We run a 410 inline in hybrid mode (PC users authenticated by LDAP, Citrix users authenticated by NTLM). We set the proxy settings for the Citrix users via Group Policy, and the Citrix farm is set to assign Virtual IP addresses to each user. This has been working fine for us since last year.We recently began upgrading the Citrix servers from IE6 to IE8, but stopped when we found that sometimes a user would be presented the Barracada "Access Denied" screen and request their credentials. This us seeminly random - it does not happen to specific users, to specific servers, or at specific intervals - and just to the newly upgrade IE8 systems. When we look in the Domain Controller event logs, we see that the users have received a valid virtual IP address. When we look at the Barracuda log, we see the IP address of the request but the user name is blank (shows a "dash" in the log).Barracuda looked at this and suggested that this might be my problem: http://support.citrix.com/article/CTX120856 - I used GPO to add the Barracuda to the "Trusted Sites" in IE for all Citrix users, but it did not make a difference.Has anyone else seen this, or possibly have an explanation as to what would have changed in IE8 to possibly make NTLM authentication not always work?Thank you!
Installing IE8 causes some NTLM authentication failures
1 reply to this topic
Posted 25 May 2010 - 08:57 AM
We still get 2-6 calls per day from staff who get denied access to non-blocked pages, and I can see 1-2 dozen corresponding Web log entries where the username is blank ("-"). The user logs out and back into the same Citrix server and everything is fine. No patterns I can find, just occasional NTLM hiccup, and only on Citrix servers with IE8 loaded.