Proxy is not able to authenticate users via local domain controller with event log error Schannel (REALM): Resetting Schannel due to error: 0xC000020D

IWA direct authentication

Schannel connection between ProxySG and DC is a long TCP connection. Resetting of Schannel could happen due to multiple reasons such as DC resetting the connection remotely when a fatal/irrecoverable error happens. Also, one of the reasons could be the local firewall was blocking the ports that are required for authentication to function.

Open the following ports on the internal firewall:

SMB: 445 / 139
LDAP: 389 / 636
Kerberos: 88