We have very recently upgraded to 22.214.171.124 from 126.96.36.199. All went well with the excpetion that GUI Administrators can no longer use the GUI.
There are some administrator accounts existing on the local UserDatebase - these users are able to connect to the WebGateway GUI
However most other administrators connect using their Authenticated NTLM credentials.
If you are a member of an Active Directory Global Group on a Domain that is authenicated to the Web Gateway appliances, and that Domain\Group is associated with a WebGateway Role, then we have been able to login to GUI using Domain\UserID and have the permissions associated with the role.
This stopped last night - considering there are 100's of administrators using the Web Gateway cluster that authenticate this way - well we have a problem.
The screen shot below shows when I test the user in CORE Domain, the "Authentication Test Results" show the User to be a member of "CORE\under test group".
Even though "CORE\under test group" is associated with the "Super Administrator" Role, the "Authentication Test Results" indicates to Role is not Mapped.
I have created a work request with McAfee who are investigating this issue as I type - they are been very supportive and doing an excellent job.
It may be something at our end - but just in case this is for the community's imformation.
Thanks for the info above eelsasser - could not seem to make that suggestion work - but I'm Tasmanian after all.
However, McAfee support have provided a work-around - basically remove the Domain reference in the "Authentication Server Group => Role Mapping" section. ie. using above diagram -
"CORE\under test group => Super Administrator" becomes "under test group => Super Administrator"
All now works a treat. This will be addressed with the next update by McAfee
Can I say how impressed I was with the level of support and enthusiasm from the McFee Support Team.