Recently, numerous Naviant customers have experienced authentication issues due to Out of Band Microsoft Updates. “Out of Band” means that Microsoft originally released the updates that caused these issues outside of the standard critical updates that it releases periodically.
Microsoft released many of these updates around November 2021. Since then, they have caused authentication issues for Hyland OnBase end-users in AD/SSO environments when installed on related Domain Controllers, OnBase Web, and application servers.
These updates can cause problems with the following:
- Azure Active Directory Authentication using Kerberos Constrained Delegation
- WAP, IWA, and SSO Authentication
- ADFS Authentication
- SQL Server Authentication
- IIS and intermediate devices like load balancers performing delegated authentication
Resulting errors can range from Unity Automation Errors to 401 Unauthorized errors when logging into Web and Unity Clients. In single Domain Controller environments – all logins will fail. In load balanced, multi–Domain Controller environments where some DCs have received the update and some have not, login issues will be intermittent for OnBase users.
Below is a list of the Out of Band MS-Updates known to cause the Authentication issues:
Depending on your KB, there can be two different solutions for this issue.
- Rolling back the offending update is the first option. You must perform this on the Domain Controller, and affected Application and Web Servers are applicable.
- In some cases, the KB patch that caused the issue may have an updated patch that can correct the behavior. These patches aren’t guaranteed to correct the authentication issues. However, we have had at least one customer report that the updated patch for KB5007255 fixed their authentication issues.
For example, the below KB5008602 has been noted to correct Authentication issues stemming from the first KB in the list above KB5007206.
Below are a few links to related articles for reference. If you try the steps above and are still seeing Authentication issues, please reach out to Naviant Support and we will assist.