Preview Tool

Cisco Bug: CSCvv98015 - Group lookup in authentication 'Start Test' fails if Kerberos DNS TXT record is invalid/unreachable

Last Modified

Oct 08, 2020

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases


Description (partial)

Running authentication test using CLI command - testauthconfig - shows the below error for the 'fetch AD group information' section

Attempting to fetch AD group information...
Failure: Exception on query to server '<AD-Server-IP>', port 389 failed :
Exception('Inquiry timed out: (\'python2.6_10_amd64_nothr/ b64decode|76\', "", \'Incorrect padding\', \'[egg/ setup_connection_thread|2440] [_coro.pyx coro._coro.sched.with_timeout (coro/_coro.c:11765)|1099] [egg/ setup_connection|2522] [egg/ authenticate_connection|2621] [egg/ decrypt|55] [python2.6_10_amd64_nothr/ b64decode|76]\')',)

Group lookup in access or decryption policies will fail when the above error is seen in the authentication test.

NTLM Authentication realm configured on WSA
Kerberos DNS TXT record for the domain is incorrect or not reachable
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.