search cancel

Windows Authentication Resetting Schannel on the ProxySG

book

Article ID: 175241

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Proxy is not able to authenticate users via local domain controller with event log error Schannel (REALM): Resetting Schannel due to error: 0xC000020D

Environment

IWA direct authentication

Cause

Schannel connection between ProxySG and DC is a long TCP connection. Resetting of Schannel could happen due to multiple reasons such as DC resetting the connection remotely when a fatal/irrecoverable error happens. Also, one of the reasons could be the local firewall was blocking the ports that are required for authentication to function.

Resolution

Open the following ports on the internal firewall:

SMB: 445 / 139
LDAP: 389 / 636
Kerberos: 88