Authentication fails for all users with the following event log message. This occurs in an IWA direct environment.
Authentication failed with 40158 (0x00009CDE) (symbol: 'UNKNOWN'): user 'username' (domain DOMAIN) - user considered 'unknown'(0) NORMAL_EVENT lw_schannel.cpp xxx
Error 40158 (0x00009CDE) is an “access denied” message, which is the same as the LW_ERROR_ACCESS_DENIED message in the LSA debug log: TRACE: lsass - [LsaSrvAuthenticateUserEx() auth.c:375] Error code: 40158 (symbol: LW_ERROR_ACCESS_DENIED)
This bug was introduced in SGOS 126.96.36.199 when an error code handling was added.
Once the access denied condition is hit, the ProxySG appliance doesn’t reset the schannel to the DC server, and authentication for all users fails until you manually reset the schannel by either restarting the appliance or rejoining the domain.
The issue is resolved in SGOS 188.8.131.52 and later.
Imported Document ID: 000008090
Subscribing will provide email updates when this Article is updated. Login is required.