Hi.
Our company uses Squid proxy-server (kerberos + ntlm auth). About 1000 Windows-clients authorise perfect but one can't do it (Windows 7).
I enable ntlm and kerberos logs on this workstation and found that OS (any browser - opera, ie) try to call WWW/proxy SPN (which not exists), not HTTP/proxy.
Event 8001 from problem station:
NTLM client blocked audit: Audit outgoing NTLM authentication traffic that would be blocked.Target server: www/10.0.0.3:3128/
Supplied user: user2
Supplied domain: (NULL)
PID of client process: 5532
Name of client process: C:\Program Files\Opera\opera.exe
LUID of client process: 0x27227
User identity of client process: user2
Domain name of user identity of client process: DOMAIN
Mechanism OID: (NULL)
Event 8001 from normally working station:
NTLM client blocked audit: Audit outgoing NTLM authentication traffic that would be blocked.Target server: HTTP/10.0.0.3
Supplied user: (NULL)
Supplied domain: (NULL)
PID of client process: 4880
Name of client process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
LUID of client process: 0x13f790
User identity of client process: user1
Domain name of user identity of client process: DOMAIN
Mechanism OID: (NULL)
Kerberos error example from problem WKS (it's on russian in original -- i translate some field names):
Получено сообщение об ошибке Kerberos:в сеансе входа в систему
Client time:
Server time: 9:34:9.0000 7/9/2014 Z
Error code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Расширенная ошибка:
Сфера клиента:
Имя клиента:
Сфера сервера: DOMAIN.LOCAL
Server name: www/proxy:3128/
Target (?) name: www/proxy:3128/@DOMAIN.LOCAL
Текст ошибки:
Файл: 9
Строка: f09
Данные ошибки в данных записи.
Please, can you explain me, why OS try to use www/proxy SPN, but not http/proxy on this workstation? And how to fix it?
