Troubleshooting Single Sign-on (SSO) related errors
12/06/2021 2,115 People found this article helpful 226,922 Views
This article guides you to significantly reduce and troubleshoot Single Sign-On (SSO) agent related errors reported under Logs and TSR (Tech Support Report).
Below is a screenshot of the Enforcement tab on the SSO configuration properties dialog box. Is accessed from Manage| Users |Settings| Configure SSO.
- Under Enforcement in SSO Bypass you can bypass SSO and allow services, hosts, networks or range of IPs to send their traffic through the SonicWall without having to go through user authentication via SSO. This is vital for devices who do not require user authentication via SSO such as Macintosh Apple Computers, iPads, Printers and Smart phones or Servers that do not run with a logged in user.
- User names used by Windows services: Programs such as a video card software.
EXAMPLE: NVIDIA's Update, can cause issues and need to be bypassed from SSO agent in the option shown below.
One of the first step in getting down to reducing the SSO Errors and connection issues is to pull a TSR and take a look at the IPs that are giving errors.
- Probing failed: This is typically caused by Windows firewall or another 3rd party firewall or anything that would be blocking as the probe is coming from the SonicWall itself to check if the ports are open for selected query type before sending it to the SSO Agent.
- Agent did not respond: This error is self-explanatory, the SSO Agent did not respond to the SonicWall query for information on the IP.
- Confirm agent is not installed on the AD server as typically AD has to process other requests and could lead to performance issues. With this error you may want to consider adding another Agent depending on the amount of users being queried for SSO Authentication.
- SSO agent reported: OS Error -21477217406: This error is typically caused by a WMI failure.
When no user os logged in, WMI gets a response as "getFields failed" which is represented by SonicOS as a negative number.
- This is not indicative of a user identification failure. NetAPI alone can be used in this scenario to avoid this error.
- Error: Error(51) Unknown Error: This error usually means the IP address is a Windows machine, but access to TCP 445 (part of File & Print sharing) is blocked.
- Usually error 51 is caused by Windows firewall or another 3rd party firewall or anything that would be blocking File and Print Sharing.
- Agent reported error - OS error  Network path not found: This error could be due to:
- the unit is not a Windows PC
- If the IP showing this error is a Windows PC then:
- check if any Windows Firewall, Defender or any Anti-virus software may be blocking the query.
- Confirm that File and Print Sharing is enabled on the Windows PC.
- Agent reported error - OS error : Access denied: This is often an SSO agent service error as it may not be running under domain admin or do not have the admin rights.
This can happens if the password was set to expire on the account that is running these services, and the password has expired).
To troubleshoot error 5 on the SSO agent, check the following:
NOTE: Error 51, 53, 21477217406 are usually client related errors and need to be troubleshooted on the clients. Error 5 may be a SSO Agent Service error and it may need to be troubleshooted on the Server on which the SSO Service is running.
Was This Article Helpful?