Cisco Cisco Web Security Appliance S670 User Guide
A-2
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Authentication Problems
For descriptions of these fields, see
.
For configuration instructions, see
and
Authentication Problems
•
•
•
•
•
•
Also see:
–
–
–
–
Troubleshooting Tools for Authentication Issues
KerbTray or klist (both part of the Windows Server Resources Kit) for viewing and purging a Kerberos
ticket cache.
ticket cache.
for viewing and editing an Active directory. Wireshark is a
packet analyzer you can use for network troubleshooting.
Failed Authentication Impacts Normal Operations
When certain user agents or applications fail to authenticate and are denied access, they repeatedly send
requests to the Web Security appliance, which in turn repeatedly sends requests to the Active Directory
servers with machine credentials, sometimes to the point of impacting normal operations.
requests to the Web Security appliance, which in turn repeatedly sends requests to the Active Directory
servers with machine credentials, sometimes to the point of impacting normal operations.
For best results, bypass authentication with these user agents. See
.
LDAP Problems
•
•
LDAP User Fails Authentication due to NTLMSSP
LDAP servers do not support NTLMSSP. Some client applications, such as Internet Explorer, always
choose NTLMSSP when given a choice between NTLMSSP and Basic. When all of the following
conditions are true, the user will fail authentication:
choose NTLMSSP when given a choice between NTLMSSP and Basic. When all of the following
conditions are true, the user will fail authentication: