Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[IAG] Domain monitoring single point failed – due to environment

Posted
Updated
Byadmin
Views5

Problem Description

Domain SSO login fails

Process——

  1. Check the configuration domain server configuration, domain monitoring single sign-on test validity is successful

  2. The domain server login time and audit time are both enabled, and the authentication policy is configured with single sign-on

  3. The test PC failed to log in to the account again. I went to the domain controller to read the log and found that there was no login log for the intranet IP.

  4. I used the tool wbemtest to read it, but there was no result. I searched for the domain account and found that it was there, but the IP was not the source IP, but the device WAN port IP.

  5. Understand that the environment is PC-IAG-domain control, IAG is a secondary router with NAT, which causes the source IP to be converted

  6. Test and cancel NAT, use static routing to do it, the test is normal

Root cause

The source IP is converted

solution

Cancel NAT and use static routing

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=7121&isOpen=true