Windows issues following Core Agent 2.7.6 and Intercept X 2.0.17 update. See KBA 135504 for more information.
We'd love to hear about it! Click here to go to the product suggestion community
I am able to authenticate about once per day on the user portal with one user on one computer.If I do it again with another user's credentials, I get the rather meaningless "user/password wrong or policy blocking" - popup.I do it again the next day, I get again one shot.
With about 50 users who I would like to advise to look into their spam reports online... that's a tiny bit of a complete road block.
Some part on the Sophos UTM seems to cache a part of the login configuration, and simply rejects anything but the first remoteIP:userLogin pair.
a) Is there a way to debug this behaviour, to validate my theory?b) Is there a way to circumvent this behaviour, e.g. by adding an undocumented parameter that skips the cache? (?no_cache=1 does NOT help.)c) Is there a way to fix this behaviour by means of a hidden configuration setting? (I don't mind logging in as root and set some obscure flag, as long as things work afterwards...)
Hallo and welcome to the UTM Community!
I'm not seeing this behavior here or at any client site. What do you see in the /var/log/aua.log related to such a failed authentication?
Cheers - Bob
Under Web Protection -> Filtering options -> Misc there is a caching section.
I don't know whether or not this could be the culprit, since I have always had this off. I don't think there's real benefit in having it on especially with high-bandwidth connections. If your's is on you can at least try to clear the cache or also disable to function and see if this changes things.
In reply to apijnappels:
Wow, spot on!Thanks a huge lot, apijnappels!
I'd never have guessed that section to be related to this issue. (It's still quite puzzling, because the "cache ssl content" checkbox was unmarked, and we do use (self-signed) https - connections for the portal, so the cache shouldn't have interfered either way. But it did!)