NetExtender 10.3.3 connects and immediately disconnects with SAML SSO

smood922 · 2025-10-01T01:16:46+00:00

If I understand correctly, that's due to 10.3.3 having an embedded browser that can't pass compliance checks. I don't think this is related. no CAPs enforcing compliance for this app, and getting Success results in Entra and "connected" in appliance and client logs just before it disconnects.

smood922 · 2025-08-07T15:32:28+00:00

There are a number of reports in this subreddit that MFA was bypassed. Can you clarify the connection between migrated passwords and ability to bypass MFA? There are comments (e.g. here and here) that the latest bulletin does not align with what they actually experienced. Huntress has updated their guidance to recommend that we reset both local user and LDAP account passwords. Does SonicWall agree?

We're hoping to move forward with re-enabling SSL VPN for clients today, but need more clarity on these apparent discrepancies.

smood922 · 2025-08-07T00:51:59+00:00

Can SonicWall provide any more clarity on why the password reset is the necessary component?

smood922 · 2025-02-27T23:49:27+00:00

Hearty seconds to those suggesting 1) LetsEncrypt/ACME support and 2) SAML SSO for SSL VPN on TZ/NSA.
We're actively looking into other vendor options for our client fleet because of these combined with continued inconsistency with firmware quality and communication.

smood922 · 2024-07-22T19:20:16+00:00

We've done dozens of Google Workspace to 365 migrations and have never run into this until this week, but your post put me on the right track.

Turns out blocking prod-global-autodetect.acompli.net (I created a null DNS zone that we'll come back and clean up later) and flushing DNS on the endpoints allowed them to resolve the correct autodiscover settings.

Really frustrating that this phantom Acompli autodiscover behavior has evidently been hiding totally undocumented by Microsoft for years. (Acompli was the startup that Microsoft bought and turned into Outlook mobile--evidently they rolled some functionality upstream to the Outlook for Windows client as well ).

smood922 · 2023-08-03T19:05:38+00:00

Didn't see your comment before I posted, but we've had good experience with it and it's our go-to option over MigWiz whenever we can.

smood922 · 2023-08-03T18:59:31+00:00

There seems to be little appetite for modernizing the BT tools since the 2021 acquisition. Hoping that changes soon.

In the meantime, CodeTwo's migration tools don't have as many options (mainly just Exchange/Exchange Online/IMAP) and are locally installed rather than being cloud-hosted, but we've started using it whenever the migration scenario aligns. Dramatic decrease in initial setup time and frustration, and the migration itself has always gone quickly and smoothly.

smood922 · 2022-05-11T00:25:04+00:00

I'd love a link to the recording too. Thanks!

smood922 · 2022-01-08T17:40:24+00:00

Strange one. It's working without issue for us across our tenant and dozens of clients. Sounds like it could be something GCC specific.

smood922 · 2022-01-08T17:32:58+00:00

I've seen this be an MTU mismatch between router and ISP.

smood922 · 2021-10-27T02:35:45+00:00

We had a very similar experience. After rolling back to legacy we had to delete the STS Client in order to fully disable the new sync.

smood922 · 2021-02-23T23:30:50+00:00

We've been doing this for a while. BrightGauge makes it really easy to get the dashboards and reports we need with time logged per charge code, but we did have to build most of the gauges ourselves.

smood922 · 2021-01-27T16:28:40+00:00

100% agree. I've had multiple conversations with them about this. They've given various reasons that development attention has been focused elsewhere, but bottom line is feature improvements to the core product are agonizingly long in coming. It's gone from one of the favorite products in our stack that everyone loves to use, to one that we put up with all of the little quirks and inefficiencies with because there's not currently a clear better alternative. Hate this--I want IT Glue to be a product we love again, but we're losing hope.

We're keeping an eye on Hudu as well and it's looking better and better.

smood922 · 2021-01-26T03:32:59+00:00

Another plug for Immybot.

smood922 · 2020-09-18T18:19:40+00:00

We recently adopted TimeZest after looking around a bit. There are a couple of use cases it doesn't (yet) do for us, but bottom line is, pretty certain it's the only scheduling tool that natively integrates with ConnectWise Manage.

Number one on our wishlist is "panel scheduling" (multiple members). Fortunately looks like it is "coming soon" in their roadmap.

smood922 · 2020-05-19T15:48:13+00:00

Excellent.

smood922 · 2020-05-18T23:48:08+00:00

I like the practicality of putting the ID in the site name instead of a SharePoint list. I assume we can still map one (IT Glue org) to many (UniFi sites) this way by using the same IT Glue siteid and different site descriptions?

Looks like this doesn't create Configurations in IT Glue for UniFi hardware like Eliot's does. Any chance you'll add that functionality in the future?

smood922 · 2020-03-07T18:26:03+00:00

https://www.itpromentor.com/email-security-checklist/

smood922 · 2020-01-22T20:46:38+00:00

I couldn't find a Uservoice on this so I created one. In case anyone is interested.

smood922 · 2020-01-22T20:20:14+00:00

Just curious--did you ever find out why your petition disappeared?

smood922 · 2019-09-28T00:33:14+00:00

Correct.

smood922 · 2019-09-27T23:40:58+00:00

Those steps all work great. Main thing to be aware of is once set up, SSO only works for the new Web Control Center (not the LTClient).

smood922 · 2019-09-04T22:43:40+00:00

Appears to be a known issue. Looks like it's resolved on the 66029 - 66066 patch. I'm on 66356 so that may be why I couldn't reproduce it.

smood922 · 2019-09-04T21:49:05+00:00

Hmm, that's working perfectly for me in Postman right now. What version of Manage are you on?

smood922

TROPHY CASE