[IAG] AD domain single sign-on users often log out and go online collectively
Problem Description
AD domain single sign-on users often log out and go online collectively
Effective troubleshooting steps
- Check the user's AD domain single sign-on. The single sign-on is normal. Check the behavior management log and find that the user's online group is not the AD domain group.
- The IAG is the master, and the user feedback node is used as a backup and has no access to the network.
- The background compares the online group of the same user and finds that the node online group is not the ad domain group
Root cause
Due to communication problems, the node cannot synchronize the ad domain organizational structure to the group user, resulting in the node online user group being synchronized to the master when the master is fully synchronized.
solution
The node IAG communicates normally with the AD domain and can synchronize the organizational structure to the IAG group user normally.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=25722&isOpen=true