Dear All,
first of all I'd like to say hallo to all community! This is my first post here so please be patient if i force any rules o this forum.
Recently i've installed websense web security 7.7.3 with integration to TMG. All according to documentation :
- separate machines for websense and tmg, server site are 2008 r2, domain in mix mode
Filtering works fine based on DC agent(session are collected and well filtered) however i cannot force filtering base on Logon Agent (using logonapp on pc site).
From debugging on pc seems that NTLM might be the problem...but according to DOCs seems that ver 7.7.3 works well with NTML v2 on both server and client site.:
http://www.websense.com/content/support/library/web/v77/logon_agent/logon_agent.pdf
"Client machines must use NTLM (v1 or v2) when authenticating users."
Can anyone confirm this? So that I can focus on some other possibility (fw is not a problem, i see in netstat that sessions are established between pc and logonagent). Seems the problem is for sure between pc and logon agent handshake.
This is my debug result:
LogonApp can not reach the Auth.Server [SERVER] in the final attempt. (Invalid status code, error: 503)
and info:
http://www.websense.com/support/article/kbarticle/LogonApp-cannot-reach-the-authserver-in-the-final-attempt-invalid-status-code-error-401
"If you see 503 Service Unavailable, it is possible that the NTLM settings are set higher than version 1."
I would appreciate any help.
regards