With authentication enabled on the ProxySG appliance and Kerberos Constraint Delegation (KCD) in use, users cannot access protected resources due to authentication errors such as:
A large discrepancy exists between the respective times on the ProxySG appliance and the DC. As a result, the appliance considers the Kerberos tickets it receives from the DC to be invalid.
On the ProxySG appliance, adjust the system time at Configuration > General > Clock. Then, do one of the following: