Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sjoshi
Staff
Staff

Created on ‎09-10-2024 09:32 PM Edited on ‎11-12-2025 10:19 PM By Staff

Article Id 340421

Troubleshooting Tip: NTLM Authentication Breaks After v7.4.4 Upgrade

Description

 

This article describes how to troubleshoot NTLM authentication failures after an upgrade to v7.4.4 - v7.4.8.

 

Scope

 

FortiGate v7.4.4, v7.4.8.

 

Solution

 

NTLM authentication is configured as a fallback mechanism, enabled under the corresponding firewall policy. After upgrading to v7.4.4 - v7.4.8, the NTLM policy is triggered, and the captive portal page attempts to load. However, the page fails to redirect correctly, resulting in incomplete authentication and preventing proper access for users.

 

Upon redirection, the following error is encountered:

 

This site can’t be reached. Check if there is a typo in fgtauth. If spelling is correct, try running Windows Network Diagnostics. DNS_PROBE_FINISHED_NXDOMAIN.

 

error_chrome.PNG

 

It is not a DNS issue from the PC.

The authd debug logs show that FortiGate is sending the authentication page to the source, but the redirection process is not completing successfully, causing the page to fail to load properly.


2024-06-10 15:25:07 [authd_http_change_state:2822]: src 10.134.9.98 flag 10210000
2024-06-10 15:25:07 authd_http: change state from 2 to 3
2024-06-10 15:25:07 [authd_http_wait_req:2303]: src 10.134.9.98 flag 10210000
2024-06-10 15:25:07 [authd_http_read_http_message:493]: called
2024-06-10 15:25:07 [crypto_malloc:208]: [crypto_malloc:208]: 40 (crypto/packet.c:107)
2024-06-10 15:25:07 [crypto_free:216]: [crypto_free:216]: (crypto/packet.c:288)
2024-06-10 15:25:07 [crypto_free:216]: [crypto_free:216]: (crypto/packet.c:334)
2024-06-10 15:25:07 [authd_http_is_full_http_message:443]: called
2024-06-10 15:25:07 [authd_http_on_method_get:5816]: src 10.134.9.98 flag 10210000
2024-06-10 15:25:07 [authd_http_check_local_portal:1839]: src 10.134.9.98 flag 10210000
2024-06-10 15:25:07 [authd_http_send_https_redir:4748]: src 10.134.9.98 flag 90210000
2024-06-10 15:25:07 [authd_http_prepare_javascript_redir:3942]: https://10.134.8.1:1003/fgtauth?05040bae7643e9

 

On the user's machine, the redirection points to https://10.134.8.1:1003/fgtauth?05040bae7643e9, but it fails, displaying the previously mentioned error. The request then redirects again to fgtauth/?0509038a999792e0, resulting in an incomplete authentication process.

 

Downgrading to v7.4.3 resolves the issue, indicating a problem with v7.4.4, v7.4.8. Additionally, the issue persists across all browsers in v7.4.4, v7.4.8, confirming that the problem is not browser-dependent. 

 

The issue has been reported with a known issue ID 1042987 and is resolved in v7.4.9 and v7.6.1.

 

Related document:

Resolved issues

1456
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.