shortly after having implemented a pair of S650s we started to run into problems with unwanted auth. popup windows that would appear every now and then.
Even though we have already opened a ticket and the Support Team is working hard on getting the issue resolved I'd still like to share our experiences with the rest of you to see if anyone else has run into a similar problem yet.
- Two S650s running in "failover-mode" by a hand-made wpad.dat file, running version 5.5.2-027
- placement: DMZ subnet connected to a Juniper SSG550M firewall, currently allowing ANY service to the AD/DCs
- authenticatin is based on NTLM(SSP)
- AD/DCs running on W2k3 in native mode
- testauthconfig runs fine every time we test it, the only hickup being a "High Latency: (0.261s) for <coro>" when we run it on the CLI.
Most of the time web browsing seems to work just fine, but after an undefined amount of time auth. popups appear left and right when clients or apps try to access the web. In case the user is too fast in hitting the "cancel" button an proxy auth. error is being displayed, but if he waits 2-3 seconds he can just click cancel but the site is still being displayed after the user was properly authenticated.
So far we haven't been able to find any errors in the AD logs that might give a clue about why authentication didn't work for a split second. Our last hope was the upgrade to the latest release that seems to have fixed a few issues around NTLM, but since it didn't help in resolving the issue we might have to start all over again.
Now I am curious to see if anyone else has experienced a similar issue yet.