Domain authentication - admin PW with special characters

What facilities do you try to authenticate? 

And against which Backend do you authenticate? AD Server? 

sry, forgot this part.

authenticate against AD Server. We just want to sync the AD Users and authenticate the AD users, so they can download VPN clients and so on.

here its alright, when we save it, retest it - authentication failed. no groups can be imported

So you are talking about the Domain Admin Account, you specify to read / pull against AD. Not a particular User Account, which has this credentials? 

Assuming i would follow up this and create a new user in AD for XG specifically (Least privilege approach), this could be a unknown bug. 

So you are talking about the Domain Admin Account, you specify to read / pull against AD. Not a particular User Account, which has this credentials? 

Assuming i would follow up this and create a new user in AD for XG specifically (Least privilege approach), this could be a unknown bug. 

yes that's right. Tried with the domain admin account. testet with another user and it is working. seems to be a bug when you use the so called 'administrator' - standard domain admin account in the Windows AD. all our customer Firewall having this bug.

confirmed this behavior with 3 firewalls. When we use any other user to read / pull against AD it is working. Using the administrator it fails.

but no user can be authenticated. when you try to authenticate on the user portal - authentication failed for the users.

If you use a admin user without this password to link this to the XG, can a user with this special character can register to user portal? 

thanks for your fast support and sry for my bad english ...

tried it - nothing changed. a new user tried to authenticate throught user portal - authentication failed

First of all: The account, used on the server page on XG, needs to have a valid password, without your issue, you discovered. 
In this scenario, everything should work, correct?
If you use a user against user portal, which has a special password, can this user authenticate in this point? 

So the issue only occur, if the XG to AD Server connection is not correct, as the authentication is invalid? 

first - administrator user with special charaters in password - first time typing in at authentication server - test OK, saving it, retesting it - fail.

now - using another admin user with another username and password - testeing it - ok, saving it and retesting ok - NOW i can import Groups from ad. Trying to authenticate a user without special characters on user portal -> authentication failed.

So basically you never can use succesful the authentication of XG, is that what you are saying? 

this is'nt so clear.

we use this feature for a long time. But this bug appeared about 2-3 Month ago. Users which worked before this bug can be authenticated. new users can't.

Lets recap for a moment, as i am still not able to understand your issue. 

There are two different fields: 

Authentication - Server - AD Server -> AD Username (Admin) + Password 1

"General Authentication" - Any facility (Like User Portal, Webadmin etc.) -> Username + Password 2

So if Password 1 is invalid (because of a Bug or something), the authentication for password 2 will not work.

If Password 1 is valid and can be used, password 2 should also work, as we use password 1 to authenticate against the AD.