This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After updating to 9.501-5 SSO for HTTP authentication failed and domain join not working.

UTM 9.501-5

Windows server 2012 domain controller.

I installed the 9.5 update on June 2, did not see any issues with this for the client, updated to 9.501-5 on June 12 midnight, and Internet access is failing on multiple sites.

Can get to Google.ca

Cannot get to canada411.com - Too many http redirects message.

Turned off web filtering and the websites were available - but the client requires filtering.

Re-enabled and turned off AD SSO authentication and websites are available again with correct content being blocked.

Attempted to remove from and rejoin domain, but domain join failed.

 

Currently, I have the client functioning, but, I need to rejoin AD and resume SSO authentication.

 



This thread was automatically locked due to age.
Parents
  • Hi all,

    this fix works only temporary.

     

    - removed AD Object

    - removed Sophos UTM from Domain

    - sync all DC´s

    - rejoin Sophos

    --> this worked for ~ 8 hours, this morning, same issue again.

    It looks like that it has something todo with Kerberos.

     

    Additional finding:

    - After Update the deployment of wpad.dat via NAT Rule (Port 80) is no longer working at the internal interface. I had to create an additional Interface and then NAT from Port 80 to 8080 on the other interface.

     

    Sophos: Please fix these issues and better: test SSO / Kerberos before announcing a new Update.

     

    Regards

    Martin

  • This might be a silly question, but how do I remove from AD domain?

    In single sign on tab I can only join the domain.

     

    Thank you very much

  • Hi,

    i had the same Problem before. What i did:

    type some bullshit for

    DOMAIN

    Username

    Password 

    and hit "Join Domain" 

    after this, the Sophos tells me it is no longer part of the Domain

    Then i deleted the Computer Account inside the AD Domain

Reply Children