Frequently asked questions
The following table lists frequently asked operational questions and their answers.
General
| Question | Answer |
|---|---|
| The OU names in the active directory include blank spaces. How can the LDAP path be specified in the configuration? | Special characters in the LDAP path that are not "URL-safe" (e.g. blank spaces) must be escaped as described in RFC 2255. Blank spaces must therefore be replaced with "%20". Example : PythonOption PDC ldap:///192.168.0.49/DC=dig%20this,DC=i%20can%20add%20spaces,DC=net |
Upgrade AGW Version 3.0 to 3.1
| Question | Answer |
|---|---|
| Does the switch to Kerberos have to be done on the existing AGW? Or do I have to deploy the new AGW version and join the AD? | Yes, the switch must be done on the existing AGW. AGW version 3.1 will be installed later as a 1:1 replacement, where the configuration will be taken over. |
| For Kerberos, the AGW must have a basic configuration so that I can access the web GUI and the AGW can be joined to the AD. When I import the AGW backup to the new AGW at the time of migration, what will be transferred? Will the host name be overwritten? | The migration is a 1:1 replacement of the existing AGW VM. All data, except for the host name and IP address, is imported from the backup into the new VM. It is therefore important that the new VM uses the same IP and host name as the existing AGW so that AD Join and Kerberos can continue to function. |
| NTLM is still enabled on our HIN AGW. If I join the AGW to our domain and switch to Kerberos, this shouldn't cause any disruption, right? | If there is an interruption in AGW functionality, all valid sessions will continue to run and you can still log in ‘manually’ at any time with your HIN ID to start a new session. This means you are not simply offline. Provided that the browser and AD settings required for Kerberos have been correctly distributed in advance, there will be no interruption during the changeover. After switching over, you should test whether authentication via Kerberos is working correctly. If necessary, you can switch back to NTLM while investigating the cause. |