For the last 2-3 weeks, we have received report of auth popup showing up on the user screen. It start going worse and worse until yesterday when even both Webwashe proxy failed the NTLM auth test. After 10-15 minutes, it came back up. Probably that the proxy switch to another of the DC in the list. It start again on one of the proxy that I had to reboot to get thing back up fast. Since then, both proxy are use the same DC and no more popup yet (at least report to the support center).
Where to look: You can look in the errors log and see if any authentication failures are reported. It is somewhat spotty, but this would be the only place to go (MWG7 has special authentication debugging as a result of the features lacking in 7)
Diagnostics: run a tcpdump on port 445 (tcpdump -s 0 -i any port 445 -w filename.cap) -- do NOT post it here, open a case
NTLM Cache: You can activate this but I'm not sure it will have too much impact, please leave it at the default value, which I believe it 10 seconds... or 30 seconds.
I would also recommend checking your settings on MWG for how you have it joined to the domain. See link below:
My description applies to MWG6 as well as MWG7.
Hope this helps,
The 2 proxy have been joined to the domain/Forest for a long time and working properly. I have the feeling that on of the DC is having dificulty. Both proxy now point to another DC (to GC in fact) and no more popup report. Look like the DC was degrading to me.
In fact, I found only one error link to DC
[26/Sep/2012:08:09:07 -0400] NTLM: Domain '-----' DC '------.com': Can't connect to DC
But I just found a new error for me:
Avira: Unable to locate a valid Avira update under antivirus folder
If the Avira engine is not showing up in mylicence and is not activate, why this error or, is it just an information msg???
Given that you found that error in the logs, I would guess it is indeed a DC issue.
Regarding the avira messages, they are just informational, you would have had to manually enabled the Avria engine.
I can't find where to enable the Avira engine... If it's not in my licence items, I presume I am not allow or has it been made available to all that have the AntiMalware Module?
Finally found the reference in the 6.9 Upgrade guide... Avira is active now...
https://contentsecurity.mcafee.com/documentation_mwg6 , Section - Upgrade Guide
Ce message a été modifié par: DBO on 28/09/12 16:09:22 CDT