Hi;

This is the thing.

One month ago, I opened a service request because I have  integrated an IronPort S370 and a Windows Server 2008 Active Directory,  but we are experiencing this issues:

Fri Nov  4 06:59:09 2011 Critical: PROX_AUTH : - : NTLMSSP BH: NT_STATUS_NO_LOGON_SERVERS

Fri Nov  4 07:14:25 2011 Info: PROX_AUTH : - : NTLM CRAP  authentication for user [DOMAIN]\[user] returned  NT_STATUS_NO_LOGON_SERVERS (PAM: 12)

Fri Nov  4 07:14:25 2011 Info: PROX_AUTH : - : Login for user [DOMAIN]\[user]@[200-52062Q] failed due to [No logon servers]

Fri Nov  4 07:14:25 2011 Critical: PROX_AUTH : - : NTLMSSP BH: NT_STATUS_NO_LOGON_SERVERS

Fri Nov  4 07:14:32 2011 Info: PROX_AUTH : - : NTLM CRAP  authentication for user [DOMAIN]\[user] returned  NT_STATUS_NO_LOGON_SERVERS (PAM: 12)

Fri Nov  4 07:14:32 2011 Info: PROX_AUTH : - : Login for user [DOMAIN]\[user]@[211-5305DV] failed due to [No logon servers]

Fri Nov  4 07:14:32 2011 Critical: PROX_AUTH : - : NTLMSSP BH: NT_STATUS_NO_LOGON_SERVERS

So, a Cisco Engineer told us that at the end of Octuber cisco would be releasing version 7.5 and, according with this engineer in this version IronPort will have a feature in which you can control TCP ports to negotiate autentication with AD.

The piece that I am most looking forward to is how IronPort handles HTTPS taffic. Currently, it handles it through Session Cookies. However, from my understanding, this method will be changed to a User Agent based system, therefore eleimnating the issues that we are currently having with IronPort not detecting authentication information because of the already cached cookie.