Hello everyone, how are you?
I have the following problem regarding McAfee Web Gateway:
I have a lot of machines OUT of my Windows domain. Some of them have Windows 10 Anniversary Update 1607 installed.
On those machines, when using Google Chrome or Firefox, the user does not get prompted for username and password.
This information is sent in blank to Web Gateway (IE and Edge the prompt appears normally). Because of that, Web Gateway is failing to proccess those requests and users can't browse when using Chrome or Firefox.
Investigating this issue I found out that the problem only occurs on machines that have either KB3189866 (https://support.microsoft.com/en-us/kb/3189866) or KB3193494 (https://support.microsoft.com/en-us/kb/3193494) installed and are OUT of domain. Machines inside the domain don't prompt users so this problem doesn't happen. Those KBs were released on September 13 and 20, respectively.
When I uninstall those KBs, Chrome and Firefox start to prompt users for username and password, as it should be.
My questions are: Those anyone had the same issue?
Is there any solution to configure on Web Gateway as a workaround to this problem? Removing the KBs is a little difficult because those machines are not in my domain.
Also, I have the same issue with Apple iOS 10 when accessing HTTPS websites (HTTP websites prompt for authentication). The Apple iOS 9 don't have this issue.
Anybody with the same problem too?
Thanks in advance.
Hello guys, how are everyone.. I hope fine.
So, in contact with McAfee Support, I reproduce the problem in my labs and their capture the traffic and show me whats was the problem.
I was using all the time the NTLM Authentication, and, after tests and traffic capture, after the proxy sent the NTLMSSP_CHALLENGE to the browser, google chrome of firefox won't send to the proxy the GET with the "NTLMSSP_AUTH, User". They just jump this request.
How the NTLM auth must occour normally
And how the NTLM Authentication was occour wihout the NTLMSSP_AUTH
I do a test using LDAP authentication, and the problem don't occour. Works fine, even with the Microsoft KB3189866 or KB3193494.
Again, to me, in the McAfee proxy, using the LDAP Authentication, it's work fine... Don't needed uninstall those KBs.
So, what I need to do is use the LDAP Authentication instead NTLM, and wait for Microsoft or the browsers company to fix this problem, because, to machine out of the domain in a large enterprise with remote sites, it's almost impossible to remove the KB and block his installation.
I hope this help someone...
Good night @LL
Thanks to McAfee Support.
Kbolt, good night.
I'm still using NTLM for all the company, it's around 4000 hosts
I have only few machines have this problem, because it's personal notebook with Windows 10 1607, out of domain. So I used LDAP only for these computers using IP Address as "criteria". Of course, to this machines the IP Addres is static.
As workaround, so far all good.... 😃
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center