locked
OS chooses WWW SPN for proxy instead of HTTP RRS feed

  • Question

  • Hi.

    Our company uses Squid proxy-server (kerberos + ntlm auth). About 1000 Windows-clients authorise perfect but one can't do it (Windows 7). 

    I enable ntlm and kerberos logs on this workstation and found that OS (any browser - opera, ie) try to call WWW/proxy SPN (which not exists), not HTTP/proxy.

    Event 8001 from problem station:

    NTLM client blocked audit: Audit outgoing NTLM authentication traffic that would be blocked.
    Target server: www/10.0.0.3:3128/
    Supplied user: user2
    Supplied domain: (NULL)
    PID of client process: 5532
    Name of client process: C:\Program Files\Opera\opera.exe
    LUID of client process: 0x27227
    User identity of client process: user2
    Domain name of user identity of client process: DOMAIN
    Mechanism OID: (NULL)

    Event 8001 from normally working station:

    NTLM client blocked audit: Audit outgoing NTLM authentication traffic that would be blocked.
    Target server: HTTP/10.0.0.3
    Supplied user: (NULL)
    Supplied domain: (NULL)
    PID of client process: 4880
    Name of client process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    LUID of client process: 0x13f790
    User identity of client process: user1
    Domain name of user identity of client process: DOMAIN
    Mechanism OID: (NULL)

    Kerberos error example from problem WKS (it's on russian in original -- i translate some field names):

    Получено сообщение об ошибке Kerberos:
     в сеансе входа в систему 
     Client time: 
     Server time: 9:34:9.0000 7/9/2014 Z
     Error code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
     Расширенная ошибка: 
     Сфера клиента: 
     Имя клиента: 
     Сфера сервера: DOMAIN.LOCAL
     Server name: www/proxy:3128/
     Target (?) name: www/proxy:3128/@DOMAIN.LOCAL
     Текст ошибки: 
     Файл: 9
     Строка: f09
     Данные ошибки в данных записи.

    Please, can you explain me, why OS try to use www/proxy SPN, but not http/proxy on this workstation? And how to fix it?

    Monday, July 14, 2014 1:29 PM

Answers

  • Hi,

    Try to use the group policy to set up again, then on the client, take a GPupdate /force and then check the results.

    Rgds

    • Marked as answer by Karen Hu Tuesday, July 22, 2014 9:02 AM
    Saturday, July 19, 2014 3:01 AM

All replies

  • Hi,

    Apologize to say that I am also confused with the proxy settings on the problematic computer. How we configured the proxy settings here? Through group policy?

    Besides, please take a look at the following technet blog for NTLM auditing and troubleshooting:

    NTLM Blocking and You: Application Analysis and Auditing Methodologies in Windows 7

    For the Kerberos error, see if the following TechNet WIKI would help here:

    Kerberos Error Code 0x7: KDC_ERR_S_PRINCIPAL_UNKNOWN (dsforum2wiki)

    Best regards


    Michael Shao
    TechNet Community Support

    Wednesday, July 16, 2014 2:58 AM
  • > Besides, please take a look at the following technet blog for NTLM auditing and troubleshooting:

    > NTLM Blocking and You: Application Analysis and Auditing Methodologies in Windows 7

    I used this article to enable NTLM auth logging...

    At first time proxy settings were setted up using GPO (like on another hosts), after I manually changed it in Internet Settings (Control Panel) -- i try to use domain name of proxy and it's ip. Error is the same.

    The only thing I haven't try yet -- use Foxyproxy or smth similar.

    Wednesday, July 16, 2014 7:22 AM
  • Hi,

    Try to use the group policy to set up again, then on the client, take a GPupdate /force and then check the results.

    Rgds

    • Marked as answer by Karen Hu Tuesday, July 22, 2014 9:02 AM
    Saturday, July 19, 2014 3:01 AM