cancel
Showing results for 
Search instead for 
Did you mean: 
Arild
Level 7

MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

We experience an issue with .NET 3.5 applications (and probably earlier versions), and MWG's proxy authentication.

When we try to retrieve the response from a WebRequest in a .NET 3.5 SP1 application we get the following exception:


System.Net.WebException was unhandled
  Message=The remote server returned an error: (407) Proxy Authentication Required.
  Source=System
  StackTrace:
       at System.Net.HttpWebRequest.GetResponse()
       at ConsoleApplication2010.Program.Main() in C:\temp\ConsoleApplication2010\ConsoleApplication2010\Program.cs:line 13
       at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)
       at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
  InnerException: System.ComponentModel.Win32Exception
       Message=The token supplied to the function is invalid
       Source=System
       ErrorCode=-2147467259
       NativeErrorCode=-2146893048
       StackTrace:
            at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatus& statusCode)
            at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob)
            at System.Net.NtlmClient.DoAuthenticate(String challenge, WebRequest webRequest, ICredentials credentials, Boolean preAuthenticate)
            at System.Net.NtlmClient.Authenticate(String challenge, WebRequest webRequest, ICredentials credentials)
            at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials credentials)
            at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo)
            at System.Net.HttpWebRequest.CheckResubmitForAuth()
            at System.Net.HttpWebRequest.CheckResubmit(Exception& e)
       InnerException:


The applications are configured to use default credentials on the proxy.

This configuration works perfect through another proxy that also requires NTLM authentication (ISA Server 2006).

Visual Studio 2008's start page and online documentation have the same issue with MWG (but works fine through another authenticating proxy).

.NET 4.0 and Visual Studio 2010 on the other hand has no problem with MWG's proxy authentication.

From network traces on the client it can look like it's MWG's "NTLM challenge message" that causes the exception.

The authentication process flows as normal (407 proxy authentication required (NTLMProxy-Connection), NTLM negotiate message, NTLM challenge message) until the client receives MWG's "NTLM challenge message", which it never responds to.


Has anyone experienced the same that we do?

Is this issue known to McAfee?

Has it been investigated?

Any solution?


Our MWG is v.6.8.6, running on Linux, and authentication method is native NTLM.


/Arild.

Message was edited by: Arild on 6/10/10 6:59:54 AM CDT
0 Kudos
1 Solution

Accepted Solutions
asabban
Level 17

Re: MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

Hello,

I think this issue is already known. There is an NTLM Negotiate Flag that is not correctly set by Webwasher 6.x. To verify, can you please create a tcpdump showing one of the failed connections?

Best,

Andre

0 Kudos
9 Replies
asabban
Level 17

Re: MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

Hello,

I think this issue is already known. There is an NTLM Negotiate Flag that is not correctly set by Webwasher 6.x. To verify, can you please create a tcpdump showing one of the failed connections?

Best,

Andre

0 Kudos
Arild
Level 7

Re: MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

Hi Andre,

I can create a tcpdump, but I am not that keen on posting it on a open discussion board.

Is there another way I can deliver it to you?

Regards,

Arild

0 Kudos
asabban
Level 17

Re: MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

Hello,

sure, you can either upload it to a location of your choice or SCP it to our SCP server:

scp.support.securecomputing.com

Login: scp

Password: sunshine

Please drop me a private message with the filename once the upload has been done.

Best,

Andre

0 Kudos
repinel
Level 7

Re: MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

Hi!

I was looking at the problem described and it's just like whats is happening to me.

The major difference is that I don't have access to the source code, I'm just using a third party application... Do you know a good solution?

Thank you!

0 Kudos
McAfee Employee

Re: MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

Based on the description of this issue, and its symptoms, this looks to be fixed in version 6.9.

The release notes can be found at PD23138 (https://kc.mcafee.com/corporate/index?page=content&id=PD23138)

This issue sounds like it would be listed under:

-Flag in the NTLMSSP_NEGOTIATE message (81143)

There is not a workaround as this has to do with the NTLM negociation step, unless you wanted to exempt the application from authentication (see KB64005).

~Jon

0 Kudos
repinel
Level 7

Re: MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

Jon, thank you very much for the reply!

I'll see what I can do about the MWG update.

0 Kudos
donderka
Level 7

Re: MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

I have similar problem to Arild. His description of the problem exactly fits to my problem as well.

The only difference is that I’m using MWG 7.1.0.3.0.11315.

If that problem was fixed in version 6.9 it is possible there is regression between version 6.9 and version 7.1. ? Or this is something new?

Message was edited by: donderka on 8/29/11 10:29:10 AM CDT
0 Kudos
Arild
Level 7

Re: MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

Just pray they will fix it faster for v.7.1, than they did for v.6.8.

It took an impressive year ...

0 Kudos
McAfee Employee

Re: MWG's proxy authentication causes unhandled exception in .NET 3.5 (SP1)

Jump to solution

Speaking to the issue existing 7.1, this should be addressed in it already. If you have an open SR, please let me know and I can check the data out to verify.

It does look like there is an option added in version 7, which addresses this special issue. Under Policy > Settings > Engines > Authentication, then select your settings container which uses "NTLM". There is an option for "Send domain and machine name to the client", check this option and give it a test.

Unfortunately it does look like it took some time for the fix to be released (included in 6.9, but not 6.8).

~Jon

0 Kudos