Proxy user fails to browse a website and gets HTTP 500 internal server error when authenticating using NTLM.
search cancel

Proxy user fails to browse a website and gets HTTP 500 internal server error when authenticating using NTLM.

book

Article ID: 219213

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

User fails to browse a website and gets 'page cannot be displayed' or timeout.

User authenticates using NTLM protocol.

User getting HTTP 500 Internal Server error.

 

Environment

Release : 6.7 and 7.x.

Component : Authentication.

Cause

The user or the browser is creating a new TCP session when responding the NTLM Type 3 message.

Below is a packet capture that shows the issue.

Frame 749 - The user starts the NTLM authentication process by sending NTLM Type 1 using source port 51206.
Frame 750 - Proxy responds with NTLM Type 2 using the same source port 51206.
Frame 765 - User responds with NTLM Type 3 that carries the user credentials but uses a different source port (60290).
Frame 767 - Proxy responds with 500 Internal Server error because NTLM authentication breaks due to a different source port used when the user is sending NTLM Type 3.

 

As a comparison, below is the packet capture the shows the working authentication.

Frame 530 - User starts the NTLM authentication process by sending NTLM Type 1 using source port 50137.
Frame 532 - Proxy respond with NTLM Type 2 using the same source port 50137.
Frame 534 - User respond with NTLM Type 3 that carries the user credentials and still using the same source port (50137).
Frame 535 - Proxy respond with 200 OK, no issue with authentication.

 

Resolution

This is not an issue with the proxy.

Further investigation needs to be done on the client side or the network.

Powered by Wolken Software