This article only focuses on NTLM authentication failure with the error log 'AcceptSecurityContext failed: 0x8009030c'.
Refer to the following article to follow NTLM authentication flow and troubleshooting: Troubleshooting Tip: NTLM authentication (FSSO fallback)
NTLM authentication stops suddenly, resulting in an internet access issue. WAD (Policy in proxy mode inspection) and Authd debug on FortiGate shows authentication failure with the reason 'not_authenticated' and groups returned as 'null' as below:
2023-08-02 08:12:15 [authd_http_wait_req:2298]: src 10.150.1.50 flag 10210000 2023-08-02 08:12:15 [authd_http_read_http_message:493]: called 2023-08-02 08:12:15 [authd_http_is_full_http_message:443]: called 2023-08-02 08:12:15 [authd_http_on_method_get:5697]: src 10.150.1.50 flag 10210000 2023-08-02 08:12:15 [authd_http_check_local_portal:1835]: src 10.150.1.50 flag 10210000 2023-08-02 08:12:15 [authd_http_send_https_redir:4642]: src 10.150.1.50 flag 10210000 2023-08-02 08:12:15 [authd_http_prepare_javascript_redir:3908]: http://10.150.0.243:1000/fgtauth?040981b32cbd00ab <----- Firewall redirecting the user to a auth page.
2023-08-02 08:12:15 authd_fp_on_ntlm_req[Fortigroup]: tag 0x88, seq 1688044638/1688041086, msg "TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAKADk4AAAADw==Fortigroup" 2023-08-02 08:12:15 _process_ntlm_result[Fortigroup]: tag 0x8b, seq 1688044638, result 0, user FORTIADM, domain TESTNET, groups "(null)" 2023-08-02 08:12:15 NTLM failed: FORTI@TESTNET((null)), reason: not_authenticated
FSSO Collector agent debug shows the error 'AcceptSecurityContext failed: 0x8009030c' for user 'FORTIADM' as below.
08/02/2023 08:12:15 [ 9704] AcceptSecurityContext failed: 0x8009030c 08/02/2023 08:12:15 [ 9704] NTLM auth failed 08/02/2023 08:12:15 [ 9704] domain:TESTNET 08/02/2023 08:12:15 [ 9704] user:fortiadm 08/02/2023 08:12:15 [ 9704] workstation:TESTPC01
The error code '0x8009030c' is a Windows error code for 'SEC_E_LOGON_DENIED' and it is not related to FortiGate or FSSO agent:
AcceptSecurityContext (General) function
The issue can be resolved by disabling the authentication loopback check for the NTLM by following the below steps:
- Select Start, select Run, type regedit, and then select 'OK'.
- Locate and then select the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- 'Right-click' Lsa, point to New and then select DWORD Value.
- Type DisableLoopbackCheck, and then press ENTER.
- 'Right-click' DisableLoopbackCheck, and then select 'Modify'.
- In the Value data box, type 1, and then select 'OK'.
- Exit Registry Editor.
- Restart Server.
|