Install the WatchGuard Active Directory SSO Exchange Monitor

As an optional part of the WatchGuard Single Sign-On (SSO) solution, you can install the WatchGuard SSO Exchange Monitor.

For OS compatibility information and a detailed explanation of how Exchange Monitor works, go to How Active Directory SSO Works.

Before You Install

On the computer where you install the Exchange Monitor:

  • Microsoft Exchange Server must be installed. For information about which Microsoft Exchange Server versions are compatible with the Exchange Monitor, see the Operating System Compatibility list in the Fireware Release Notes. You can find the Release Notes for your version of Fireware OS on the Fireware Release Notes page of the WatchGuard website.
  • Microsoft .NET Framework v3.5 must be installed if you use Exchange Monitor on a computer that runs Windows Server 2012, Windows Server 2012 R2 and higher, or Microsoft Exchange 2013 and higher
  • Microsoft Exchange IIS logging must be enabled and configured for the W3C Extended log file format
  • TCP port 4136 must be open

Download the SSO Exchange Monitor Software

There are two installer file options for the SSO Exchange Monitor. Make sure to select the correct installer file for your server environment:

  • 64-bit servers — SSOExchangeMonitor_x64.exe
  • 32-bit servers — SSOExchangeMonitor_x86.exe

To download an installer file:

  1. Go to the WatchGuard Software Downloads Center.
  2. Find the software downloads page for your Firebox.
  3. Download the correct WatchGuard Exchange Monitor installer file and save the file to a convenient location.

Install the SSO Exchange Monitor

On the server where your Microsoft Exchange server is installed:

  1. Double-click SSOExchangeMonitor_x64.exe or SSOExchangeMonitor_x86.exe to start the installer.
    To run the installer on some operating systems, you might need to type a local administrator password, or right-click and select Run as administrator.
  2. To install the software, follow the instructions on each page of the installation wizard and complete the wizard.
  3. On the Domain User Credentials page, type the domain user credentials to use for the Exchange Monitor.
    In the Domain User Name text box, make sure to type the user name in the format: domain\username.
    A domain suffix (for example, .com or .net) is optional, but WatchGuard recommends that you include it with the domain name. For example, if your domain is and you use the domain account ssoagent, type\ssoagent
    You can also use the UPN form of the user name: [email protected]. If you use the UPN form of the user name, you must include .com or .net with the domain name.
  4. Click Finish to close the wizard.

When the wizard completes, the WatchGuard Authentication Exchange Monitor service starts automatically. Each time the computer starts, the service starts automatically.

After you complete the Exchange Monitor installation, you must configure the domain settings for the SSO Agent and Exchange Monitor. For more information, go to Configure the SSO Exchange Monitor.

Related Topics

About Active Directory Single Sign-On (SSO)

How Active Directory SSO Works

Configure the SSO Exchange Monitor

Troubleshoot Active Directory SSO