This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD integration need to be reset when slave become master

When UTM change master device, all our web navigation are block with error "the site is deny by administrator".

 

I have found two solution :

1- Redo the ad integration but the issue occur at the next switch
2- come back to the primary node

I think there is a bug where the ad integration isn't fully synchronized between master and slave node

Does someone experiencing the same ?

Do you think this https://community.sophos.com/kb/en-us/126823 is the solution to my issue. I haven't try it at now

Best regards,

Benoit



This thread was automatically locked due to age.
Parents
  • Salut Benoit,

    When having unexplained issues with SSO, it's always a good idea to unjoin (attempt to join with incorrect credentials) and then to rejoin the UTM to the domain.

    Another issue can be using NTLM instead of Kerberos as NTLM is less reliable with the UTM.  Configuring Proxy Settings explicitly with an FQDN causes the Proxy to use Kerberos to authenticate against AD.  Using a numeric IP or selecting 'Automatically detect settings' in the GPO results in the Proxy using NTLM.

    Did either of those work for you?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Salut Benoit,

    When having unexplained issues with SSO, it's always a good idea to unjoin (attempt to join with incorrect credentials) and then to rejoin the UTM to the domain.

    Another issue can be using NTLM instead of Kerberos as NTLM is less reliable with the UTM.  Configuring Proxy Settings explicitly with an FQDN causes the Proxy to use Kerberos to authenticate against AD.  Using a numeric IP or selecting 'Automatically detect settings' in the GPO results in the Proxy using NTLM.

    Did either of those work for you?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data