This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TCP 464 traffic seen

Since last week we see warnings on our management appliance like this:

 


 

Automated Alert: WARN condition detected - Active Directory Trusted Subdomains synchronization

 

Description

~~~~~~~~~~~

The appliance encountered a problem synchronizing with one or more Trusted Subdomains in the Active Directory.


 

 

Further troubleshooting on our firewall (which is in between appliance and active directory servers) reveals that when I am doing "Verify Settings" on the appliance, it is trying to connect to the AD servers on TCP port 464.

That port is being used to change/set password. (according to the well known tcp and udp port table)

 

Does anybody here recognize this?

If so can you outline here what you have been done to get rid of the warning?



This thread was automatically locked due to age.
  • If AD is failing this would require you to open a support ticket so an engineer can watch the join process via the logs.

    generally ensure there is no firewalls or the appropriate exclusions as per : http://swa.sophos.com/webhelp/swa/concepts/PortConfig.html?hl=list%2Cport

    another test you can do is configure the administrator account (make sure the pw is the same on all of your domains) then you can run the sync and such and you should not get any errors. (you could use any account you like, just make sure the account exists in all domains and has enough privilege to "touch" a computer object as the final step of the join process will test create an object. 

    the last thing to note is, is this error happening all the time? or just once? chances are it could have been poped by say a dns failure or similar temporary networking issues 

    please also ensure the following 6 steps are met as per my kb here:  https://community.sophos.com/kb/en-us/126599

     

    cheers

  • Thanks Red_Warrior.

     

    I am checking the rights of the AD account with my colleagues who manage the Active Directory.

     

    Also opened a case with support.

     

  • Eventually Sophos Support fixed it for us. (It had to do with a Kerberos lookup.)

    Because of the update to 4.3.6 a fix was implemented (NSWA-1565)

    After a couple of weeks our DC's were updated which triggered this fix and why we were getting warning with the AD sync.

     

    So for us the warning were result of a combination of things.