cancel
Showing results for 
Search instead for 
Did you mean: 
importminded
Level 7

NTLM Authentication Breaks

I have a sporadic issue, wherein NTLM authentication simply just stops working.  I currently have 2 domain controllers with the NTLM agent loaded, and the IP addresses of those dc's in the WG7 auth server list.  When authentication stops working, the following steps seems to resolve.

1. removing all but 1 of the dc's in the auth server list on the WG - doesn't matter what one is removed or left in the list.

2. restarting the NTLM agent service.

3. this last time I had to restart the entire appliance.

When authentication is broken, I attempt to test authentication from the WG and receive the following:

Authentication:
ErrorSmiley Surprisedverall Status "STATUS_ERROR":generic error Node "44454C4C-4700-1044-805A-C3C04F444E31" reports STATUS_ERROR_BAD_RESPONSE:co_distribute_admin_authenticate: while reading response - last action: first read

Any help or insight would be greatly appreciated.

Steve

Message was edited by: importminded on 2/3/11 10:15:09 AM CST
0 Kudos
3 Replies
McAfee Employee

Re: NTLM Authentication Breaks

This could be related to https://kc.mcafee.com/corporate/index?page=content&id=KB71102.

Give it a read and let us know if that resolves it.

~Jon

0 Kudos
importminded
Level 7

Re: NTLM Authentication Breaks

Thanks Jon.  This was the issue.  The release from McAfee came out long after the problem started showing itself.  Caused quite a headache for our company with authentication breaking for everyone.  At least it's fixed now.

I do have to ask, you or anyone, how can an update to the GTI Category Web Reputation break NTLM authentication, when the two realms seem completely unrelated???

Thanks,

Steve

0 Kudos
eelsasser
Level 15

Re: NTLM Authentication Breaks

It has to do with the OpenSSL package that's a componenet needed for both. It's used to communicate back to the cloud by the SDK and also to communicate with an NTLM agent or LDAPS server.

0 Kudos