Hello, Some customers complain that when auth. is disabled on proxy and it is tunneled to web server with the client opting for NTLM auth., it does not work. It continuously displays 401 screen of the web server with realm="" on FF latest. If you enter correct or wrong credential, it repops the same. If you click on cancel, it displays a working dialog box for once with successful login to OWA (which btw has SSL disabled). But the css and the right frame shows 404. Here is the working direct access to same NTLM session with FF2 latest. (BTW, it's the same with IE):
GET /exchange/ HTTP/1.1 Host: owa.bse-electronic.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 ,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 401 Accès refusé Server: Microsoft-IIS/5.0 Date: Thu, 13 Mar 2008 15:24:11 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="owa.bse-electronic.com" Connection: close Content-Length: 21 Content-Type: text/html ---------------------------------------------------------- http://owa.bse-electronic.com/exchange/ GET /exchange/ HTTP/1.1 Host: owa.bse-electronic.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 ,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= HTTP/1.x 401 Accès refusé Server: Microsoft-IIS/5.0 Date: Thu, 13 Mar 2008 15:24:11 GMT WWW-Authenticate: NTLM TlRMTVNTUAACAAAAEAAQADgAAAAFgokC8VYpuz2s8SIAAAAAAAAAAGoAagBIAAAABQCTCAAAAA9CAFMARQBfAEUATABFAEMAAgAQAEIAUwBFAF8ARQBMAEUAQwABABIAQgBTAEUAUwBWAE0AWAAwADEABAAQAGIAcwBlAC4AcAByAGkAdgADACQAYgBzAGUAcwB2AG0AeAAwADEALgBiAHMAZQAuAHAAcgBpAHYAAAAAAA== Content-Length: 21 Content-Type: text/html ---------------------------------------------------------- http://owa.bse-electronic.com/exchange/ GET /exchange/ HTTP/1.1 Host: owa.bse-electronic.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 ,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGwAAAAYABgAhAAAABAAEABAAAAAEAAQAFAAAAAMAAwAYAAAAAAAAAAAAAAABYIIAGIAcwBlAF8AZQBsAGUAYwBiAGUAcgB0AGgAaQBlAHIARgBTAFQALQBQAEMAUarbyBJsZtQAAAAAAAAAAAAAAAAAAAAAbCFXau+34aWkUUfX4Vij+pk+Cycz/sGL HTTP/1.x 200 OK Server: Microsoft-IIS/5.0 Date: Thu, 13 Mar 2008 15:24:11 GMT X-Powered-By: ASP.NET Set-Cookie: sessionid=f16c7fbb-8272-4539-9e19-4b94ed2b26d5:0x409; path=/exchange/ Content-Type: text/html Content-Length: 1154 MS-WebStorage: 6.5.7226 Cache-Control: no-cache ---------------------------------------------------------- Now thorugh IQRP, it's as this: http://localhost/exchange GET /exchange HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 ,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; ASPSESSIONIDSAATQSDA=CJFDAKHCKBDBPHLBBFJAHHPJ HTTP/1.x 401 Accès refusé Set-Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; PATH=/; EXPIRES=Thu, 20 Mar 2008 15:42:25 GMT; Server: Fastream IQ Reverse Proxy 1.6.2R Date: Thu, 13 Mar 2008 15:46:59 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="owa.bse-electronic.com" Connection: keep-alive Content-Length: 23 Content-Type: text/html ---------------------------------------------------------- http://localhost/exchange GET /exchange HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 ,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; ASPSESSIONIDSAATQSDA=CJFDAKHCKBDBPHLBBFJAHHPJ Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= HTTP/1.x 401 Accès refusé Set-Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; PATH=/; EXPIRES=Thu, 20 Mar 2008 15:44:51 GMT; Server: Fastream IQ Reverse Proxy 1.6.2R Date: Thu, 13 Mar 2008 15:49:23 GMT WWW-Authenticate: NTLM TlRMTVNTUAACAAAAEAAQADgAAAAFgokCKRW5KceUxnoAAAAAAAAAAGoAagBIAAAABQCTCAAAAA9CAFMARQBfAEUATABFAEMAAgAQAEIAUwBFAF8ARQBMAEUAQwABABIAQgBTAEUAUwBWAE0AWAAwADEABAAQAGIAcwBlAC4AcAByAGkAdgADACQAYgBzAGUAcwB2AG0AeAAwADEALgBiAHMAZQAuAHAAcgBpAHYAAAAAAA== Content-Length: 23 Content-Type: text/html Connection: keep-alive ---------------------------------------------------------- http://localhost/exchange GET /exchange HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 ,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; ASPSESSIONIDSAATQSDA=CJFDAKHCKBDBPHLBBFJAHHPJ Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGwAAAAYABgAhAAAABAAEABAAAAAEAAQAFAAAAAMAAwAYAAAAAAAAAAAAAAABYIIAGIAcwBlAF8AZQBsAGUAYwBiAGUAcgB0AGgAaQBlAHIARgBTAFQALQBQAEMAuDRoY5vm7JsAAAAAAAAAAAAAAAAAAAAAWMq4+peniVTGiP7QADIE0xaTGReIk9D2 HTTP/1.x 401 Accès refusé Set-Cookie: IQDomain=78A08D0CB479AEF16CBF5DFB902F8B2C; PATH=/; EXPIRES=Thu, 20 Mar 2008 15:44:53 GMT; Server: Fastream IQ Reverse Proxy 1.6.2R Date: Thu, 13 Mar 2008 15:49:29 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="owa.bse-electronic.com" Connection: keep-alive Content-Length: 23 Content-Type: text/html ---------------------------------------------------------- Please help. You can find IQRP latest object code here: http://www.fastream.net/IQReverseProxy.exe The OWA listed above is open to my IP only but you should be getting the idea from above, IMHO... Best Regards, SZ -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
