Hello,
After having issues setting up Exchange and the UTM (9.352-6), I dug deep and everything seemed centered on the Active Directory and UTM not talking. So I have followed everything in the post over here :https://www.sophos.com/en-us/support/knowledgebase/115659.aspx, and it still does not work. I will walk you through my steps also.
One after removing the active directory listings I went over to Definitions & Users > Authentication Services > Servers.
Add New Authentication Server
Switched it to Active Directory
and added my DC1 (192.168.0.1) port 389
I grabbed my administrator account from the domain controller and copied it in as such to the Bind DN: CN=Administrator,CN=Users,DC=MRM2Inc,DC=com I then entered in the current password, and then added DC=MRM2Inc,DC=com to the Base DN. Since there is no Apply button I hit save. I then added in the second domain controller using the above procedure. From there I hit Edit on the first one and then test underneath the bind DN. I got the following message: Server exists and accepts connections, but bind to ldap://192.168.0.1:389 failed with this Bind DN and Password. I checked the Windows Logs and there is an Audit Failure with the following:
Subject:
Security ID: SYSTEM
Account Name: MRM2DC1$
Account Domain: MRM2INC
Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Administrator
Account Domain: MRM2INC
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A
Process Information:
Caller Process ID: 0x26c
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: MRM2DC1
Source Network Address: 192.168.0.3
Source Port: 42014
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
All well and good, since it failed, but I know I entered the correct username and password. So I checked the UTM logs and saw this:
Looks like what the Windows Log showed. I also tried Administrator@MRM2Inc.com, which did not work. I even created a new account and tried it, did not work.
So my AD setup is as follows: Windows 2012 R2 and the functionality is also at Windows 2012 R2.
Initially I thought there was a time mismatch, but all the times are the same one every computer and they match the UTM time also. So I am currently at a loss of what to do. Any thoughts?
This thread was automatically locked due to age.
