AnsweredAssumed Answered

NTLM Authentication on Exchange server through External Gateway on DMZ and Internal Gateway on LAN

Question asked by GHaener on Aug 29, 2017
Latest reply on Aug 30, 2017 by GHaener

Hi,

Our system is working with 2 gateways :


- 1 in DMZ as external gateway that have access on internet
- 1 in LAN as internal gateway with access to external gateway

 

Our service call an Exchange Server which use NTLM for authentication (https://msdn.microsoft.com/fr-fr/library/windows/desktop/aa378749(v=vs.85).aspx) Challenge/Response protocol.

 

NTLM Authentication requires multiple exchange between the client and the server.

 

When we call the service on the internal gateway the service works with NTML authentication (3 call between my internal gateway and exchange server).


But on the external gateway, on the second call from the external gateway we got this error :

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>Error in assertion processing</faultstring>
<faultactor>https://apidev-eu-ext1.sanofi.com:7443/MI/1.0/EWS/Exchange.asmx</faultactor>
<detail>
<l7:policyResult status="javax.security.auth.x500.X500Principal cannot be cast to com.l7tech.server.transport.http.ConnectionId" xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

 

If you have previous experience with NTLM and CA gateway?

 

Regards.

Outcomes