Firebox Mobile SSL VPN with Azure AD authentication - not working for ONE user

Daniel1987

I have setup the Watchguard Mobile SSL VPN to user Azure AD as its authentication. - Following Watchguard documentation - https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/Azure-firebox-ssl-vpn-active_directory.html

One user cannot connect to the vpn and gets the below errors in the logs. Other users are able to connect fine as intended, a new user created can also connect.

...was rejected, user doesn't exist, check your username msg_id="1100-0005"

....was rejected - Unspecified. Debug

The user is in the correct group to allow access, like all other working users

I've spoken to watchguard support who think its an Azure issue

Has anyone got any ideas on how to resolve this issue?

james.carson

The specific part "user doesn't exist, check your username" is most likely a response from Azure being passed to you by the firewall.
(Note that I'm working with the log you posted here and nothing else.)

If the user's name is particularly long or has special characters they may be getting dropped or messed up in the process.

The next place i'd suggest checking are the authentication logs in Azure itself -- they should detail what it's seeing as the username, which should help determine what you need to do next.