We still get 2-6 calls per day from staff who get denied access to non-blocked pages, and I can see 1-2 dozen corresponding Web log entries where the username is blank ("-"). The user logs out and back into the same Citrix server and everything is fine. No patterns I can find, just occasional NTLM hiccup, and only on Citrix servers with IE8 loaded.
We also occasionally get this. We have 3 domain controllers, and I have to enter a different domain controller and click "Join Domain" under the NTLM Authentication Service tab to get authentication to start working again. No pattern, rhyme, or reason as to why we get this.
We run a 410 inline in hybrid mode (PC users authenticated by LDAP, Citrix users authenticated by NTLM). We set the proxy settings for the Citrix users via Group Policy, and the Citrix farm is set to assign Virtual IP addresses to each user. This has been working fine for us since last year.We recently began upgrading the Citrix servers from IE6 to IE8, but stopped when we found that sometimes a user would be presented the Barracada "Access Denied" screen and request their credentials. This us seeminly random - it does not happen to specific users, to specific servers, or at specific intervals - and just to the newly upgrade IE8 systems. When we look in the Domain Controller event logs, we see that the users have received a valid virtual IP address. When we look at the Barracuda log, we see the IP address of the request but the user name is blank (shows a "dash" in the log).Barracuda looked at this and suggested that this might be my problem: http://support.citrix.com/article/CTX120856 - I used GPO to add the Barracuda to the "Trusted Sites" in IE for all Citrix users, but it did not make a difference.Has anyone else seen this, or possibly have an explanation as to what would have changed in IE8 to possibly make NTLM authentication not always work?Thank you!
Does that timeout ever expire? For instance, if I set it to 30 minutes for a site, is the user ever able to visit that site again after the 30 minutes are up? I'm hoping that the timeout eventually DOES expire (ideally daily) so that I can limit access to these sites for a short period each day.If the timeout setting means that the user can never connect to that site again after the limit has been reached, is there another means within the Barracuda that would allow me to configure a daily time limit to sites by user?Thanks!
Brand new Barracuda user and first time posting here...Does the "Warned Activity Timeout" reset itself after some period of time? I'd like to have some way to give users a limited amount of time per day to access certain web pages - ideally, I would set these sites to "Warned" and the user would not be able to access the site(s) until the next day (or 24-hour period) once their time has been exceeded.Any thoughts would be appreciated!