search cancel

Data to Gather When Users Are Unauthenticated


Article ID: 174106


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Users are being logged as "No user" or are getting certain policy blocks as "Unauthenticated" when they should be allowed access when authenticated.


There are many potential causes for users to be unauthenticated which may not be directly related to Web Security Service (WSS). Common causes of authentication failure include, but are not limited to:

  1. The server(s) upon which Auth Connector resides does not have 2-way trust DIRECTLY with all domain controllers that will have relevant logon events. (IPsec)
  2. Authentication IPs are not reachable by the server(s) upon which Auth Connector resides. (IPsec)
  3. Auth Connector traffic is routed through the IPsec tunnel. (IPsec)
  4. SSL Interception is not enabled.
    • A site is in the SSL Interception Exemption list.
  5. A site is added to Authentication Bypass.


Gather the following information to provide in a support case:

  1. Access Method (IPsec, Unified Agent, Explicit Proxy, etc.)
  2. Authentication Method (Domain Controller Query (DCQ) with Auth Connector, Unified Agent, SAML, etc.)
  3. Are all users Unauthenticated or just some users?
    • Are users unauthenticated for all sites or just some sites?
      • Are those sites on the SSL Interception Exemption list or the Authentication Bypass list?
  4. SSL Interception Status (Enabled or Disabled)
  5. Auth Connector Debug logs (if applicable)
  6. HAR file collected from the browser of an afflicted user
  7. Windows Event Logs
  8. Number of domain controllers (if using IPsec)
    • Check Trust. Does server with Auth Connector have 2-way trust with ALL domain controllers that will have relevant logons?
  9. SAML Tracer (if using SAML)
    • What is serving as the IDP for SAML (Auth Connector, Azure, etc.)?

NOTE: You may be asked to gather further data and information for troubleshooting purposes.