After connecting Artica with kerberos to the Active Directory, browsers display authenticate popups in Proxy events the following error is displayed :
kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}
If your computer connects to the proxy from outside the Microsoft domain, please note the following information
In real-time requests you can see these entries
¶ Check 1: Use the full hostname in browsers
Most probably you have configured your proxy as IP address and Kerberos requires proxy to be set as FQDN in browser.
In the browser configuration, make sure you have defined the proxy address as proxy.server.name
 |
 |
¶ Check 2: Only computers as member of domain.
If your computer is not joined to the domain, the Kerberos authentication is not supported.
¶ Check 3: Check time
Verify that the time zone is correctly set
¶ Check 4: Administrator account
It is more efficient if you use a real user session instead of the “Administrator” account.
¶ Check5: Verify the SPN
The Service Principal Name (SPN) is a name in Active Directory that a client uses to uniquely identify an instance of a service.
An SPN combines a service name with a computer and user account to form a type of service ID.
On your Windows Active Directory type setspn -L [your artica server name]
You must see the “host” and the “HTTP” service of your connected Artica server