Authentication Health Check: "Check Failed" - Inactive Realm - Next Steps
search cancel

Authentication Health Check: "Check Failed" - Inactive Realm - Next Steps


Article ID: 277123


Updated On:


ProxySG Software - SGOS


An authentication health check is automatically generated for each external authentication realm that is configured on the appliance. Authentication health checks assess the realm’s health based on data gathered during the most recent authentication attempt. The response time recorded for this health check represents the average response time between two consecutive health checks.

Unlike most health checks, authentication health checks do not probe the target realm with an authentication request. Therefore, the health check will report healthy until the appliance records a failed authentication attempt.

The health states for authentication health checks can be:

  • Ok, when the appliance records successful authentication attempts.
  • Check failed, when the device records an unsuccessful authentication attempt.
  • Functioning on an alternate server, when a realm is operating on its alternate server.
  • Functioning properly with errors, when the health check records intermittent failures on a server.
  • On an authentication health check, you can edit the following settings:
  • Enable or disable the health check
  • Override default settings - change healthy and sick intervals, and thresholds
  • Override default notifications - change the severity, and notification options for alerts

By default, the health check is enabled and the appliance tracks the response time for the most recent authentication attempts. The other options are — Disabled, reporting sick and Disabled, reporting healthy.


Next Steps/Recommendations:

  • Decouple the affected authentication realm from all the authentication rules where it is currently referenced, to prevent authentication failures, for any matched request.
  • Set the "Disable Healthy" option, in Health Checks, for the reported "xxxxxxxxx" health check, to ensure the triggered "Check failed" never happens again. This is OK because the linked authentication realm isn't in use. Please see the snippet below, for reference.