This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After updating to 9.501-5 SSO for HTTP authentication failed and domain join not working.

UTM 9.501-5

Windows server 2012 domain controller.

I installed the 9.5 update on June 2, did not see any issues with this for the client, updated to 9.501-5 on June 12 midnight, and Internet access is failing on multiple sites.

Can get to Google.ca

Cannot get to canada411.com - Too many http redirects message.

Turned off web filtering and the websites were available - but the client requires filtering.

Re-enabled and turned off AD SSO authentication and websites are available again with correct content being blocked.

Attempted to remove from and rejoin domain, but domain join failed.

 

Currently, I have the client functioning, but, I need to rejoin AD and resume SSO authentication.

 



This thread was automatically locked due to age.
Parents
  • Well an interesting time to get a sales call from SmoothWall!

     

    I am starting to believe that my UTM is totally borked now.  I still have authentication errors after the patch, removing the UTM from the domain and rejoining it does nothing and never has, turning off "block on authentication failure" gets rid of the authentication error but we still cant get to the site.  I am tempted to roll out the Sophos agent to our PCs - at least that seems to work.

    I have tried downloading older firmware but I cant get to the site from work so I am downloading at home and copying to my PC over teamviewer so a slow process made worse as I cant find a full list of old firmware downloads.

    Well at least payroll went through ok.

  • I just got off the phone with a 2nd-level tech working on a different issue for me.  He mentioned that all everyone is doing right now is applying patches.  He said there are two different ones.  If the patch you got isn't working, re-open the case and ask if the other patch would be better for you.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • @BAlfson, Does either patch address the transparent SSO authentication that the update broke?  AND does the patch break other stuff so it would be better to wait on the next rev?   Sorry to ask you... but you seem to be better informed than most folks have gotten out of Sophos theirselves.... 

     

    Thanks!

  • @BAlfson

    Thx for your effort and input.

    Your cron job saved my mornings ;)


  • WTF??

    So we should be doing debug for sophos?

    Support already applied two patches and the same issue happens!!!

    First BUG 8110. Ok let's patch it. Nothing solved

    Ahh ok. because of this pactch another bug arise ""UTM-7960". (What?!?) Ok. tet's patch it...  Same thing...

    Next .. Ok. Let's capture data .. some TCPDUMP's, wiresharking.......  Ok stop!! ticket closed. Rolled back to 414.

    Lost a lot of configs, a lot of data but everything is back to normal!!!! Man... 3 fuc.... weeks !!!!! Everybody complaining that authentication fails and can't browsing, etc, etc .... I switched of authentication, and then everyone's able to browsing, but authentication, reports on users, gone .....

     

     

     

     

     

     

Reply
  • WTF??

    So we should be doing debug for sophos?

    Support already applied two patches and the same issue happens!!!

    First BUG 8110. Ok let's patch it. Nothing solved

    Ahh ok. because of this pactch another bug arise ""UTM-7960". (What?!?) Ok. tet's patch it...  Same thing...

    Next .. Ok. Let's capture data .. some TCPDUMP's, wiresharking.......  Ok stop!! ticket closed. Rolled back to 414.

    Lost a lot of configs, a lot of data but everything is back to normal!!!! Man... 3 fuc.... weeks !!!!! Everybody complaining that authentication fails and can't browsing, etc, etc .... I switched of authentication, and then everyone's able to browsing, but authentication, reports on users, gone .....

     

     

     

     

     

     

Children
  • I learned in this 3 weeks

    blame your reseller and maybe if we are lucky there is an update in the middle of July (but its topsecret) HAHAHAHAAHAH ;)

     

  • Jorge,

    Man, I'm sorry you're having to deal with all that!

    I do very little debugging for Sophos outside of when I participate in a beta.  One of the reasons I help home-use licensees for free here is that I want them to discover the glitches before my clients do.  There will always be a few businesses with too little experience that will put on the latest firmware, so I also consider them a lab for my clients.  I won't even put 9.5 in my lab yet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • If Sophos is so horrible/incompetent at testing their updates that you need to do that then something is seriously wrong. What if everyone took that advice? Then no one would update and we'd all stare at each other like we're in some kind of weird Mexican standoff waiting for the other person to move first. The real solution here is for Sophos to actually hire and use competent developers and software Q/A techs instead of pushing out half-baked, Alpha quality updates.

  • Blake, I've been in this business for 40+ years.  This has always been the approach that's taken with complex products.  This is not a spreadsheet managed and modified by one person.  How many updates on apps in your iPhone don't mention fixing bugs?  Is this software more or less complex than those apps?  Did you see my story about my wife and the IBM SVC in front of her organization's hundreds of virtualized terabytes?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Update:

    Sophos applied the RPM Package on Wednesday, we had to reboot the cluster and rejoin the domain. Everything is working properly now.

    We got told that there should be an official update via Up2Date in calender week 28.

  • Patched today - rebooted UTM, ran "/usr/local/bin/ntlm_resync.pl"

    Reverted to AD SSO from Browser based authentication and instantly fixed.

    So mixed feelings here but glad we are sorted.

     

    Thanks to everyone on here for the advice.

  • I can also confirm that after 3 weeks, i got the machines patched and it´s working.