ssl vpn "authentication failed" for new user

I created a new user in our AD and put him to the same AD group where other VPN users are (group is added to Firebox) . I can't login with "auth failed". I try to understand, what AD field is using for authentication? For reason I don't remember, users are using format "" for logging through VPN.
Why this suffix is for ? Our real AD domain is
How I can debug "auth failed" error ?


  • is probably what you have set up as your AD server name in your XTM config.
    See the "Specify the Client Connection Settings" section, here:

    You can turn on diagnostic logging for Authentication which may show something to help:
    In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> Authentication
    In the Web UI: System -> Diagnostic Log
    Set the slider to Information or higher

    As I recall from a good while back, XTM uses a cached version of the AD group, so it may take some time before an added user to the AD group ican successfully authenticate.

Sign In to comment.