During IWA or NTLM authentication, Access Gateway agent trace shows error below:

[mm/dd/yyyy][hh:mm:ss][13788][7904][3fcb12eb-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx-dd][SmNtc::getCredentials][Request for  SSPI NTLM using NTLM Map]
[mm/dd/yyyy][hh:mm:ss][13788][7904][3fcb12eb-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx-dd][SmNtc::getCredentialsNTLMMap][SMNTLMCOOKIE  Cookie ID 2c8216b7--xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx--88      ]
[mm/dd/yyyy][hh:mm:ss][13788][7904][3fcb12eb--xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx-dd][SmNtc::getCredentialsNTLMMap][SMNTLMCOOKIE TYPE 3 ]
[mm/dd/yyyy][hh:mm:ss][13788][7904][][CSmSSPIServer::processNTLMRequest][Calling AcceptSecurityContext with handle: (lower) 2589795505712 (upper) 2148786902848]
[mm/dd/yyyy][hh:mm:ss][13788][7904][][CSmSSPIServer::processNTLMRequest][Handle is valid]
[mm/dd/yyyy][hh:mm:ss][13788][7904][][CSmSSPIServer::processNTLMRequest][AcceptSecurityContext returned : 0x80090310]
[mm/dd/yyyy][hh:mm:ss][13788][7904][][CSmSSPIServer::processNTLMRequest][Returned from AcceptSecurityContext with handle: (lower) 2589795505712]
[mm/dd/yyyy][hh:mm:ss][13788][7904][][CSmSSPIServer::processNTLMRequest][Returned from AcceptSecurityContext with handle: (upper) 2148786902848]
[mm/dd/yyyy][hh:mm:ss][13788][7904][3fcb12eb--xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx-dd][SmNtc::getCredentialsNTLMMap][processNTLMRequest Type 3 failed with -2146893040. Proceeding with dummy user]

In browser trace, there was GET /favicon.ico HTTP/1.1 made simultaneously when GET /exmaple/index.html  HTTP/1.1 was called.

This resulted to two SMNTLMCOOKIE were set at the EXACT same second.  This cause confusion on the ntlm request sequence on AD end.

NTLM takes a sequence of steps to authenticate a user, when the authentication message is out of order, authentication will fail.

Adjust ACO ignoreext by adding .ico, and recycle web agent, so that this resource will be skipped from the agent protection.