Customer noticed that NTLM authentication was failing when hitting specific BCAAA servers but working fine when the authentication requests was hitting a different BCAAA servers.
Kerberos authentication worked fine via both BCAAA servers.
PCAP simply showed that the proxy was returning a HTTP 500 internal server error to the client
ProxySG eventlog showed a generic message2016-09-13 13:30:25+01:00BST "Unrecognised error reported to authentication agent." 2D 3B0003:1 pe_policy_action_auth_internal.cpp:676
BCAAA windows eventlog was showing 6887.303 [email protected][IWA_Realm]: Error returned from NTLM agent: 0x250129
Enabling BCAAA debug logs (see How do I enable BCAAA debug logging?
) showed that BCAAA was returning the following error[15520:21700] AcceptSecurityContext failure, ContextLink=0x0 count=0, detail=1(Incorrect function.); status=-2146893054:0x80090302:The function requested is not supported