Contents

Related Topics

Troubleshoot Single Sign-On (SSO)

After you enable SSO on your Firebox and install and configure the WatchGuard SSO components on your network, if you have problems with your SSO deployment, you can use the information in this topic to review your deployment for configuration errors that might be the cause of the problems.

All SSO Methods

SSO with the SSO Client

Clientless SSO with Event Log Monitor

Clientless SSO with Exchange Monitor

Clientless SSO with Active Directory Mode

Active Directory (AD) Mode is a backup SSO method. AD Mode might not operate as expected in some circumstances, and it can introduce security risks. We do not recommend AD Mode as a primary SSO method.

Test the SSO Port Connection

To verify that the SSO Agent can contact the Event Log Monitor and Exchange Monitor over the required ports, you can use the SSO Port Tester tool. This tool tests port connectivity between the server where you installed the SSO Agent, and a:

  • Range of IP addresses
  • Single IP address
  • Specific subnet
  • List of specific IP addresses
    You must import a text file that includes the IP addresses to test.

Verify the SSO Software Version

Make sure that you have installed SSO component software v11.10 or higher.

SSO software versions lower than v11.10 do not support:

  • Windows Fast User Switching
  • RDP for clientless SSO
  • SSO authentication over BOVPN

SSO software versions lower than v11.9.3 do not support RDP for the SSO Client.

The versions of the SSO components in your SSO solution do not have to be the same, and they do not have to be the same as the version of Fireware on your Firebox. We recommend that you install the highest available version of the SSO Agent, even if your Firebox runs a lower version of Fireware.

Common Error Messages

See Also

About Active Directory Single Sign-On (SSO)

Quick Start — Set Up Active Directory Single Sign-On (SSO)

Choose Your Single Sign-On (SSO) Components

Give Us Feedback     Get Support     All Product Documentation     Technical Search