Kerberos authentication issue when using Microsoft Teams desktop client
We are currently facing Kerberos authentication issue when using Microsoft Teams Desktop client via our Web Gateways v8.2.15. As a matter of fact when we take a Wireshark capture, we see the first connect sent by the client to which the proxy responds with a "HTTP 407 authentication required". Then the client sends another connect with a Kerberos ticket but for some reason the proxy does not authenticate it, it sends another HTTP 407 instead .
Kerberos authentication works with a browser though. Microsoft Teams client uses the same workstation Kerberos ticket as the browser. We checked that the ticket used is valid and issued for the right service in the right Realm as well.
The only difference we noticed when comparing with a browser is that, Teams client sends the second connect with the kerberos ticket in the same tcp session as the first one whereas with a browser, after the proxy sends the HTTP407, it closes the session and opens a new when on which the second connect is sent with the Kerberos ticket.
We also noticed in the HTTP407 sent from the proxy, that "Proxy-Connection: Close", this might explain why the proxy dos not take into account the second connect sent by teams client as it expects it to open a new session ?
Could you please help us understand/confirm why the proxy is behaving this way with Teams desktop client ? Is there a way to modify the header to "Proxy-Connection: keep-alive" ?
I can provide you with the Wireshark captures and will be available for a troubleshoot session as well.
Many thanks in advance.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.