If you have a SonicWALL configured with LDAP + single sign on and content filtering, you may run into an issue where a server is not able to get out to Windows Update. Using the SonicWALL Directory Connector diagnostic tool, a check on the server’s IP came back with a locally logged on user, specifically “Acronis Agent User” rather than the domain administrator account that was currently logged in. This local user name was keyed into the SonicWALL’s SSO config under “User names used by Windows services”, which then allowed the Windows Update agent to successfully connect out.
Tag Archives: SonicWALL
SonicWALL SSL-VPN 200 locking up
SonicWALL’s SSL-VPN 200 remote access appliances have worked flawlessly for years for a number of clients until recently we started seeing a rash of lockups. At first a power cycle was all it took to get them back up and running, but shortly afterwards they would not stay online more than a few seconds, before becoming unresponsive to all but a ping.
One unit in particular that was configured to email alerts started sending out messages every hour with the following error:
"License Manager Peer Identity failed - Check certs and time."
I then disconnected it from the network, power cycled it again and connected directly to it. This time, it booted up just fine and allowed me to log into it. Researching the error message from before led me to a SonicWALL article detailing possible causes for the message, one of which was:
"The License Manager server or the signature database server may not have a valid SSL Certificate."
I know SonicWALL is requiring some firmware upgrades on currently supported devices that resolves some certificate warnings, so I figured the SSL-VPN 200 was calling home and locking up during its bootup routine. Why not disallow it from calling home?
Here’s how to fix it:
Boot the SSL-VPN 200 offline, connect a PC to the X0 port, assign yourself a static IP on the same subnet and login to the device
Go to Network | Host Resolution
Create a new host resolution object
IP address: 127.0.0.1
Save the new host, reconnect to your production network and enjoy!