Users are unable to connect through SSL-VPN via Active Directory (AD)
03/26/2020 29 13631
DESCRIPTION: Users are unable to connect through SSL-VPN via Active Directory (AD)
If your users are unable to connect via Active Directory, verify the following:
The time settings between the Active Directory server and the SonicWall SSL-VPN appliance must be synchronized. Kerberos authentication, used by Active Directory to authenticate clients, permits a maximum of a 15-minute time difference between the Windows server and the client (the SonicWall SSL-VPN appliance). The easiest way to solve this issue is to configure Network Time Protocol on the System | Time page and check that the server’s time settings are also correct.
Confirm that your Windows server is configured for Active Directory authentication. If you are using Window NT4.0 server, then your server only supports NT Domain authentication. Typically, Windows 2000 and 2003 servers are also configured for NT Domain authentication to support legacy Windows clients.
Configure the SSL-VPN to use the Active Directory DNS server. DNS resolution can be a requirement.
If users were able to connect with AD earlier and now it stopped working without any change then check if SSL/TLS is enabled on the AD config. If the certificate is expired or changed on AD, it will stop working. It can be verified by disabling SSL/TLS under Portal | domain |edit the concerned domain. If it works by disabling SSL/TLS , check the event logs on AD and they would give the proper info about the reason.