Steps to Leave and Rejoin a Domain for IWA Direct Authentication on a ProxySG Appliance

Article Id: 168811
Status: Published
Updated On: 02-07-2018 02:49
Legacy Id: TECH245528
Products:
Advanced Secure Gateway Software - ASG , ProxySG Software - SGOS
Issue/Introduction:

In some cases, whether as a troubleshooting measure or because of changes to the Windows domain, you need to have your ProxySG appliance leave the Windows domain and then rejoin it. 

Resolution:

Here are the steps to leave and rejoin the domain:

  1. Remove affected rules and policies.
  2. Delete realms.
  3. Leave the domain.
  4. Ensure the ProxySG appliance has left the domain.
  5. Rejoin the domain and recreate the IWA_Direct realm.
  6. Reapply policies.

Remove Affected Rules and Policies

To manually remove all Visual Policy Manager (VPM) rules and policies that apply to the realm you want to remove:

Note: When following 1.b for removing affected rules and policies, you must respect the format of the XML file.  If you do not respect the format then when re-importing the backup and opening the VPM it will not open up with the policies.  In notepad++, for example, is how to save correctly the policy files.  Set the encoding as xml extension

 

                                                                 Image 1

                    

                            

 Once completed you can now open the XML document with the normal notepad and now it respects the format of the XML

                                                                                         

  1. Back up your policy files:
    1. Log into the Management Console and select Configuration > Policy > Policy Files.
    2. Save the Local, Forward, and Central policy files by copying and pasting their content from Text Editor to a text editor, such as Notepad.
  2. Remove the content from the Local, Forward, and Central policy files.
  3. Back up the VPM files:
    1. Select Configuration > Policy > Policy Files > Visual Policy Files.
    2. Save the VPM-CPL and VPM-XML policy files by copying and pasting their content from Text Editor to a text editor, such as Notepad.
  4. Remove the content from the VPM-CPL and VPM-XML policy files.
  5. Open the VPM by selecting Configuration > Policy > Visual Policy Manager > Launch.
  6. You should see a blank VPM dialog.
  7. Click Install policy to apply changes, and close the dialog.

Delete Realms

To delete the realms:

  1. Log in to the Management Console and click Configuration > Authentication > IWA.
  2. Select the IWA_Direct realm you want to delete.
  3. Click Delete.
  4. Click OK.

NOTE:  Proxy may need to be rebooted to clear any association to realm in question in the memory.

Leave The Domain

To leave the domain:

  1. Log in to the Management Console and click Configuration > Authentication > Windows Domain.
  2. Select the Windows domain you want to leave.
  3. Click Leave.
  4. Click OK.

Note: If the Leave button is grayed out, refer to the following Knowledge Base article: Cannot leave Windows domain in the Management Console

Ensure the ProxySG Appliance has Left the Domain

To refresh the Management Console, press the F5 key.

Rejoin the Domain and Recreate the IWA_Direct Realm

To rejoin the domain, refer to the Knowledge Base article: How do I configure the ProxySG appliance to connect directly to Active Directory for IWA authentication?

Reapply Policies

To reapply the policies:

  1. Restore all the rules and policies that you backed up. To reapply the policies, refer to the following Knowledge Base article: Restoring VPM-CPL and VPM-XML to ProxySG
  2. Apply your changes by launching VPM and clicking Install policy.