This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After updating to 9.501-5 SSO for HTTP authentication failed and domain join not working.

UTM 9.501-5

Windows server 2012 domain controller.

I installed the 9.5 update on June 2, did not see any issues with this for the client, updated to 9.501-5 on June 12 midnight, and Internet access is failing on multiple sites.

Can get to Google.ca

Cannot get to canada411.com - Too many http redirects message.

Turned off web filtering and the websites were available - but the client requires filtering.

Re-enabled and turned off AD SSO authentication and websites are available again with correct content being blocked.

Attempted to remove from and rejoin domain, but domain join failed.

 

Currently, I have the client functioning, but, I need to rejoin AD and resume SSO authentication.

 



This thread was automatically locked due to age.
Parents
  • Patch installed by Sophos - post patch ops carried out.

    Still have the same issues. Authentication Failed..

  • Hi,

     

    Do you specify your proxy by FQDN or IP Address, my testing suggests only FQDN works.

     

     

    Stephen

  • We are running in Transparent mode so we dont specify a proxy

  • Does that use NTLM or Kerberos for authentication?  I have a feeling using IP to connect to our proxy is using NTLM which fails.

  • I am running transparent also but specify a FQDN proxy server on the session host servers as transparent don't work on machines with multiple users. None of them work with authentication now.

    I am running in transparent mode now without authentication till this blows over, just to be protected from malware at least, but computers/users that should not have full internet access are now not filtered out.

    Still I only have myselft to blame. Should now better than to trust an update right after release. I have had a lot of problems earlier with updates.

    When we first went for a Sandstorm license 1,5 years ago it went a whole 6 months !! Before Sandstorm started Working.

    Reason I found out it was not working was that we got a hit by ransomeware. The file should have been stopped. Before this I had asked support two times if there was anything wrong it did not seem right to me. It did not detect anything. Sophos support said this was normal.

    After a two month long service ticket and probably the tenth time they tried to fix it they finally said that now it was fixed. No explanation and no reimbursement for the 6 months without a functioning product.

    Don't really know why we still are using Sophos appliances. But I still like the product :) We came from Forefront TMG  when that went out of support.

    Lesson learned. Wait, wait, wait before applying updates.

    Still Sophos could be more present and admit they have issues when they clearly do.

Reply
  • I am running transparent also but specify a FQDN proxy server on the session host servers as transparent don't work on machines with multiple users. None of them work with authentication now.

    I am running in transparent mode now without authentication till this blows over, just to be protected from malware at least, but computers/users that should not have full internet access are now not filtered out.

    Still I only have myselft to blame. Should now better than to trust an update right after release. I have had a lot of problems earlier with updates.

    When we first went for a Sandstorm license 1,5 years ago it went a whole 6 months !! Before Sandstorm started Working.

    Reason I found out it was not working was that we got a hit by ransomeware. The file should have been stopped. Before this I had asked support two times if there was anything wrong it did not seem right to me. It did not detect anything. Sophos support said this was normal.

    After a two month long service ticket and probably the tenth time they tried to fix it they finally said that now it was fixed. No explanation and no reimbursement for the 6 months without a functioning product.

    Don't really know why we still are using Sophos appliances. But I still like the product :) We came from Forefront TMG  when that went out of support.

    Lesson learned. Wait, wait, wait before applying updates.

    Still Sophos could be more present and admit they have issues when they clearly do.

Children