Proxy authentication causes connection to icloud.com to fail
Hello,
Whenever we try to connect to www.icloud.com with Firefox, communication fails. We use an explicit Blue Coat proxy setup to connect to the internet and Kerberos/NTLM authentication. We opened a case with Blue Coat, but we concluded the problem is related to Firefox. Disabling authentication is an option, but more and more users are complaining on different websites, and we cannot keep on disabling authentication on all websites.
When we take a closer look on the packet capture, it appears all communication goes through fine, except for connections to setup.icloud.com. The proxy generates errors like these: onbox_unmapped_error - an unrecoverable internal error These indicate an internal proxy error, however, after further verification it appears to be a bug in Firefox.
This occurs both with Kerberos & NTLM. Kerberos:
6288.030 LW_Error_to_auth_result(), mapping unknown error code -1765328350 to AUTH_E_ONBOX_UNMAPPED_ERROR 2425350 6288.030 gss_accept_sec_context failed. Major: 0xD0000, Minor: 0x96C73A22(-1765328350). Request is a replay 6288.030 GSSAPI: Error in gss_accept_sec_context() at g_accept_sec_context.c:225 [major: 851968, minor: -1765328350] 6288.030 GSSAPI: gss_accept_sec_context() at g_accept_sec_context.c:223 [Minor: -1765328350] 6288.030 GSSAPI: Error in gss_accept_sec_context() at g_accept_sec_context.c:225 [major: 851968, minor: -1765328350] 6288.030 GSSAPI: gss_accept_sec_context() at g_accept_sec_context.c:223 [Minor: -1765328350]
NTLM:
0994.251 TRACE: lsass - [ntlm_gss_accept_sec_context() gssntlm.c:1201] Error code: 40041 (symbol: LW_ERROR_INVALID_PARAMETER) 0994.251 TRACE: lsass - [NtlmClientAcceptSecurityContext() acceptsecctxt.c:93] Error code: 40041 (symbol: LW_ERROR_INVALID_PARAMETER) 0994.251 TRACE: lsass - [NtlmTransactAcceptSecurityContext() clientipc.c:222] Error code: 40041 (symbol: LW_ERROR_INVALID_PARAMETER)
We never experience this with other browsers such as Chrome, Internet Explorer, ... We first experienced it with Firefox 45. However, we are now at Firefox 53 and are still experiencing this. I was hoping the Firefox development team would have solved this by now. We realize we have no support contract, however, I would be surprised if we would be the only ones experiencing this.
We also noticed this towards other websites, however, icloud.com is the easiest to replicate the issue. Attached you can find the output of this error in the browser
Best Regards, Dimi De Belder
Alle Antworten (1)
Image uploaded