This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After updating to 9.501-5 SSO for HTTP authentication failed and domain join not working.

UTM 9.501-5

Windows server 2012 domain controller.

I installed the 9.5 update on June 2, did not see any issues with this for the client, updated to 9.501-5 on June 12 midnight, and Internet access is failing on multiple sites.

Can get to Google.ca

Cannot get to canada411.com - Too many http redirects message.

Turned off web filtering and the websites were available - but the client requires filtering.

Re-enabled and turned off AD SSO authentication and websites are available again with correct content being blocked.

Attempted to remove from and rejoin domain, but domain join failed.

 

Currently, I have the client functioning, but, I need to rejoin AD and resume SSO authentication.

 



This thread was automatically locked due to age.
Parents
  • Hi,

    We are experiencing the same  ISSUE, Sophos supports says that the patch will be available this week, but, in the meantime, no other solutions were provided.

    Cand somebody share the RPM that was applied by the "Super" Sophos Support team?

    Thanks.

  • We have just been sent a link to 9.502.  Will report back after installation. (We had the rpm patch installed [8110] but still had some authentication issues.)

  • I downloaded the update from FTP last night and installed.

    Re-joined the domain and everything seems to be back to normal now.  

    Be sure to go in and use an invalid password to join domain.. this will actually remove the firewall from domain (if you haven't already)...... Then use correct username/password to join domain.  Afterwards I flushed the authentication cache (dont know if that was necessary or not) just to make sure.

    I'll report if anything is noticed in the next few days.... but now now looks good.

     

    Thanks!

    Stafford

  • Thx for your Update Stafford

    When you give a GO I will update also ;)

     

    Tom

  • We now have 9.502 installed and still have issues with service accounts accessing the internet (giving account lockouts.)

  • We had the same problem, and we resolved it by doing this:

    • Re-join the UTM with a bad account (un-join the domain)
    • Remove the UTM object from the AD
    • Join the UTM with correct credentials

    For the moment, the SSO is working and no other problems were detected.

     

    Regards

  • I've installed 9.502 yesterday and rejoined domain. SSO authentication was still working this morning...

    ...but only in proxy mode, transparent mode with SSO is broken.

  • So far all good here. I installed 9.502 last night. Rejoined with wrong password and then rejoined AD with correct password. No messing with object in ADUC. Then re-enabled Active Directory SSO on the networks in Tranparent Mode.

    When the problem started all I ended up doing was set the Default Authentication method to "none" and then change my "Unlimited internet access" policy to include all users. Now all users was getting used to having unlimited internet access and they were disappointed to have limited access this morning, but no auth problems :)

    All my networks are in Transparent Mode.

    Only Session Host Servers have proxy set in Internet Settings via GPO

    Haven't had any issues today on any machines so all seem to be working just fine.

    I did however reboot all servers including DCs last night.

  • We have been told there is an issue with complex passwords which will be fixed in 9.503 (and now I'm awaiting release date information.)

  • Do you know what the definition of "complex" is related to this error? Just special characters or problems with upper/lower/numbers/length?

  • The email I got suggests using just an alphabetic password.  Certainly a mixed case alphanumeric password fails in our testing.

  • With basic AD complexity enabled, almost everyone's accounts should be failing. I would think this would be huge if it affected everyone.

    I have 9.500 running on one UTM and have had no apparent issues. It was never offered to my other two UTM's and I actually need some of the new 9.5 functionality to complete a project. I am not imbued with confidence.

Reply
  • With basic AD complexity enabled, almost everyone's accounts should be failing. I would think this would be huge if it affected everyone.

    I have 9.500 running on one UTM and have had no apparent issues. It was never offered to my other two UTM's and I actually need some of the new 9.5 functionality to complete a project. I am not imbued with confidence.

Children
No Data