 2020 but can be enabled per-mailbox. For more information, see [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online]."

If you have a static IP option 3, the connector, is easiest.

@Schmeling Makes sense. I would say that you should get the UPS ASAP though. If there are outages, there are probably also brown outs and spikes that could damage the equipment, and even a sudden outage could cause file corruption on most systems (This is very unlikely on PFsense though since they use ZFS now).

Yes, it's a known bug. Ugly but harmless.

@stephenw10 Starlink is Bi Polar and does play well with others!

@jrey said in Unexplained halt / and of course lan outage.:

https://docs.freebsd.org/en/books/handbook/config/#adding-swap-space

True, mounting another ZFS partition eats up big quantities of system resources.

Happily enough, the swap partition is of type 'swap', whatever that might be. But probably a file system way easier to handle for the system as ZFS, ext3 or ntfs. Probably close to fat32 ;)
The small swap partition just exists so it can receive a oops kernel plus other crash details in file. I would trim down the system load if the swap partition was use for actual swapping.

Yes, use a VPN: https://docs.netgate.com/pfsense/en/latest/recipes/remote-firewall-administration.html#use-a-vpn

@stephenw10
Yes, the VLANS were using differents NICS
I have sorted the issue!!
The quad nic from my hp t620 plus did not play well in the hp t730
Once i purchased a new nic for the t730, issue has dissapeared! All is working again!!

@stephenw10 thank you

@Fabiano1 I have had similar behavior. However, CARP was still involved, which was also the reason for the problem.
But from the description it sounds very similar.
Therefore here is the link to the issue: https://redmine.pfsense.org/issues/14171

@Patch said in Anti lockout Setting:

@phayze said in Anti lockout Setting:

Hi, i just change the 2nd interface which is <lan> to <wan2>. The rest of the interface is default to <optx>. I didnt know that <lan> is important until yesterday. I had rename back to <lan> already.

Assuming you have a

Primary WAN Secondary WAN Local area network connection

And would like you internal names to be
WAN - Primary WAN
LAN - Your local area network connection
OPT1 - Your secondary WAN, GUI name "WAN2"

I suspect you could do that by

Back up your configuration so you can recover is this fails Unplug your secondary WAN Add a explicit GUI firewall rule to your current secondary Wan and Lan interface Reassign / swap the interfaces for Lan & secondary Wan (pfsense -> interfaces -> assignment) Rename the GUI names for LAN and Wan2 Correct / move firewall rules etc Save your pfsense backup again

Hi, i had done it and the problem is solved. Thank you.

@SteveITS thanks Steve, I appreciate!

Will remove them and perform the upgrade sometime this week.

Thanks again for your time!

Best Regards,
Yanick

@stephenw10
The solution was a complete reinstall.
although I think it could possibly also be solved by defining the variable in the file itself because that was present. If the file was not present, the error "could not include file ("....")
That solution would have been less time consuming.

I must admit that the response time for the tac support was very fast.
If it is good, it can also be said.

Case closed

Hmm, yup. Checking....

Yes you can clear the package cache using: pkg-static clean -ay