Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Troubleshooting Single Sign-on (SSO) related errors

12/06/2021 2,115 People found this article helpful 226,922 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This article guides you to significantly reduce and troubleshoot Single Sign-On (SSO) agent related errors reported under Logs and TSR (Tech Support Report).

    Resolution

    Below is a screenshot of the Enforcement tab on the SSO configuration properties dialog box. Is accessed from Manage| Users |Settings| Configure SSO.

    • Under Enforcement in SSO Bypass  you can bypass SSO and allow services, hosts, networks or range of IPs to send their traffic through the SonicWall without having to go through user authentication via SSO. This is vital for devices who do not require user authentication via SSO such as Macintosh Apple Computers, iPads, Printers and Smart phones or Servers that do not run with a logged in user.


      Image

     

    • User names used by Windows services: Programs such as a video card software.
      EXAMPLE: NVIDIA's Update, can cause issues and need to be bypassed from SSO agent in the option shown below.Image




    Troubleshooting Errors:

    One of the first step in getting down to reducing the SSO Errors and connection issues is to pull a TSR and take a look at the IPs that are giving errors.

    EXAMPLES: 

    • Probing failed: This is typically caused by Windows firewall or another 3rd party firewall or anything that would be blocking as the probe is coming from the SonicWall itself to check if the ports are open for selected query type before sending it to the SSO Agent.

    • Agent did not respond: This error is self-explanatory, the SSO Agent did not respond to the SonicWall query for information on the IP.
      • Confirm agent is not installed on the AD server as typically AD has to process other requests and could lead to performance issues. With this error you may want to consider adding another Agent depending on the amount of users being queried for SSO Authentication.

    • SSO agent reported: OS Error -21477217406: This error is typically caused by a WMI failure.
      When no user os logged in, WMI gets a response as "getFields failed" which is represented by SonicOS as a negative number.
      • This is not indicative of a user identification failure. NetAPI alone can be used in this scenario to avoid this error.

    • Error: Error(51) Unknown Error: This error usually means the IP address is a Windows machine, but access to TCP 445 (part of File & Print sharing) is blocked.
      • Usually error 51 is caused by Windows firewall or another 3rd party firewall or anything that would be blocking File and Print Sharing.

    • Agent reported error - OS error [53] Network path not found: This error could be due to:
      • the unit is not a Windows PC
      • If the IP showing this error is a Windows PC then:
        • check if any Windows Firewall, Defender or any Anti-virus software may be blocking the query.
        • Confirm that File and Print Sharing is enabled on the Windows PC. 

    • Agent reported error - OS error [5]: Access denied: This is often an SSO agent service error as it may not be running under domain admin or do not have the admin rights.
      This can happens if the password was set to expire on the account that is running these services, and the password has expired).
      To troubleshoot error 5 on the SSO agent, check the following:
      • Check the SSO agent service logon account. This must be a domain administrator, and it must have password never expired enabled and excluded from any password policy
      • Logon to the agent machine as the domain administrator account assigned to the SSO service and run a net view \IP from command prompt of the machine you are trying to authenticate. If no error displays, then it means the SSO agent is resolving the name properly.
      • If the above two steps did not lead you to any resolution, check the target computer for software firewalls in the anti-virus programs.
        For example, Trend Micro has a software firewall that will cause this specific error rather than error 51.

        TIP: SSO Agent and Ports: NetAPI Ports = 445 and 139 & WMI = 1726 and 135 SSO Agent Default Port = 2258 & TSA Agent Default Port = 2259.

    NOTE: Error 51, 53, 21477217406 are usually client related errors and need to be troubleshooted on the clients. Error 5 may be a SSO Agent Service error and it may need to be troubleshooted on the Server on which the SSO Service is running.

    Related Articles

    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI
    • Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

    Categories

    • Firewalls > TZ Series > User Login
    • Firewalls > SonicWall SuperMassive 9000 Series > User Login
    • Firewalls > NSa Series > User Login
    • Firewalls > NSv Series > User Login

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top