The Active Directory Syncronization feature on the Sophos Web Appliance fails intermittently.
- Possible symptoms include:
Intermittently users are prompted for authentication when browsing the web. If the user enters their Active Directory credentials browsing does not always proceed
- Intermittently you receive warnings regarding Active Directory synchronization
- Sometimes when you attempt to 'Verify Settings' on the 'Configuration | System | Active Directory' page this will fail. Other times it may succeed, or it may fail at different stages.
Known to apply to the following Sophos product(s) and version(s)
Sophos Web Appliance
This issue can occur when there are incorrect entries in the DNS A record for your domain name, or for the FQDN of your Domain Controllers.
When attempting to join the domain or sync with the specified Domain Controller, the Sophos Web Appliance may use the wrong I.P. address, causing intermittent problems.
What to do
1. Test to confirm you are affected by the issue:
- Login to the Web Appliance
- Go to 'Configuration | Network | Network Diagnostics'
- Perform a DNS lookup of your domain name. Eg. mydomain.tld
This DNS record should contain only valid I.P. addresses for Domain Controllers of this Domain
- Perform a DNS lookup on the FQDN of each Domain Controller in the directory. Eg. dc1.mydomain.tld.
This DNS record should contain only valid I.P. addresses for this Domain Controller
2. Check to ensure that the following Firewall and Directory requirements are met: http://wsa.sophos.com/docs/wsa/swa_docs/ws1000/tasks/ConfigSysActiveDirectoryAccess.html
3. If your domain name or Domain Controller FQDN resolves to an incorrect I.P. addresses, use one of the following methods to resolve the issue.
- Modify your DNS records so these resolve to correct I.P. addresses only. Ensure that these changes are replicated on the primary DNS server for the Sophos Web Appliance.