cancel
Showing results for 
Search instead for 
Did you mean: 
Regis
Level 12

Authentication prompt issue since upgrade to 7.3.2.2 ?

Got a bit of a weird one here and just curious if anyone else has seen it as I work with support on it.

I have a handful of users who are getting repeatedly prompted for proxy auth on https sites like google.com and doubleclick.net  now since a 7.2.0.1 to 7.3.2.2 upgrade over the weekend.  Chome/Firefox/IE all behave the same.   The only thing that changed over the weekend was the level of MWG code as far as we can tell.   We use the try auth rule which is supposed to fail open anyway, unless I've been given the wrong impression on how that's supposed to work.  Captures suggest that it's the client side RST'ing the connection after a few 407 auth requests from the proxy.

The vast marjority of domain users are just fine.    And this same set of rules worked fine under 7.2.0.1 for quite some time.

A small group of web developers who have server 2008 R2 as a desktop platform seem to be affected.  Other 2008R2 boxes seems fine.  One user on a win7 box appears to be affected as well.    Rebooting is no help nor is reinstalling the browsers.    I'm gathering more details and will update the thread as I learn more.

Message was edited by: Regis on 8/12/13 10:44:44 AM CDT
0 Kudos
3 Replies
McAfee Employee

Re: Authentication prompt issue since upgrade to 7.3.2.2 ?

Hi Regis,

I took a quick look at the case and it appeared that the user was not on the domain, and the MWG did not appear to be rejecting any of the credentials (MWG would send a 407, but the client would not even attempt to respond with NTLM type 1 response).

Best,

Jon

0 Kudos
Regis
Level 12

Re: Authentication prompt issue since upgrade to 7.3.2.2 ?

Jon Scholten wrote:

Hi Regis,

I took a quick look at the case and it appeared that the user was not on the domain, and the MWG did not appear to be rejecting any of the credentials (MWG would send a 407, but the client would not even attempt to respond with NTLM type 1 response).

Best,

Jon

Hi Jon,   thanks for the reply/look.   The most recent capture happened to be one of a group of users in another domain.  Interestingly, several of that person's coworkers ... don't have this problem for reasons I can't narrow down.

The other group that's having a problem is one that I believe authenticates to the same domain the MWG's are in, but doesn't take any GPO from that domain (and they're on Server 2008R2 machines as desktops).

But...  none of them had this issue in the prior 7.2.0.1 mwg code apparently.  

Did 7.3.2.2  change things on this front to explain that difference or perhaps did Microsoft push anything recently than changed the client response behavior I wonder? I'm ignorant of the ntlm auth details.

0 Kudos
McAfee Employee

Re: Authentication prompt issue since upgrade to 7.3.2.2 ?

As far as the MWG NTLM exchange with the client, there isnt much that could change.

A normal NTLM exchange can be see in my auth document:

https://community.mcafee.com/docs/DOC-4384#Technical_Details__Attachments

https://community.mcafee.com/servlet/JiveServlet/download/4384-2-61924/1.5.0_directproxy_ntlm.pcap.z...

I'll follow up with the case own to see if he's seen anything new in the new data.

Best,

jon

0 Kudos