cancel
Showing results for 
Search instead for 
Did you mean: 
arielmarlin
Level 7

Issue Web Gateway authentication empty

Hello everyone, how are you?

I have the following problem regarding McAfee Web Gateway:

I have a lot of machines OUT of my Windows domain. Some of them have Windows 10 Anniversary Update 1607 installed.

On those machines, when using Google Chrome or Firefox, the user does not get prompted for username and password.

This information is sent in blank to Web Gateway (IE and Edge the prompt appears normally). Because of that, Web Gateway is failing to proccess those requests and users can't browse when using Chrome or Firefox.

Investigating this issue I found out that the problem only occurs on machines that have either KB3189866 (https://support.microsoft.com/en-us/kb/3189866) or KB3193494 (https://support.microsoft.com/en-us/kb/3193494) installed and are OUT of domain. Machines inside the domain don't prompt users so this problem doesn't happen. Those KBs were released on September 13 and 20, respectively.

When I uninstall those KBs, Chrome and Firefox start to prompt users for username and password, as it should be.

My questions are: Those anyone had the same issue?

Is there any solution to configure on Web Gateway as a workaround to this problem? Removing the KBs is a little difficult because those machines are not in my domain.

Also, I have the same issue with Apple iOS 10 when accessing HTTPS websites (HTTP websites prompt for authentication). The Apple iOS 9 don't have this issue.

Anybody with the same problem too?

Thanks in advance.

0 Kudos
3 Replies
arielmarlin
Level 7

Re: Issue Web Gateway authentication empty

Hello guys, how are everyone.. I hope fine.

So, in contact with McAfee Support, I reproduce the problem in my labs and their capture the traffic and show me whats was the problem.

I was using all the time the NTLM Authentication, and, after tests and traffic capture, after the proxy sent the NTLMSSP_CHALLENGE to the browser, google chrome of firefox won't send to the proxy the GET with the "NTLMSSP_AUTH, User". They just jump this request.

How the NTLM auth must occour normally

auth - Copia.png

And how the NTLM Authentication was occour wihout the NTLMSSP_AUTH

auth 2 - Copia.PNG

I do a test using LDAP authentication, and the problem don't occour. Works fine, even with the Microsoft KB3189866 or KB3193494.

Again, to me, in the McAfee proxy, using the LDAP Authentication, it's work fine... Don't needed uninstall those KBs.

So, what I need to do is use the LDAP Authentication instead NTLM, and wait for Microsoft or the browsers company to fix this problem, because, to machine out of the domain in a large enterprise with remote sites, it's almost impossible to remove the KB and block his installation.

I hope this help someone...

Good night @LL

Thanks to McAfee Support.

kbolt
Level 10

Re: Issue Web Gateway authentication empty

Thanks for this information. I stick to NTLM because it's easier but I imagine I'll need to use LDAP as I may end up in the same situation.

0 Kudos
arielmarlin
Level 7

Re: Issue Web Gateway authentication empty

Kbolt, good night.

I'm still using NTLM for all the company, it's around 4000 hosts

I have only few machines have this problem, because it's personal notebook with Windows 10 1607, out of domain. So I used LDAP only for these computers using IP Address as "criteria". Of course, to this machines the IP Addres is static.

As workaround, so far all good.... =)

0 Kudos