Sophos XG AD integration problem.
This usually can occur when trying to decommission a Dc server used for AUTH in Sophos XG.
You cant remove such servers if there is still a config pointing to them in Services
Make sure you add the new AD servers in the AUTH or either if you going to remove the authentication .
Step 1 Add the new Servers ( otherwise go step2 if you removing AD AUTH )
Ensure this details are filled up correctly
Server name: Name of the server
Server/ip : domain: Recommended to USE FQDN ( for this your XG must be able to resolve the DC names using a dns )
Connection security: Recommended SSL/TLS + Port 636
Netbios domain: your domain name only ( do not fill it up with .local or other)
Ad username and password for sync
Validate certificate: leave ON
Setup the attributes. In this case is Display name , mail , domain name ( format .local ) and the main query for DC canonical name root
Test that your DC is in sync properly with the button “Test connection”
Step2 Remove the old DCS from Services
Make sure you remove old entries from any authentication and leave only the running servers
Remove entries from Firewall AUTH methods
Repeat steps for “user portal authentication methods ( if applies)
Repeat steps for ipsec /l2tp/pptp ( if applies)
For Administration Methods ( not recommended to use AD here ) – Security Reasons
Once you have setup correctly you will be able to remove the DCS no longer used sucesfully