we are using 2 ntlm-agents (last available version) to preform authentication in our Proxy-HA environment. Although we have set Authentication Cache and Ntlm Cache both to 30min, it looks like every request performs authentication against each of the ntlm-agent. NTLM-agent itself is also configured with 30min cache.
After performing auth twice (once per ntlm-agent), variable Authentication.Authenticate is set to true and content displayed.
Is this the supossed behaviour? Shouldn't it skip those authentications as cache is enabled everywhere possible?
Thank you in advance,
this is expected as any request needs to be authenticated. Please find below the description from Product Guide:
Enable NTLM cache:
When selected, NTLM authentication information is stored in this cache.
Authentication is then based on this stored information, rather on
information retrieved from the Windows domain server.
Use authentication cache
When selected, authentication information is stored in a cache.
Authentication is then based on this stored information, rather than on
information retrieved from an authentication server or the internal user
P.S.: This two authentication entries are related to NTLM Handshake not to your agents, please see more details in this article
For the time period configured in "Authentication cache TTL" and "NTLM cache TTL".
Does TTL meant time after first appearance or after last?
Is it possible to dump the current cache values?
The 3 way handshake between client and proxy must done for each requests.
These values are only for caching the requests to the AD server???
you're right this values are to reduce the traffic and requests sent to your AD. This detailed information will bring some light in the dark:
For the TLL start time I expect the first request. Based on my information it would otherwise never expire.