cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Headache related to Authentication windows on Microsoft Internet Explorer/Edge/Chrome Edge)

Jump to solution

Hi everyone,

 

I am now very headache with authentication windows after implementation McAfee Proxy.

The ProxySRV requested to authenticate (via AD Server).

It is OK if using Google chrome.

But in our Company, users requested to use Internet explorer/Egde .

When using Internet explorer/Egde, they have headache as below:

- Cannot save password

- After authentication successfully, authentication windows pop-up many times more (even not yet closing browser)

Someone please help me

 

Thanks

1 Solution

Accepted Solutions

Re: Headache related to Authentication windows on Microsoft Internet Explorer/Edge/Chrome Edge)

Jump to solution

Hi Marcel Kutrieba,

Thank you for your response.

I may know the reason: because I used NTLM, so PC tried to authenticate automatically by the Windows login account.

I will try to change to LDAP, because the account authenticated for web access is different from the Windows login account.

Thanks

 

View solution in original post

5 Replies
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Headache related to Authentication windows on Microsoft Internet Explorer/Edge/Chrome Edge)

Jump to solution

Hello @User38132267,

authentication popups can occur when authentication fails for whatever reason (wrong rule set configuration resulting in an authentication loop, authentication against AD fails, client behaves incorrectly etc.).

We have a community article explaining NTLM authentication which also provides some troubleshooting steps:
https://community.mcafee.com/t5/Enterprise-Documents/Web-Gateway-Understanding-NTLM-and-Windows-Doma...

General best practice articles:
https://community.mcafee.com/t5/Enterprise-Documents/McAfee-Web-Gateway-Best-Practices-and-Common-Sc...

In general, the following needs to be checked:
-authentication rule set
-check with rule trace, tcpdump and authentication debug log

If this information + NTLM article do not help, I would suggest to open a SR and attach feedback file, rule trace, tcpdump authentication debug log as per below.

-------------------------------------------------------

FEEDBACK FILE
1) Navigate to "Troubleshooting" > select the MWG you are testing on > "Feedback"
2) Keep the option "Pause running McAfee Web Gateway to create a backtrace (recommended)" enabled (this will NOT stop any service!)
3) Click the "Create Feedback File" button. This way we get your policy, configuration and debug information.
Via CLI:
# /opt/mwg/bin/feedback.sh -l 2

Pausing the running MWG to perform a backtrace will not stop the service.
Pausing the service simply means that MWG will attempt to gather information about the running MWG services.

Under extreme circumstances it can happen that the users experience interruptions but under normal circumstances this should not cause any interruption to users.

###################

TCPDUMP
1) Navigate to "Troubleshooting" > select the MWG you are testing on > "Packet Tracing"
2) Enter the following parameter: -npi any -s 0 host <clientIP> or host <DC1IP> or host <DC2IP> or...
3) Start the tcpdump, reproduce the issue and stop the tcpdump afterwards
4) Select the tcpdump and click on "Download"

IMPORTANT: Please tell us all IP addresses (client IP, proxy IP, destination IP/URL)

###################

CONNECTION TRACING
1) Navigate to “Configuration” > select the MWG you are testing on > “Troubleshooting”
2) Enable “Enable connection tracing”, “Restrict connection tracing to one IP” and enter the client IP you are testing with
3) Save the changes, reproduce the issue and disable "Enable connection tracing" afterwards
4) Please provide all the files which you find under "Troubleshooting" > "Connection tracing"
To collect the files via SSH:
# cd /opt/mwg/log/debug/
# zip {{SR}}_conntraces.zip connection_tracing/*

###################

RULE TRACE
1) Navigate to "Troubleshooting" > "Rule tracing central"
2) Select the MWG which currently processes your traffic and enter the client IP you are testing with
3) Press the "Go" button, reproduce the issue and stop the rule trace afterwards
4) Click on "Export" > "Export visible traces..."

###################

AUTHENTICATION DEBUG LOG
1) Navigate to "Configuration" > select the MWG you are testing on > "Troubleshooting"
2) Enable "Log authentication events", "Restrict tracing to one IP" and enter the client IP you are testing with
3) Save the changes, reproduce the issue and disable authentication logging afterwards
4) Please provide the "mwg-core_Auth.debug.log", which you will find under "Troubleshooting" > "Log files" > "debug"

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: Headache related to Authentication windows on Microsoft Internet Explorer/Edge/Chrome Edge)

Jump to solution

Dear Marcel Kutrieba,

I already did the trace and trouble shooting. 

Please note that our symptoms as below:

- Use Google chrome --> User authenticated done then user can access web normally, no more authentication pop-up windows (Very good), but when I see the log file, there is still some Failed authentication logging --> I dont know what was failed?

- Use IE --> User authenticated done then user can access web normally, but SOME more authentication pop-up windows (Why it is repeated some times) --> Please help me to check the log file

 

This is really strange, please help me to check.

Best Regards

Cuong

Re: Headache related to Authentication windows on Microsoft Internet Explorer/Edge/Chrome Edge)

Jump to solution

Dear Marcel Kutrieba,

Drill down to the log file, please help me to explain:

Below log are understandable, because I authenticated with user VNGHC-Proxy successfully:

------------------------------------

[2021-03-27 17:06:34.952 +07:00] [1138] NTLM (483345, 6.6.6.8) Authenticated: 1
[2021-03-27 17:06:34.952 +07:00] [1138] NTLM (483345, 6.6.6.8) Method: NTLM
[2021-03-27 17:06:34.952 +07:00] [1138] NTLM (483345, 6.6.6.8) Realm: ad.sws.co.jp
[2021-03-27 17:06:34.952 +07:00] [1138] NTLM (483345, 6.6.6.8) User: VNGHC-Proxy
[2021-03-27 17:06:34.952 +07:00] [1138] NTLM (483345, 6.6.6.8) Groups: Domain Users
[2021-03-27 17:06:34.952 +07:00] [1138] NTLM (483345, 6.6.6.8) Added authentication method: Basic realm="McAfee Web Gateway"
[2021-03-27 17:06:34.953 +07:00] [1138] NTLM (483345, 6.6.6.8) Added authentication method: NTLM

----------------------------------------

 

However, below logs are not understandable, I dont now why there are some failed log that show that failed to authenticate by "Admin" (I never did any authentication by Admin). Can you guess any thing cause this problem, maybe it is the cause that my user need to repeat Authentication.

 

---------------------------------------------------

[2021-03-27 17:19:59.070 +07:00] [1072] NTLM (484549, 6.6.6.8) Failed to authenticate user Admin. Failure status: 1
[2021-03-27 17:19:59.071 +07:00] [1158] NTLM (484549, 6.6.6.8) Authentication didn't return values, failure ID: 3, authentication failed: 1
[2021-03-27 17:19:59.071 +07:00] [1158] NTLM (484549, 6.6.6.8) Added authentication method: Basic realm="McAfee Web Gateway"
[2021-03-27 17:19:59.071 +07:00] [1158] NTLM (484549, 6.6.6.8) Added authentication method: NTLM

--------------------------------------------------------------

 

Best regards

mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: Headache related to Authentication windows on Microsoft Internet Explorer/Edge/Chrome Edge)

Jump to solution

Unfortunately, this information will not help much.

So you can only see that authentication was tried for user Admin and failure ID is 3 which means "wrong password" due to this article:
https://community.mcafee.com/t5/Enterprise-Documents/Web-Gateway-Understanding-LDAP-Authentication/t...

To see what really happened, also other data like feedback file, rule trace and tcpdump and maybe connection trace are needed.

What else you can check:
Do you have any error in dashboard complaining about AD or DC?
Is the status LED green under Configuration > Windows Domain Membership? If red, then MWG has no connection to any configured DC and authentication can technically not happen because this domain membership needs to be resolved first.

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: Headache related to Authentication windows on Microsoft Internet Explorer/Edge/Chrome Edge)

Jump to solution

Hi Marcel Kutrieba,

Thank you for your response.

I may know the reason: because I used NTLM, so PC tried to authenticate automatically by the Windows login account.

I will try to change to LDAP, because the account authenticated for web access is different from the Windows login account.

Thanks

 

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community