Hoping someone maybe able to assist with a problem introduced with a recent upgrade from Java 7 Update 21 to Update 55.
One of our Java applets is locking domain user accounts frequently and never did this with Java 7 Update 21.
Our clients are using the UTM as a proxy with HTTPS inspection and SSO. When the users open the Java applet it doesn't lock the AD account straight away, it seems to be when you click several options within the applet, I would say after 5 attempts of authentication. Our AD policy will lock the account and can only be unlocked by our service desk.
To eliminate the UTM being the problem I configured the clients to use an alternative proxy (ISA and Sophos Web Appliance). I expected within a few minutes client AD accounts to start locking. However, they didn't and so can only be the UTM causing the issue.
I've checked the Web Filtering log and there are no blocked requests. What I have noticed though is that there is constant requests to the CRL and OCSP of the signed applet which I would think is correct.
Can anyone test this for me and advise what the issue can be, and whether or not I need to bypass authentication for something I am missing.
I guess if there is further investigation to get to the bottom of this, Wireshark may help with the actual requests being generated by the applet. I am 100% certain though that if I proxy the traffic via other proxy servers AD account do not lock.
For info, we know when the AD accounts lock out because the client is given a user authentication dialog box, similar to what is shown here:
I am also running firmware 9.2 on a Sophos 525 device.
Please help this is driving me insane.
This thread was automatically locked due to age.