Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Troubleshooting Integrated Windows Authentication
Help | Content Gateway | v8.5.x
This section covers 2 common problems:
*
*
Failure to join the domain
These conditions are required for Content Gateway to join a domain:
*
*
*
*
*
*
Troubleshooting:
*
*
*
Join failures are logged to /opt/WCG/logs/smbadmin.join.log
*
Failure to authenticate clients
These conditions are required to authenticate clients:
*
*
*
Explicit proxy clients must not be configured to send requests to the IP address of Content Gateway. Clients must use the Fully Qualified Domain Name (FQDN) of Content Gateway. If the IP address is used, NTLM authentication is always performed.
*
*
*
Windows domain [domain name] unreachable or bad membership status
Troubleshooting:
In the Content Gateway manager, use the Diagnostic Test function on the Monitor > Security > Integrated Windows Authentication tab. This Monitor page displays authentication request statistics and provides the diagnostic test function.
The Diagnostic Test function performs connectivity and authentication testing and reports errors. It also shows domain controller TCP port connectivity and latency.
Errors and messages are logged to:
*
*
*
*
Performance issues:
*
IWA (Kerberos): Authentication performance is bound by CPU. There is no communication to the domain controllers for Kerberos authentication.
*
NTLM and Basic: Domain controller responsiveness effects performance. The Monitor > Security > Integrated Windows Authentication page shows average response time.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2020 Forcepoint. All rights reserved.