Answer:
Upgrade to Jespa version 2.0.1 or later.
Versions before Jespa version 2.0.1 do not fully support "Secure RPC" for Netlogon, which produces an error log in Domain controllers due to a recent update tied to CVE-2022-38023. Since April 2023, by default, this leads to EasySSO no longer working.
The event you may see in your Domain Controller event logs:
5840 The Netlogon service created a secure channel with a client with RC4.
For EasySSO, we use the IOPLEX Jespa library to perform NTLM and Kerberos authentication.
IOPLEX has said that this 2.x version will work with "license keys purchased within the last 4 years, from approximately December of 2018". If you might have an older license, please contact us, and we will request a new one before upgrading Jespa
Due to several changes in the IOPLEX Jespa Library, only EasySSO v4.8.9 or later is compatible with Jespa v2.0.1 and later.
To get things sorted just follow the steps below:
- Verify that your Jespa license was delivered after December 2018
- Verify you are using EasySSO v4.8.9 or later
- Download Jespa version 2.0.1 or newer from https://www.ioplex.com/downloads.php
- Upload the new Jespa version into the EasySSO/NTLM/IOPLEX Jespa licensing tab
- Go to the UPM and disable EasySSO
- Re-enable EasySSO to force the Java Virtual Machine to reload the library (especially if the system is under load)