Recently, numerous Naviant customers have experienced authentication issues due to Out of Band Microsoft Updates. “Out of Band” means that Microsoft originally released the updates that caused these issues outside of the standard critical updates that it releases periodically.

Microsoft released many of these updates around November 2021. Since then, they have caused authentication issues for Hyland OnBase end-users in AD/SSO environments when installed on related Domain Controllers, OnBase Web, and application servers.
These updates can cause problems with the following:

  • Azure Active Directory Authentication using Kerberos Constrained Delegation
  • WAP, IWA, and SSO Authentication
  • ADFS Authentication
  • SQL Server Authentication
  • IIS and intermediate devices like load balancers performing delegated authentication

Symptoms

Resulting errors can range from Unity Automation Errors to 401 Unauthorized errors when logging into Web and Unity Clients. In single Domain Controller environments – all logins will fail. In load balanced, multi–Domain Controller environments where some DCs have received the update and some have not, login issues will be intermittent for OnBase users.

Below is a list of the Out of Band MS-Updates known to cause the Authentication issues:

  • KB5007206
  • KB5007192
  • KB5007247
  • KB5007260
  • KB5007236
  • KB5007263
  • KB5007255

Resolution

Depending on your KB, there can be two different solutions for this issue.

  1. Rolling back the offending update is the first option. You must perform this on the Domain Controller, and affected Application and Web Servers are applicable.
  2. In some cases, the KB patch that caused the issue may have an updated patch that can correct the behavior. These patches aren’t guaranteed to correct the authentication issues. However, we have had at least one customer report that the updated patch for KB5007255 fixed their authentication issues.

For example, the below KB5008602 has been noted to correct Authentication issues stemming from the first KB in the list above  KB5007206.

Below are a few links to related articles for reference. If you try the steps above and are still seeing Authentication issues, please reach out to Naviant Support and we will assist.

About Matthew

Matthew is a Senior Customer Success Specialist at Naviant. He has been in the IT field since 1996 and has worked with IT Industry leaders such as IBM, Hewlett Packard, and more recently, Hyland. In addition to having an Associate’s Degree in Applied Science with an Emphasis on Computer Technology, he is an OnBase Certified Installer with over 5 years’ experience in supporting OnBase and related products. His career has spanned both Government and Private industry with gradually increasing responsibilities. When he’s not working, he enjoys spending time with his family, boating, fishing, and golfing.

Essential Guide to OnBase Resources
Essential Guide to OnBase Resources

Looking for OnBase training resources? We’ve rounded up all the available OnBase training resources, and we’ll keep this list up to date.

Get More OnBase Resources