This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.502 Update causes Internet users cannot authenticate with active directory

SG-230 firewalls in HA configuration.  After upgrade to 9.502 users were unable to access the internet.  Kept prompting users for credentials.  Testing websites and users in the Policy Test page showed as working fine but it isn't.

Rejoined the firewall to the domain seems to have fixed it - for now.



This thread was automatically locked due to age.
Parents
  • I can confirm, that https-request with AD-Auth still failing with 9.502, http-request are working correctly with AD-Auth

    Proxy runs in standard mode with AD-Auth.

    Tried SSO re-join (+deleting of Sophos AD-Object), Rebooting and also using older UTM Backupfile...

     

    Sophos support case is open...

     

    regards

  • For anyone still experiencing problems with AD SSO on 9.502 can you check your internal DNS servers for the A records relating to the UTM hostname. If there are multiple entries present here (corresponding to the different interfaces on the UTM) remove the entries that do not match the interface that the AD SSO clients are connecting to (typically the LAN interface).

    Flush DNS on the client machines and retest authentication.

     

    If this helps then can you drop me a private message to confirm?

     

    Thanks

  • Yes there were multiple DNS-A-Records for UTM but cleaning this entries did not solve the problem...(just left the DNS entry with internal ip)

    https-sites still not working with AD-Auth in proxy standard mode with UTM 9.502 here (at 2 customer sites)

    http-sites are working fine

     

    regards

Reply
  • Yes there were multiple DNS-A-Records for UTM but cleaning this entries did not solve the problem...(just left the DNS entry with internal ip)

    https-sites still not working with AD-Auth in proxy standard mode with UTM 9.502 here (at 2 customer sites)

    http-sites are working fine

     

    regards

Children