9.502 Update causes Internet users cannot authenticate with active directory

We had the same issue after upgrading to 9.501-5, and I'm currently very aware to update to 9.502 - especially after reading your post.

Rejoining the UTM into the domain worked for a short while, but the failure keept coming after about 45-60 minutes.

Only Sophos could solve this problem with a hot-fix, which had to be installed by Sophos itself.

Have a look at this thread regarding SSO for HTTP authentication.

I just read the change log for the 9.502, and it seems like that the AD SSO problem isn't even mentioned.

Good luck,
Uwe

Hi

Just to clarify a few points regarding 9.500/9.501. The main issues that users experienced regarding authentication in 9.500 and 9.501 were known as NUTM-7960 and NUTM-8110, support had been applying patches to resolve these in the short term. The recently released 9.502 includes the fixes for both of these issues so we would expect this to resolve the authentication problems in the majority of cases.

9.502 has been put on general release as of yesterday so everyone should start to see this available in their GUI.

Depending on the exact sequence of updates and reboots you may need to rejoin the UTM to the domain after upgrading to 9.502. To simplify things i would say the best course of action would be to install 9.502, rejoin the domain, then re-login all client users to enable AD SSO to work.

If you do still encounter authentication issues after carrying out the above then contact Sophos Support with the following information:

• Symptoms seen by the end user (e.g errors, auth prompts etc)
• Are all or only some users affected
• The mode of the proxy profile (standard/transparent)
• Time/date and source IP of an example failed request
• Either remote access enabled or the http.log

This should give them a good starting place to identify and resolve any remaining problems

Greg

Hi

Just to clarify a few points regarding 9.500/9.501. The main issues that users experienced regarding authentication in 9.500 and 9.501 were known as NUTM-7960 and NUTM-8110, support had been applying patches to resolve these in the short term. The recently released 9.502 includes the fixes for both of these issues so we would expect this to resolve the authentication problems in the majority of cases.

9.502 has been put on general release as of yesterday so everyone should start to see this available in their GUI.

Depending on the exact sequence of updates and reboots you may need to rejoin the UTM to the domain after upgrading to 9.502. To simplify things i would say the best course of action would be to install 9.502, rejoin the domain, then re-login all client users to enable AD SSO to work.

If you do still encounter authentication issues after carrying out the above then contact Sophos Support with the following information:

• Symptoms seen by the end user (e.g errors, auth prompts etc)
• Are all or only some users affected
• The mode of the proxy profile (standard/transparent)
• Time/date and source IP of an example failed request
• Either remote access enabled or the http.log

This should give them a good starting place to identify and resolve any remaining problems

Greg