AD integration need to be reset when slave become master

When UTM change master device, all our web navigation are block with error "the site is deny by administrator".


I have found two solution :

1- Redo the ad integration but the issue occur at the next switch
2- come back to the primary node

I think there is a bug where the ad integration isn't fully synchronized between master and slave node

Does someone experiencing the same ?

Do you think this is the solution to my issue. I haven't try it at now

Best regards,


  • Salut Benoit,

    When having unexplained issues with SSO, it's always a good idea to unjoin (attempt to join with incorrect credentials) and then to rejoin the UTM to the domain.

    Another issue can be using NTLM instead of Kerberos as NTLM is less reliable with the UTM.  Configuring Proxy Settings explicitly with an FQDN causes the Proxy to use Kerberos to authenticate against AD.  Using a numeric IP or selecting 'Automatically detect settings' in the GPO results in the Proxy using NTLM.

    Did either of those work for you?

    Cheers - Bob