This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Proxy AD User locked

Our Sophos is configured with 3 DCs from our site for AD proxy authentication. If we type in the wrong Password for the first time (Proxy authentication in IE11) the DC has allready a "Bad Pwd Count" of 3. Does the Sophos try multiple times on the first DC or on every DC in the list. So that the first DC gets 3 bad Logins?

How can we solve this Problem? Will it help to set up an availability group containing our AD DCs?

Thanks

This thread was automatically locked due to age.

0 Ol Deda over 7 years ago

Setup as Single Sing On

UTM becomes a computer in Domain Directory
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 7 years ago

Hi Frank and welcome to the UTM Community!

I'm not a Windows Server guru, but I suspect that one could look at how your DCs are configured and help you improve the situation.

If all three DCs have duplicate information, then, yes, an Availability Group is what you want. If the authentication daemon gets an OK from an Authentication Server, it doesn't try the others in the list. If it doesn't get an approval, it keeps trying the other Servers until it has exhausted the list.

Oldeda is right. Take a look at Configuring HTTP/S proxy access with AD SSO. Although the article is aimed at Standard mode, 98% of it applies to Transparent mode, too.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel