I'm using an SA2500. We perviously used the localDB user accounts in an early implementation. Now using AD. When localDB was in effect (forced via sign in page), a user launching the URL to the page loaded fast and host checker ran/loaded "after" the login attempt.
Now with AD, the Host Checker runs "before" sign in attempt. While I think this is great from a security perspective because it does not allow a login attempt before HC passes and in theory wards web crawls and the like, it does seem like an issue to the user due to ~20-30sec page load and sometimes browser non-responsive, the complaints ensue. W
hile still trying to strike the best balance on what to do, did I configure something wrong when the host checker is now running first with AD? or is that a known behavior change when using AD?
Any info is very much appriciated, Thanks in Advance.
behavior shouldn't have changed by changing only authentication server.
The most likely reason for it is that you did enable host-checker enforcement on realm-basis during the transition from local to ad authentication server.
If you aren't using OTC/OTP and or certificates (Hardware-Tokens) for authentication then I would strongly recommend to let the host-checker scan the machine prior to entering username/password.
chances are high that this is due to using AD/NT for authorization. did you make any changes to your host checker policies when you made the switch? check your policy trace for timimgs.
There is no behavior change when using local db and AD
You can evaluate HC at REALM level and enforce at ROLE level
Here HC will evaluate only at REALM and then enforce at role
You can evaluate and enforce the HC policy at REALM level
So which setup are you using?