cancel
Showing results for 
Search instead for 
Did you mean: 
mmalagni
Level 9

NTLM cache and intermittent NTLM authentication issues

Jump to solution

All,

I'm having some problems with NTLM authentication.

I have 2 appliances load balanced by an external load balancer.

The traffic between the 2 is split eavenly.

FIRST appliance:

first app.png

SECOND Appliance:

second app.png

Another strange thing is that sometimes, only on few machines, I have authentications pop up on clients logged in to the domain.

I tried to enable debug logging for authentication on the second appliance and the result is I've seen lots of the following errors:

Authentication didn't return values, failure ID: 0, authenticationfailed: 0

Authentication didn't return values, failure ID: 8, authenticationfailed: 0

Authentication didn't return values, failure ID: 4, authenticationfailed: 0



Message was edited by: mmalagni on 4/7/14 12:46:31 PM CEST
0 Kudos
1 Solution

Accepted Solutions
mmalagni
Level 9

Re: NTLM cache and intermittent NTLM authentication issues

Jump to solution

NTLM authentication issue:

I verified everything and at the end I found out that the issue was occurring only with old browser version (IE and Firefox)

What I did then I took a trace of the machine and verified that there was a media type application/xcfs (Relatime) that was trying to authenticate.

I created an exclusion at the authentication level for media type and the situation changed a lot.

Regarding the NTLM cache what happened was that around the organization there were lots of installation of NOKIA OVI MANAGER.....

This tool was doing thousand of authentication (failing because NTLm authentication is not supported)

Put ovi.nokia.com website in blacklist sort out the issue....

0 Kudos
4 Replies
McAfee Employee

Re: NTLM cache and intermittent NTLM authentication issues

Jump to solution

Hi,

0,0

4,0

Dont indicate an issue (as authentication did not fail).

8,0 indicates there might have been a problem talking to the DC.

On the problem machines, is it constant or intermittent? if contstant, I would check the users "stored usernames and passwords" on the problem machines.

http://support.microsoft.com/kb/306992

http://windows.microsoft.com/en-us/windows-vista/manage-stored-passwords

Best,

Jon

0 Kudos
mmalagni
Level 9

Re: NTLM cache and intermittent NTLM authentication issues

Jump to solution

Hi Jon,

unfortunately the issue is intermittent...

I already checked against stored password...

Best,

M.

0 Kudos
apta
Level 9

Re: NTLM cache and intermittent NTLM authentication issues

Jump to solution

Hi,

Even i had the same issue, i have rejoined both the DCs(Which i used) by completly removing it from MWG-->Config-->Windows Domain membership (Down time required). And even try to capture wireshark logs in client PC when the issue arrives it will help u alot.

Also verify whether system is really  into domain ( run+cmd and set).

Best,...

Apta

Message was edited by: apta on 4/10/14 2:27:03 AM CDT

Message was edited by: apta on 4/10/14 2:29:02 AM CDT
0 Kudos
mmalagni
Level 9

Re: NTLM cache and intermittent NTLM authentication issues

Jump to solution

NTLM authentication issue:

I verified everything and at the end I found out that the issue was occurring only with old browser version (IE and Firefox)

What I did then I took a trace of the machine and verified that there was a media type application/xcfs (Relatime) that was trying to authenticate.

I created an exclusion at the authentication level for media type and the situation changed a lot.

Regarding the NTLM cache what happened was that around the organization there were lots of installation of NOKIA OVI MANAGER.....

This tool was doing thousand of authentication (failing because NTLm authentication is not supported)

Put ovi.nokia.com website in blacklist sort out the issue....

0 Kudos