Firewall AD Authentication Failed

Question

We are experiencing an issue with authentication failures due to username not being retrieved a full username with the Heartbeat Auth Client. If I login via web client it authenticates properly.
For example user1@domain.local. The logs are showing it as (user1) without (@domain.local) and the firewall says (User1) failed login because of wrong credentials. See attached screenshot. During testing, if I do a fresh logon of the user on a new machine it registers the correct login of User1@domain.local. not sure why it is pulling a majority of the logins with @domain.local and thus firewall says they are an incorrect login.

This thread was automatically locked due to age.

tomrgsd · Accepted Answer

Ok I figured out the issue. Sophos apparently enabled a feature of Synchronized user ID authentication (heartbeat). This pulls the domain from the UPN of a user and the username is taken form sAMAccountName. We have multiple UPNs available for users. One is a publicly addressable domain and the other is a local only domain. Most of our users are configured with the public UPN domain. I modified one of the STAS servers to use the UPN of most of our users and modified the server on the Authentication server in the firewall and now all is good. This way we can have a STAS Collector for the internal local domain and 1 for the [publicly addressable domain.

Firewall AD Authentication Failed

Top Replies