This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After updating to 9.501-5 SSO for HTTP authentication failed and domain join not working.

UTM 9.501-5

Windows server 2012 domain controller.

I installed the 9.5 update on June 2, did not see any issues with this for the client, updated to 9.501-5 on June 12 midnight, and Internet access is failing on multiple sites.

Can get to

Cannot get to - Too many http redirects message.

Turned off web filtering and the websites were available - but the client requires filtering.

Re-enabled and turned off AD SSO authentication and websites are available again with correct content being blocked.

Attempted to remove from and rejoin domain, but domain join failed.


Currently, I have the client functioning, but, I need to rejoin AD and resume SSO authentication.


This thread was automatically locked due to age.
  • Same problem here. Using Transparent Proxy with SSO

    Windows 2016 Domain controllers

    All clients gets "Access Denied" + "Authentication Failed" + "The URL you have requested is blocked by Surf Protection"


    Had to change authentication to "NONE" to let users access internet.

    leave/rejoin domain dows not help. Reboot all servers including domain controllers and client machines makes things work for a few minutes before up again.

    No updates installed on servers after firmware update on UTM.

    happended right after install of firmware 9.501-5

  • Same here.


    The workaround with joining the UTM again, is not really working. 


    I really have to remove the comupter Account from the Domain , do a repadmin /syncall /force  for the domaincontrollers, wait for ~ 15 Minuten.

    Then join again, and all is working perfect. .... 


    Sophos: we need a solution here, without authentication it is no solution, only a temporary workaround. We have to identify our Users to put them in different groups.




  • Same here.


    The workaround with joining the UTM again, is not really working. 


    I really have to remove the comupter Account from the Domain , do a repadmin /syncall /force  for the domaincontrollers, wait for ~ 15 Minuten.

    Then join again, and all is working perfect. .... 


    Sophos: we need a solution here, without authentication it is no solution, only a temporary workaround. We have to identify our Users to put them in different groups.




  • When the first user reported that the WA is not working permanently i immediately rolled back our sophos to firmware version 9.413-4.


    Its working fine now.


    I think i saw in a different post that this problems occurs since the end of may.

    So i dont believe there´s gonna be a fix anytime soon and i suggest a rollback for anyone who has these issues.


    I was lucky that we got an active-passive cluster.

    So i released the cluster, rolled back one UTM with the newest config and replaced the still active UTM with it.

    I could minimize the downtime to about 10 minutes this way.


    Think about what you want to do with stuff that is not transfered with the config backup (logs,quarantiened e-mails).

    I didn´t need any of that but if you do, there is some work ahead since you can only migrate it through the CLI as far as i know