cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
792
Views
0
Helpful
1
Replies
keithsauer507
Contributor

How do you get the reauthenticate URL to work on blocked message?

I constantly have problems with my Sony Vaio S series laptop and our IronPort S160.  I am trying to download a bluetooth driver from Intel's website.  Many times when I try to download or go to places that I have access according to the IT Admins policies, I get a blocked page (and only on the laptop).  I tried the same URL in IE9 and also Google Chrome and both result in the same output:

The website you are trying to access is blocked.



Blocked Site:

downloadmirror.intel.com

Blocked Category:

Computers and Internet

User:

DOMAIN\cpu00430$@Windows

User Group:

BLOCK_ADMIN_FILE_TYPE_11-DefaultGroup-Authenticated_Users-DefaultGroup-NONE-NONE-DefaultGroup

Reauth_URL:

-

Base64Decode error '800a0001'

Bad Base64 string.

/ironport/blocked.asp, line 78

See above where it starts with Base64Decode error?  That is where the Re-authenticate User link is supposed to be.  We are supposed to be able to click a re-authenticate link and get a pop up where we can put our domain credentials in to attach our credentials to our current IP address.

So 2 questions here really...

1.  Why doesn't the reauthenticate link always work?  I would say it shows up 1% of the time (so very rarely... but I have seen it).

2.  I'm logged into Windows 7, joined to our domain on a laptop and a desktop.  Why does the laptop aways see me as DOMAIN\computername@windows but the Ironport see's my desktop as DOMAIN\username@windows?

Both PC's are running Windows 7 Professional 64-bit, IE 9.  The only difference is one is a Sony laptop with an Intel Adv-N 6230 wireless card and the Desktop is a custom built with an ASUS motherboard and Marvel GigE on board connection.  Windows updates would be identical because our WSUS server approves our updates and we are configured via Group Policy to get those updates on a weekly basis.

1 REPLY 1
donnylee
Cisco Employee

There could be some issues with this traffic when going via the S160.

1. The user, DOMAIN\cpu00430$@Windows, is not supposed to be authenticated as computer name. I believe this is related to Windows NCSI traffic that is known to be available from Windows7 and Vista. You may need to create a separate identity in the S160 to allow this traffic. Please see the link to the KB, Article #1713: Traffic from Windows 7 / Vista clients shows workstation instead of user in the access logs Link: http://tools.cisco.com/squish/13383

2. Once the user has been authenticated properly, make sure that the driver file type is not blocked in the access policy.

Hope this helps.

-Donny

Content for Community-Ad