Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
We are protecting our OWA through the UTM's WAF. (UTM is on 9.714-4)
Since a while, it works like expected, until today, where a user comes by and complains about connection issues with his mobile device.
Turns out, the problem seams to be a ">" in in his Password.
Hi's able to login to OWA directly from the the internal network but not from outside via WAF.
When the login fails through WAF the Exchange Logs shows:
An account failed to log on.Subject: Security ID: SYSTEM Account Name: Mailserver$ Account Domain: Domain Logon ID: 0x3E7Logon Type: 8Account For Which Logon Failed: Security ID: NULL SID Account Name: username Account Domain: domainFailure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: Mailserver$
Account Domain: Domain
Logon ID: 0x3E7
Logon Type: 8
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: username
Account Domain: domain
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A
The Firewall log:
2023:02:28-09:51:18 host-1 httpd: id="0299" srcip="xxx.xxx.xxx.xxx" localip="xxx.xxx.xxx.xxx" size="26739" user="-" host="xxx.xxx.xxx.xxx" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="61956" url="/owa/auth/logon.aspx" server="exchange.local" port="443" query="?url=https%3a%2f%2fexchange.local%2fowa%2f&reason=2" referer="">exchange.local/.../logon.aspx cookie="cookieTest=1; logondata=acc=0&lgn=domain\\user; _ga=GA1.1.1705732369.1677573787; _ga_M9BP2QSXKX=GS1.1.1677573786.1.1.1677574145.0.0.0; PrivateComputer=true; PBack=0" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y_3AhrzZbUm4FR9sBGOLLAAAAHQ"
Hello husme,
Good day and thanks for reaching out to Sophos Community
May I ask if you had the chance to open a support case on this? if yes, may you please share with us the caseID via DM or by replying to this thread.
Many thanks for your time and patience and thank you for choosing Sophos
Cheers,
Raphael AlganesCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
No, I didn't open a case.