EX SSL-VPN: "Test Connection" to an AD Tree authentication server fails with "Unable to connect to
03/26/2020 8 7524
EX SSL-VPN: "Test Connection" to an AD Tree authentication server fails with "Unable to connect to the server" message
After configuring a Microsoft Active Directory tree authentication, when customers click the "Test Connection" button they get an error "Unable to connect to the server" as shown in the screenshot below:
[Screenshot: Error during Test Connection]
Also, performing a User/Group search fails as shown in the screenshot below:
[Screenshot: Failed User/Group search from AMC]
This is a generic error whenever the backend server is not reachable or has returned an error. One possible screnario is listed below and we will add more as and when we come across more.
Note: If your issue does not match the scenario listed below then please open a case with SonicWall Support.
[Screenshot: Capture showing the "TGS-Req" and the "KDC_ERR_S_PRINCIPAL_UNKNOWN" error response]
1) SonicWall recommends the customer to make sure that the DNS server is able to reverse lookup all the Domain Contollers in the AD domain.
If the appliance is not able to reverse lookup the Domain Controller, then the kerberos "TGS-Req" will not have the right server-name (PRINCIPAL) and due to this backend server will respond back with "KDC_ERR_S_PRINCIPAL_UNKNOWN" causing the connection to fail.