Cisco Cisco Web Security Appliance S380

Basic authentication fails when the password contains characters that are not 7-bit ASCII. 
[Defect ID: 39570]

LDAP authentication fails when all of the following conditions are true:

• The LDAP authentication realm uses an Active Directory server.

• The Active Directory server uses an LDAP referral to another authentication server. 

• The referred authentication server is unavailable to the Web Security appliance.

Workaround: Either specify the Global Catalog server (default port is 3268) in the Active 
Directory forest when you configure the LDAP authentication realm in the appliance, or use 
the 

advancedproxyconfig > authentication

 CLI command to disable LDAP referrals. 

LDAP referrals are disabled by default. [Defect ID: 37455] 

Web Security appliance fails to join Active Directory domain under the following conditions:

• The Web Security appliance is in Standard time, such as Pacific Standard Time (PST).

• The Active Directory server is in Daylight Savings time, such as Pacific Daylight Time 

(PDT). 

The two machines might be in different time modes if the Active Directory server does not 
have the daylight time patch applied that fixes the change in Daylight Savings time starting in 
2008. When you try to join the Active Directory domain, the web interface displays the 
following misleading message:

Error - Computer Account creation failed.

 

Failure: Error while joining WSA onto server ‘vmw038-win04.wga’ : 

Failed to join domain: Invalid credentials

 

Workaround: Apply the appropriate patch to the Active Directory server. [Defect ID: 40363] 

MS Windows activation fails when authentication is enabled on the Web Security appliance. 
This is a known issue with Microsoft Windows activation.

Workaround: For more information on how to work around this issue, see the following 
articles:

http://support.microsoft.com/kb/921471

http://support.microsoft.com/kb/816897

[Defect ID: 39853]