NTLM/Kerberos authenticating device instead of user

Question

So since today only, we are having a strange issue, where users are getting authenticated by devices instead of username. 
 This is how it should look, and for most users it is correct it seems. 
 
 So the above, its basically their username@company.net which works fine. 
 But some users are getting authenticated by device, like this: 
 
 I've never seen this before, but its blocking all web access since we use web policies that block web access if the user is not in specific AD groups. Obviously as a computer object, these are not going to be in the correct groups. 
 Any reason this would be happening? Seems to happen more in Chrome than other browsers too.

Vishal_R · Answer

Hi David Ashcroft , Below could be possible reason: If a device connects to the Internet before a user logs in (for example, for an Anti Virus Update or a Windows System Update) or any other request, it is considered as a valid NTLM request. In this case, XG webproxy/auth service prompts the device for authentication, to which the device responds with an NTLM Negotiate Message. This message contains the Machine Name and credentials using which it authenticates with (NTLM Server). This is the possible reason, XG takes up the device&rsquo;s Machine Name as the username, and hence you see the Machine Name in the Live Users list. 
 Once the user logs in, Browse the traffic from browser- the Machine Name should/must get replaced by the actual username. If this is not happening then this required support investigation with required services in debug to confirm more on issue.

NTLM/Kerberos authenticating device instead of user

Top Replies