Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 7815 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD SSO Fails since DC´s are Windows Server 2016

TJ Hooker

Dear,

after changing DC´s from Server 2008R2 to Server 2016 AD-SSO for Proxy-Users fails ("Authentication-Failure" on every Client).
I can then rejoin the UTM to the Domain and after a few minutes it works again. But only for that day. The next Morning I have to do the Domain-Join again.
I never had such Problems while having 2008R2-DCs. I also have not seen any other Problems in AD since changing the DC´s.

Because I "only" have to join the Domain again to get it to work and it then works the hole day, I don´t think that my configuration is fundamental wrong.

Does somebody has any idea what could be the source of this error?

Thanks in Forward!

TJ



This thread was automatically locked due to age.
  • 0

    It's not you, its them.

    The latest firmware declared war on Active Directory and (as far as I know) everyone who has not downgraded to the latest 9.4 build has a hosed up AD.  There are some work-arounds that you can do daily or cron if you need to.  Ours fails to join to the domain now, but the STAS and authentication are working probably better than they ever have.  

    Cheers,

    -md

  • 0 in reply to Mark Davis

    Dear,

    thank you, good to know that I´m not alone. :-|

    I had this error with the latest 9.4 also.

    My english is not that well, what do you mean with "hosed up AD"? Does the UTM do damage to the AD?
    And what are the workaraounds? Domain-Rejoin every Morning, like I already do, or are ther other things?

    Thanks in Forward!

    TJ

  • +1 in reply to TJ Hooker

    Hi TJ,

    the UTM will not damage your AD..

    the workarounds mentioned are the same you are doing manually... but automatic with cron jobs..

    a domain rejoin with a cron job every morning...

    read the 9.501 firmware thread there you will find informations about the workaround..

     

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

Unfiltered HTML