Error: "Authentication failure: Unable to create external user account needed to complete login"

Description

Customers may experience issues with new users not being able to connect to the SSL VPN, getting the following error message: "Authentication failure: Unable to create external user account needed to complete login. Please contact your administrator". However, existing users that were already created inside the SRA may be able to connect.

Cause

The main reason why this could happen is due to a improper firmware installation, especially after a downgrade. Please note that downgrading firmware is not supported.

Resolution

After it has been determined that a downgrade has been performed the only solution is to boot the SRA/SMA appliance to a currently supported firmware with factory defaults settings. From there, one of two steps can be performed:

  • If available, import a known good backup configuration file that was exported on equal or lower firmware, and has settings that never went through a 'downgrade',
  • Rebuild the settings manually.
Note: "import of a known good backup configuration file" means that if you boot the SonicWall to a lower version of firmware with factory defaults, you cannot import a settings file that has already gone up to a higher version of firmware at any point.

Related Articles

  • How to Provision SMA1000 in Monthly Billing (MSSP Program)
    Read More
  • SMA 1000 Series Support Matrix
    Read More
  • How to Configure SAML 2.0 SSO with Microsoft Entra ID for SonicWall SMA 1000 Series
    Read More

Categories

Secure Mobile Access
SMA 100 Series
Secure Mobile Access
SMA 1000 Series
not finding your answers?
Ask the Community
Chat