i have a webwasher 6.9 appliance entegrated with windows domain.
sometimes when we want to open a web page from any proxy client, internet explorer or firefox hang on to open page. however if we try to open web page without proxy it response immediately.
If we restart to webwasher appliance everything returns normal. i found that slow response times occur straight after mcafee automatic updates. so i incresed the auto update schedule hours. Also we upgraded the memory. But this does not resolve the problem exactly.
when i explore the system during trouble, i see a system alert on web console and suddenly it disappear. alert says "these windows domain connections are down or unavailable". these alert seems and disappears periodically.
However on "User Management\Windows Domain Membership" page domain status shows OK. when i try NTLM Authentication test it passed successfully. may be this alert is not releated with our problem.
i am not a linux professional, so i dont know where i excatly look during proxy responses slowly.
could you give me a hint where i must look.
Is anyone able to help cos I just got a similar issue as well. We were running stable until 2 weeks ago when our users experience authentication requests popping up when they were surfing the web.
At the same time, we have 2 DCs configured and there should be failover options but we notice that our NTLM v2 status in the Windows Domain Membership keeps turning from green to black and this status message keeps popping up so we are wondering if the issue is related.
Until now, we still can't get the NTLM v2 status stable.
when the problem occurs please create a feedback on the MWG. You can do this through the UI or, in case it becomes unresponsive, by running the command "/opt/webwasher-csm/bin/feedback.sh -l 2" on the command line (SSH).
The feedback should be provided to support to find out what happened in the moment the issue was showing up.
In regards to NTLM the most important thing to check is whether the connection was setup using host names and not IP addresses. Using IP addresses for talking to the DC will result into unstable connections most likely (there are people where this works, others fail, so better avoid the risk).
You should ensure DNS is working forward/backward for resolving the DCs name/IP. In doubt, adding the DCs name and IP into /etc/hosts may help. But thats just ideas, you should have support look into the data you generated, since only this contains information specific to the issue you encounter.
I have created feedback files, tcpdumps and submitted to the support. But so far no headway on my problem.
DCs are configured using FQDN hostnames. DNS is also configured. Tested ping from webgateway and trace to DCs by IP, netbios, FQDN and the response is good.