Sicherheitszertifikat - Abfrage umgehen? Einstellung der Firewall?
Moin Admin´s & Co
Hab hier grad mal ein Problem. Haben seit einem Monat die Kerio Winroute Firewall installiert in unserem 30 Clients-Netzwerk.
Seit dem bekomme ich an jedem Client der Internet Zugang hat eine Sicherheitszertifikatabfrage die zur Verzögerung der Erst-Verbindung beiträgt.
Die Clients benutzen den Internet explorer 6.0, System: Win XP pro
Siehe screenshot ---->
Ich möchte diese gerne umgehen, ausschalten.
Habe folgenden auszug des Handbuchs gefunden :
23.3 Automatic user authentication using NTLM
WinRoute supports automatic user authentication by the NTLM method (authentication from Web browsers). Users once authenticated for the domain are not asked for username and password.
This chapter provides detailed description on conditions and configuration settings for correct functioning of NTLM.
General conditions
The following conditions are applied to this authentication method:
WinRoute Firewall Engine is running as a service or it is running under a user account with administrator rights to the WinRoute host.
The server (i.e. the WinRoute host) belongs to a corresponding Windows NT or Kerberos 5 (Windows 2000/2003) domain.
Client host belongs to the domain.
User at the client host is required to authenticate to this domain (i.e. local user accounts cannot be used for this purpose).
The NT domain / Kerberos 5 authentication method (see chapter 13.1 Viewing and definitions of user accounts) must be set for the corresponding user account under WinRoute. NTLM cannot be used for authentication in the internal database.
WinRoute Configuration
NTLM authentication of users from web browsers must be enabled in Users → Authentication Options. User authentication should be required when attempting to access web pages, otherwise enabling NTLM authentication is meaningless.
The configuration of the WinRoute's web interface must include a valid DNS name of the server on which WinRoute is running
Web browsers
For proper functioning of NTLM, a browser must be used that supports this method. By now, the following browsers are suitable:
Microsoft Internet Explorer version 5.01 or later
Firefox, Netscape, Mozilla or SeaMonkey with the core version Mozilla 1.3 or later
NTLM authentication process
NTLM authentication process differs depending on a browser used.
Microsoft Internet Explorer
NTLM authentication is performed without user's interaction.
The login dialog is displayed only if NTLM authentication fails (e.g. when user account for user authenticated at the client host does not exist in WinRoute).
Warning: One reason of a NTLM authentication failure can be invalid login username or password saved in the Password Manager in Windows operating systems (Control Panels → User Accounts → Advanced → Password Manager) applying to the corresponding server (i.e. the WinRoute host). In such a case, Microsoft Internet Explorer sends saved login data instead of NTLM authentication of the user currently logged in. Should any problems regarding NTLM authentication arise, it is recommended to remove all usernames/passwords for the server where WinRoute is installed from the Password Manager.
Habe mehrere Versuche gestartet, alles neagtiv.
Bin nicht der fitteste in english verfassten Handbüchern!
Bin um jede Hilfe dankbar!
MfG Miggel
Hab hier grad mal ein Problem. Haben seit einem Monat die Kerio Winroute Firewall installiert in unserem 30 Clients-Netzwerk.
Seit dem bekomme ich an jedem Client der Internet Zugang hat eine Sicherheitszertifikatabfrage die zur Verzögerung der Erst-Verbindung beiträgt.
Die Clients benutzen den Internet explorer 6.0, System: Win XP pro
Siehe screenshot ---->
Ich möchte diese gerne umgehen, ausschalten.
Habe folgenden auszug des Handbuchs gefunden :
23.3 Automatic user authentication using NTLM
WinRoute supports automatic user authentication by the NTLM method (authentication from Web browsers). Users once authenticated for the domain are not asked for username and password.
This chapter provides detailed description on conditions and configuration settings for correct functioning of NTLM.
General conditions
The following conditions are applied to this authentication method:
WinRoute Firewall Engine is running as a service or it is running under a user account with administrator rights to the WinRoute host.
The server (i.e. the WinRoute host) belongs to a corresponding Windows NT or Kerberos 5 (Windows 2000/2003) domain.
Client host belongs to the domain.
User at the client host is required to authenticate to this domain (i.e. local user accounts cannot be used for this purpose).
The NT domain / Kerberos 5 authentication method (see chapter 13.1 Viewing and definitions of user accounts) must be set for the corresponding user account under WinRoute. NTLM cannot be used for authentication in the internal database.
WinRoute Configuration
NTLM authentication of users from web browsers must be enabled in Users → Authentication Options. User authentication should be required when attempting to access web pages, otherwise enabling NTLM authentication is meaningless.
The configuration of the WinRoute's web interface must include a valid DNS name of the server on which WinRoute is running
Web browsers
For proper functioning of NTLM, a browser must be used that supports this method. By now, the following browsers are suitable:
Microsoft Internet Explorer version 5.01 or later
Firefox, Netscape, Mozilla or SeaMonkey with the core version Mozilla 1.3 or later
NTLM authentication process
NTLM authentication process differs depending on a browser used.
Microsoft Internet Explorer
NTLM authentication is performed without user's interaction.
The login dialog is displayed only if NTLM authentication fails (e.g. when user account for user authenticated at the client host does not exist in WinRoute).
Warning: One reason of a NTLM authentication failure can be invalid login username or password saved in the Password Manager in Windows operating systems (Control Panels → User Accounts → Advanced → Password Manager) applying to the corresponding server (i.e. the WinRoute host). In such a case, Microsoft Internet Explorer sends saved login data instead of NTLM authentication of the user currently logged in. Should any problems regarding NTLM authentication arise, it is recommended to remove all usernames/passwords for the server where WinRoute is installed from the Password Manager.
Habe mehrere Versuche gestartet, alles neagtiv.
Bin nicht der fitteste in english verfassten Handbüchern!
Bin um jede Hilfe dankbar!
MfG Miggel
Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 46147
Url: https://administrator.de/forum/sicherheitszertifikat-abfrage-umgehen-einstellung-der-firewall-46147.html
Ausgedruckt am: 22.12.2024 um 22:12 Uhr
2 Kommentare
Neuester Kommentar
Hallo,
gruß
Die Clients benutzen den Internet explorer 6.0, System: Win XP pro
alles inkl. dem SP 2?gruß