Unexpected authentication pop-ups occur when using NTLM proxy authentication

book

Article ID: 167057

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Unexpected authentication pop-ups occur when using NTLM proxy authentication
Internet Explorer or other browsers may
Event ID 1306 shows up in the CAASNT/BCAAA log

Resolution

There are several reasons why a pop-up may occur with your web browser.  Here is a partial list of reasons:

1.)  This behavior may be the result of a known issue with Internet Explorer that causes an unexpected re-authentication pop-up request on the client when configured for NTLM proxy authentication. Internet Explorer initiates multiple connections (which will also result in a 1306 event id error in the CAASNT/BCAAA log) before successful authentication has occurred for the initial request. The workaround is to reduce client max connections to 1 from the client machine registry.  For additional information, please see Microsoft KB article 312176.

http://support.microsoft.com/default.aspx?scid=kb;[LN];312176

2.)  Only Java 1.4.2_2 and later supports transparent NTLM. For more information please refer to the Java 1.4.2 Release Notes: http://java.sun.com/j2se/1.4.2/ReleaseNotes.html

3.)  Client machine logged into the wrong NT domain (or locally) which results in Internet Explorer sending an unrecognized NT domain name to the proxy.

4.)  Internet Explorer fails to provide credentials because it does not trust the virtual host (transparent proxy) or proxy ip (explicit proxy). In the packet trace, you will see "NULL" as the username and domain.

5.)  If you are seeing this issue with Firefox and not Internet Explorer, then you need to configure Firefox to perform NTLM authentication.  Here are the steps:

  • Type about:config in the URL bar
  • In the search bar type in any part of the item you are looking for (NTLM or Negotiate).  The specific setting is network.automatic-ntlm-auth.allow-proxies .
  • Click on the item you want to change.  In this case, you will want to change network.automatic-ntlm-auth.allow-proxies to true.