ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Google Chrome prompts for credentials using NTLM in transparent IWA (Direct/BCAAA) deployment with SSL interception


Article ID: 169143


Updated On:


Asset Management Solution Data Center Security Monitoring Edition ProxySG Software - SGOS


Before applying the fix provided in this article, refer to:

  • KB article 000027763 to configure transparent authentication while doing SSL Interception with a Microsoft PKI
  • KB article KB3930 if you are using a self-signed certificate

This article was written using the following software for testing:

  • SGOS and
  • Windows 2008 Enterprise Server SP2 PKI.
  • Google Chrome 52.0.2743.82 m​

Google Chrome prompts for authentication credentials while the address bar in the browser displays the virtual URL used for authentication.


    When the name of your ProxySG appliance must be within your Trusted Sites due to your network deployment structure, the default option for User Authentication in the Trusted Sites Security Settings is set to "Automatic logon only in Intranet zone", which excludes sites located in the Trusted Sites. Thus, the browser prompts for credentials.



    Change the User Authentication mode in the Trusted Sites Security settings.

    1. In Internet Options, select Security > Trusted Sites > Custom level > User Authentication - Logon.
    2. Select Automatic logon with current user name and password.
    3. Save the changes.