I have a sporadic issue, wherein NTLM authentication simply just stops working. I currently have 2 domain controllers with the NTLM agent loaded, and the IP addresses of those dc's in the WG7 auth server list. When authentication stops working, the following steps seems to resolve.
1. removing all but 1 of the dc's in the auth server list on the WG - doesn't matter what one is removed or left in the list.
2. restarting the NTLM agent service.
3. this last time I had to restart the entire appliance.
When authentication is broken, I attempt to test authentication from the WG and receive the following:
Errorverall Status "STATUS_ERROR":generic error Node "44454C4C-4700-1044-805A-C3C04F444E31" reports STATUS_ERROR_BAD_RESPONSE:co_distribute_admin_authenticate: while reading response - last action: first read
Any help or insight would be greatly appreciated.
SteveMessage was edited by: importminded on 2/3/11 10:15:09 AM CST
Thanks Jon. This was the issue. The release from McAfee came out long after the problem started showing itself. Caused quite a headache for our company with authentication breaking for everyone. At least it's fixed now.
I do have to ask, you or anyone, how can an update to the GTI Category Web Reputation break NTLM authentication, when the two realms seem completely unrelated???
It has to do with the OpenSSL package that's a componenet needed for both. It's used to communicate back to the cloud by the SDK and also to communicate with an NTLM agent or LDAPS server.