NTLMv2 authentication on proxy server (MS ISA 2006)
932364Jun 11 2012 — edited Nov 16 2012Hello,
We experience the following problem in our environment:
If someone opens a website with a java applet on a Windows 7 client (64 bit), a window appears with an authentication request against the proxy server.
The authentication with the correct credentials fails.
On a Windows XP client, the applet loads/starts without any problems.
We currently use Java 6 with Update 23 (32 bit). We also tried the most recent Java 6 Update and Java 7, but this didn't change the behaviour.
Our proxy server is Microsoft ISA 2006. The following authentication methods are configured: Negotiate and NTLM
Our clients use standard settings for authentication.
We tried several things and come to the following conclusion:
Win7 tries to authenticate with NTLMv2, which fails. If we change the authentication method to NTLM (v1), Java can authenticate (with the logged on user) and the problem disappears.
A network trace with NTLMv2 shows the following process:
Java tries to load a web site -> proxy denies and says he needs authentication -> Java sends an NTLM Negotiate -> proxy replies with challenge
But then Java again tries to load a web site without authentication!
The network trace with NTLM (v1) shows the following:
website loading without auth -> proxy denies -> Java sends NTLM Negotiate -> proxy replies with challenge -> Java authenticates
If you want to know more about NTLM authentication go to: http://technet.microsoft.com/es-es/magazine/2006.08.securitywatch%28en-us%29.aspx
Does anyone experience this behaviour in a similar environment?
Does anyone know a solution to this problem, other than changing to NTLM(v1)?
I appreciate your replies.
Regards
Edited by: 929361 on 11.06.2012 22:31
Edited by: 929361 on 11.06.2012 22:46