This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Domain (joining) problems after up2date to 9.713-19

Hi everybody,

yesterday I updated our UTM to 9.713-19 via up2date. After that, every two hours I got a message

[WARN-531] Directory Services synchronization: There was an error synchronizing subscribed groups. The Sophos UTM will continue to operate with a locally cached copy of the data but will be unable to update from Directory Services until the issue is resolved.
Error was:
failed to get base dn of domain myfoo.bardomain.tld

Authentication Services -> Servers -> (my AD connection): both tests of the "bind dn" as well as the "base dn" were successful.

I then tried to re-join our domain via Authentication Services -> Single Sign On -> Active Directory SSO and now I always get "joining the domain failed"

I went through the domain joining checklist (DNS forwarders, request routing etc.), did internal and external DNS tests via the Sophos UTM support tools, checked the hostname DNS settings in our AD DNS and even deleted the old computer object created by the last successful domain join years ago.

I reapplied the latest up2date and rebooted the UTM.

No luck. I'm not able to join our UTM to our domain anymore.

Any pointers?

Kind regards



This thread was automatically locked due to age.
Parents
  • Hi  ,

    Thanks for reaching out to Sophos Community and hope you are well

    In addition to the DNS requirements on your checklist that has been tested, any chance you checked the time and date configured on the UTM and the AD server as well?

    use 'date' command for date and time - for UTM

    net ads info -I <IPofAD> - For AD 

    You could also check more details on this KB: https://support.sophos.com/support/s/article/KB-000035211?language=en_US

    Thanks for your time and patience and Thank you for choosing Sophos

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Raphael,

    thank you very much for your answer and the suggestions. Yes, I have checked the time and date settings and they're OK.

    Thank you also for the link you provided. At this point I believe it has something to to with the NTLM version being used. I temporarily set it to the required value and it still doesn't work; but I might have made an error there.

    Three questions:

    1.Where in the UTM logs can I find a full error message about the UTM not being able to join a domain? "Failed to join the domain" is not helpfull.

    2. Are the required NTLM settings only required for joining and can be set to the default values afterwards?

    3. What does the original error message mean/why did it appear only after the UTM update?

    Thanks & kind regards
    Ken

Reply
  • Hi Raphael,

    thank you very much for your answer and the suggestions. Yes, I have checked the time and date settings and they're OK.

    Thank you also for the link you provided. At this point I believe it has something to to with the NTLM version being used. I temporarily set it to the required value and it still doesn't work; but I might have made an error there.

    Three questions:

    1.Where in the UTM logs can I find a full error message about the UTM not being able to join a domain? "Failed to join the domain" is not helpfull.

    2. Are the required NTLM settings only required for joining and can be set to the default values afterwards?

    3. What does the original error message mean/why did it appear only after the UTM update?

    Thanks & kind regards
    Ken

Children