Lots of posts about this. Here is an example. AD SSO - Cannot establish NTLM authentication channel with xxx Seems like the recommendation is to disable AD SSO in all zones. But what if we want SSO so we can log user web traffic? Why might we want…

Hello, I have done a setup with a clsuet of 3300 appliances. For authentication I have configured an active directory domain controler, joined the domain, imported the groups and activated AD SSO on the zones. In Auth-Log the NTLM and Kerberos channel…

Hello, We use SSO AD Authentication (Windows Server 2022) for web clients in standard proxy mode and it works. As far as I know, for the XGS to join the AD, NTLM and SMB are required to works. Now we're in the process of hardening our AD and want…

Hi there, I found a four years entry here in the forums where somebody asked why a member of the protected users group in active directory is not able to login to webadmin of the Sophos XG. This issue seems still to be existing. The protected users…

Getting hundreds of these in the log for Authentication: Cannot establish NTLM authentication channel with Have read through all the other forum posts and they say to disable AD SSO in Device Access, but it's already…

Hi All, We have 2 Sophos XG Firewalls setup in HA and using NTLM / Kerberos authentication. We notice that in Active directory there is only one firewall computer account showing and was wondering if that is ok or if there should be 2 accounts …

Greetings, Please bear with me: We are getting the above message in our FW logs. I have verified the following things thus far: Users can login to the VPN and validate w/o issue and w/o the captive portal. The FW logs show all user activity for login…

We are getting an error log which shows "Cannot establish NTLM authentication channel with domain" LOG comp - AD-SSO Can anyone having the similar issues.

Hi, We use AD SSO and Ketboros and everything is working fine however we are getting this message in the logs 'Cannot establish NTLM authentication channel with xxx' Message ID 17945. What is this and how can we stop it please ? Many thanks …

Hi, I recieved this Firewall log, and I don't know what is. Can someone explain for me what is this please? Thanks Carlos

Hi All, I have an XGS2300 and just updated from 19.0 to 19.0.1. Everything authenticates. Users can access remote access IPSEC, WiFi (through Radius), and User Portal. But I keep getting the message "Cannot establish NTLM authentication channel…

Hello, I am struggling with NTLM issues (I am not using STAS and trying to use Kerberos) I think I have setup everything correctly. is there any detailed logs I can look at.

In case someone has symptons with http websites that get ERR_CONNECTION_CLOSED When we apply Advaced Threat Protection, websites which uses http protocol (internal and external) are often ERR_CONNECTION_CLOSED. These http connections work good for 0-20minutes…

Hello A few days ago I started a trial of SFOS 18.5 as a Hyper-V VM, specifically to trial the Web Filtering feature. Our users log on to Server 2012R2 Remote Desktop Servers. I've followed the guides on the website to add an AD server along with…

I had updated the firmware for sophos firewall yesterday and after that we are facing the captive portal issue. Our setup: We have STAS enabled for domain systems where users can use internet directly after logging into domain pc's, those who are…

Hi, I'm currently evaluating the XG as a Replacment for our SG Cluster. My Problem is that the NTLM and Keberos Authentication is not working and I'm redirected to the Captive Portal. I tried to find a Logfile where the AD Join is logged but I ha…

Hello Community, we have users which are allowed to authenticate via KERBEROS only. If this setting in AD set, the user cannot be authenticated from firewall to AD. If we disable this policy in AD the user will authenticated. For me it looks like…

We got an error "Cannot establish NTLM authentication channel with <Domain>" in the Cyberoam 300ing, where CTAS and NTLM authentication both are working , NTLM was enabled because many of the domain user are not getting the services of web proxy , Support…

Hello everyone, since we migrated to the Sophos XGS, we receiving a lot of error messages, but everything works fine so far: Cannot establish NTLM authentication channel with... I´ve read all the documentations about NTLM (LDAPS) and checked everything…

i can't find NTLM in device access after update to disable it. i appear with port 8091 instead of capitive portal , any solution?

All, I have an XG whose SSO has stopped working. I removed (unticked) the Domain Controller from Authentication/Services. I removed (deleted) the connection in Authentication/Servers. Then deleted the computer object from AD. I have re-created the…

XG Firewall SFOS 18.0.4 MR-4 We are using the XG as Web Proxy for approx. 1000 users. Its setup to authenticate against AD Servers using Kerberos and NTLM This works absolutely fine for the majority if users but we have roughly 75 users it fails on…

Hallo Zusammen FW Version: 18.0.4 MR-4 Web Authentication: Kerberos & NTLM (Ich habe auch schon nur NTLM probiert) Also ich habe SSO versucht mit folgender Anleitung zu aktieren: Wie man Kerberos-Authentifizierung aktiviert (sophos.com) Die LDAP…

Deploying XG and trying hard to implement authentication using Kerberos/NTLM auth, but I find it to be very frustrating and causing internal traffic to be blocked. Considering switching to STAS. Anyone have experience implementing either/both on a 'standard…

Hi, I recently deploy a cluster of XG330 with SFOS 17.0.6 MR-6 and the Authentication for WebFilter give me some problems. I have > 280 A/D Users, all is OK, but 2 users have a problem, they will not be authenticated and instead of the username on…