A PC Displays a Message "Authentication failed" After a User Enters a User Name and Password Before Logging In to an SSL VPN Gateway

This section describes how to resolve the fault that a PC displays a message "Authentication failed" after a user enters a user name and password before logging in to an SSL VPN gateway.

Symptom

A PC displays a message "Authentication failed" after a user enters a user name and password before logging in to an SSL VPN gateway.

Possible Causes

Cause 1: The user name or password is incorrect.

Cause 2: The account is locked out after multiple consecutive incorrect password inputs.

Cause 3: The authentication server was configured incorrectly.

Cause 4: The certificate filtering field was specified incorrectly.

Cause 5: The AD server and FW have different time and time zone settings.

Causes vary depending on user authentication modes.

Local authentication: cause 1
RADIUS and LDAP authentication: cause 3
Certificate authentication: cause 4
AD authentication: cause 3 or 5

Procedure

Cause 1: The user name or password is incorrect.
Contact the SSL VPN gateway administrator to obtain the correct user name and password.
Cause 2: The account is locked out after multiple consecutive incorrect password inputs.
The default account lock period is five minutes. Re-log in after the period expires.
Cause 3: The authentication server was configured incorrectly.
1. Log in to the Web UI for the FW as the system administrator. In the navigation tree, choose Object > Authentication Server.
2. Check the configuration of the authentication server on which the authentication domain is configured and verify that the configuration is correct.
Cause 4: The certificate filtering field was specified incorrectly.
1. Log in to the Web UI for the FW as the system administrator. In the navigation tree, choose Network > SSL VPN > SSL VPN.
2. Access the Modify SSL VPN page and click the Gateway Configuration tab.
3. View User Filtering Field and verify that it is correct.
Cause 5: The AD server and FW have different time and time zone settings.
Make sure that the AD server and FW have the same time and time zone settings. If they have different time and time zone settings, authentication fails. (AD authentication is highly sensitive to time.)