Re: [discuss] Speed question

Steven Stratford Thu, 09 Sep 2004 09:45:34 -0700

Title: Re: [discuss] Speed question

Additional sleuthing on my problem getting Authoxy to work with NTLM:
Some NTLM docs here, mostly mystical to me:
http://www.innovation.ch/java/ntlm.html
Also
http://davenport.sourceforge.net/ntlm.html

If I start up Authoxy and invoke Software Update (seems a convenient way to test quickly), here’s my log:

Sep 9 10:59:24 : Authoxy has started successfully
Sep 9 10:59:30 : Ready to NTLM!
Sep 9 10:59:30 : Entering Step 1
Sep 9 10:59:30 : Found Connection: close. Hiding for NTLM Authentication
Sep 9 10:59:30 : Waiting for Step 2
Sep 9 10:59:30 : Entering Step 2
Here’s where I get the 120 second timeout. If I Stop Authoxy, Software Update aborts, but the log continues with the following:
Sep 9 10:59:35 : Entering Step 3
Sep 9 10:59:35 : Created Type 1 string of 60 characters
Sep 9 10:59:35 : Pausing in Step 3
Sep 9 10:59:35 : Entering Step 4
Sep 9 10:59:35 : Content-Length: 0
Sep 9 10:59:35 : NTLM: Target length is 4
Sep 9 10:59:35 : NTLM: Target length 2 is 4
Sep 9 10:59:35 : NTLM: Target offset is 56
Sep 9 10:59:35 : NTLM Flag: Negotiate OEM
Sep 9 10:59:35 : NTLM Flag: Request Target
Sep 9 10:59:35 : NTLM Flag: Negotiate NTLM
Sep 9 10:59:35 : NTLM Flag: Target Type Domain
Sep 9 10:59:35 : NTLM Flag: Negotiate Target Info
Sep 9 10:59:35 : NTLM Flag: UNKNOWN5
Sep 9 10:59:35 : NTLM: Target is: MBBC
Sep 9 10:59:35 : NTLM: Target length is 98
Sep 9 10:59:35 : NTLM: Target length 2 is 98
Sep 9 10:59:35 : NTLM: Target offset is 60
Sep 9 10:59:35 : NTLM: TargetInfo is: ^B^^H^M^B^B^C^^A^^H^I^N^E^T^^D^^P^m^b^b^c^.^e^d^u^^C^^Z^i^n^e^t^.^m^b^b^c^.^e^d^u^^E^^P^m^b^b^c^.^e^d^u^^^^^
Sep 9 10:59:35 : The nonce is: a^]´jáú∆.
Sep 9 10:59:35 : Finished Step 4
Sep 9 10:59:35 : Entering Step 5
Sep 9 10:59:35 : Got Type 3 msg of 176 characters.
Sep 9 10:59:35 : Finished NTLM!

Not sure what that means if anything. In one of the docs it says “The Type 2 message is sent by the server to the client in response to the client's Type 1 message. It serves to complete the negotiation of options with the client, and also provides a challenge to the client. It may optionally contain information about the authentication target.” Looking at the “TargetInfo” above, some information filled in comes from the server because it’s not in my Authoxy prefs anywhere. That tells me there WAS some interaction between the server and Authoxy. But why the delay?

I looked through all my error logs (by searching for “.log”) to see if there were any entries. The only one I can find is the entry by Software Update, which makes sense, because I pulled the rug out from under it:

2004-09-09 10:59:35.345 Software Update[651] connection:didFailWithError: bad server response

So I’m still no closer to tracking down that 120 second delay.

Nothing I put in the Domain and Host/Workstation seems to make a difference, the authentication always goes through, but with a 120 second delay after “Entering Step 2”. Does that mean I don’t have the right info yet? Does it mean the program’s not working right? Does it mean our server isn’t working right? Or does it mean that it doesn’t matter what’s in those two fields?

--Steve

On 9/7/04 6:05 PM, "bruce" <[EMAIL PROTECTED]> wrote:

Dear Steven,
I managed to replicate this delaying issue accidentially yesterday...
But it was caused by a break in the network connection... i.e.
nothing to do with with NTLM.

Here is our NORMAL connection log

Sep 7 13:49:49 : Authoxy has started successfully
Sep 7 13:49:55 : Ready to NTLM!
Sep 7 13:49:55 : Entering Step 1
Sep 7 13:49:55 : Found Connection: close. Hiding for NTLM Authentication
Sep 7 13:49:55 : Waiting for Step 2
Sep 7 13:49:55 : Entering Step 2
Sep 7 13:49:56 : Step 2 is complete
Sep 7 13:49:56 : Entering Step 3
Sep 7 13:49:56 : Created Type 1 string of 72 characters
Sep 7 13:49:56 : Pausing in Step 3
Sep 7 13:49:56 : Entering Step 4
Sep 7 13:49:56 : Content-Length: 0
Sep 7 13:49:56 : NTLM: Target length is 13
Sep 7 13:49:56 : NTLM: Target length 2 is 13
Sep 7 13:49:56 : NTLM: Target offset is 56
Sep 7 13:49:56 : NTLM Flag: Negotiate OEM
Sep 7 13:49:56 : NTLM Flag: Request Target
Sep 7 13:49:56 : NTLM Flag: Negotiate NTLM
Sep 7 13:49:56 : NTLM Flag: Target Type Domain
Sep 7 13:49:56 : NTLM Flag: Negotiate Target Info
Sep 7 13:49:56 : NTLM Flag: UNKNOWN5
Sep 7 13:49:56 : NTLM: Target is: TOORAKCOLLEGE
Sep 7 13:49:56 : NTLM: Target length is 180
Sep 7 13:49:56 : NTLM: Target length 2 is 180
Sep 7 13:49:56 : NTLM: Target offset is 69
Sep 7 13:49:56 : NTLM: TargetInfo is: ^B^^Z^T^O^O^R^A^K^C^O^L^L^E^G^E^^A^^R^P^R^O^X^Y^2^0^0^4^^D^0^t^o^o^r^a^k^c^o^l^l^e^g^e^.^v^i^c^.^e^d^u^.^a^u^^C^D^P^R^O^X^Y^2^0^0^4^.^t^o^o^r^a^k^c^o^l^l^e^g^e^.^v^i^c^.^e^d^u^.^a^u^^^^^
Sep 7 13:49:56 : The nonce is: &brkbar;.¤ËM^G•º.
Sep 7 13:49:56 : Finished Step 4
Sep 7 13:49:56 : Entering Step 5
Sep 7 13:49:56 : Got Type 3 msg of 184 characters.
Sep 7 13:49:56 : Finished NTLM!
Sep 7 13:49:56 : Server closed connection, killing session processes.

Takes a second or 2 and on our heavily loaded network thats not bad!!!

And here is the error log

Sep 7 13:52:50 : Ready to NTLM!
Sep 7 13:52:50 : Entering Step 1
Sep 7 13:52:50 : Found Connection: close. Hiding for NTLM Authentication
Sep 7 13:52:50 : Waiting for Step 2
Sep 7 13:52:50 : Entering Step 2
Sep 7 13:53:12 : Ready to NTLM!
Sep 7 13:53:12 : Entering Step 1
Sep 7 13:53:12 : Found Connection: close. Hiding for NTLM Authentication
Sep 7 13:53:12 : Waiting for Step 2
Sep 7 13:53:12 : Entering Step 2
Sep 7 13:53:12 : Step 2 is complete
Sep 7 13:53:12 : Entering Step 3
Sep 7 13:53:12 : Created Type 1 string of 72 characters
Sep 7 13:53:12 : Pausing in Step 3
Sep 7 13:53:12 : Entering Step 4
Sep 7 13:53:12 : Content-Length: 0
Sep 7 13:53:12 : NTLM: Target length is 13
Sep 7 13:53:12 : NTLM: Target length 2 is 13
Sep 7 13:53:12 : NTLM: Target offset is 56
Sep 7 13:53:12 : NTLM Flag: Negotiate OEM
Sep 7 13:53:12 : NTLM Flag: Request Target
Sep 7 13:53:12 : NTLM Flag: Negotiate NTLM
Sep 7 13:53:12 : NTLM Flag: Target Type Domain
Sep 7 13:53:12 : NTLM Flag: Negotiate Target Info
Sep 7 13:53:12 : NTLM Flag: UNKNOWN5
Sep 7 13:53:12 : NTLM: Target is: TOORAKCOLLEGE
Sep 7 13:53:12 : NTLM: Target length is 180
Sep 7 13:53:12 : NTLM: Target length 2 is 180
Sep 7 13:53:12 : NTLM: Target offset is 69
Sep 7 13:53:12 : NTLM: TargetInfo is: ^B^^Z^T^O^O^R^A^K^C^O^L^L^E^G^E^^A^^R^P^R^O^X^Y^2^0^0^4^^D^0^t^o^o^r^a^k^c^o^l^l^e^g^e^.^v^i^c^.^e^d^u^.^a^u^^C^D^P^R^O^X^Y^2^0^0^4^.^t^o^o^r^a^k^c^o^l^l^e^g^e^.^v^i^c^.^e^d^u^.^a^u^^^^^
Sep 7 13:53:12 : The nonce is: ^H`+‘ÿÉðÐ.
Sep 7 13:53:12 : Finished Step 4
Sep 7 13:53:12 : Entering Step 5
Sep 7 13:53:12 : Got Type 3 msg of 184 characters.
Sep 7 13:53:12 : Finished NTLM!
Sep 7 13:53:12 : Client closed connection, killing session processes.

Took 22 seconds longer

It was caused when the network connection switched from a lost wireless
connection to another wireless connection. This may be interesting.

It seems as though you are not maintaining the NETWORK connection reliably.

We know that the NTLM works... eventually but it seems to work.
Therefore that is probably NOT the problem.

I wonder if the transactions are getting to the proxy server/authenticating
in the way that you expect?

Is it a highly loaded network?
Are packets getting dropped anywhere because of load?
Are you going through restrictive routers?
Can you direct the transaction to your authenticating server more directly...
i.e. does it have a different IP address?

Note that in your log below, eveything worked perfectly within a second
AFTER the network connection was established with the Authenicating Server
see the blue log below.

I am inclined to think that the network connection is not pointing to
where you think it should be pointing. Check domain name IP addresses...
If you are using a proxy server then delete DNS entries.

Cheers,
Bruce.
PS On a wet cold and miserable Melbourne day downUnder.

> OK I changed NTLM Host/Workstation from sstratpbook (me) to 10.2.0.2 (our proxy server), and here's my result (better but not optimum) accessing Software Update. Takes 2 minutes for step 2 to complete, don t know enough about NTLM to know why. That seems to be the exact holdup. In the following, the delay is marked in red.
>
> Sep 7 10:32:16 : Authoxy has started successfully
> Sep 7 10:32:27 : Ready to NTLM!
> Sep 7 10:32:27 : Entering Step 1
> Sep 7 10:32:27 : Entering Step 2
> Sep 7 10:32:27 : Found Connection: close. Hiding for NTLM Authentication
> Sep 7 10:32:27 : Waiting for Step 2
> Sep 7 10:34:27 : Step 2 is complete
> Sep 7 10:34:27 : Entering Step 3
> Sep 7 10:34:27 : Created Type 1 string of 60 characters
> Sep 7 10:34:27 : Pausing in Step 3
> Sep 7 10:34:27 : Entering Step 4
> Sep 7 10:34:27 : Content-Length: 0
> Sep 7 10:34:27 : NTLM: Target length is 4
> Sep 7 10:34:27 : NTLM: Target length 2 is 4
> Sep 7 10:34:27 : NTLM: Target offset is 56
> Sep 7 10:34:27 : NTLM Flag: Negotiate OEM
> Sep 7 10:34:27 : NTLM Flag: Request Target
> Sep 7 10:34:27 : NTLM Flag: Negotiate NTLM
> Sep 7 10:34:27 : NTLM Flag: Target Type Domain
> Sep 7 10:34:27 : NTLM Flag: Negotiate Target Info
> Sep 7 10:34:27 : NTLM Flag: UNKNOWN5
> Sep 7 10:34:27 : NTLM: Target is: MBBC
> Sep 7 10:34:27 : NTLM: Target length is 98
> Sep 7 10:34:27 : NTLM: Target length 2 is 98
> Sep 7 10:34:27 : NTLM: Target offset is 60
> Sep 7 10:34:27 : NTLM: TargetInfo is: ^B^^H^M^B^B^C^^A^^H^I^N^E^T^^D^^P^m^b^b^c^.^e^d^u^^C^^Z^i^n^e^t^.^m^b^b^c^.^e^d^u^^E^^P^m^b^b^c^.^e^d^u^^^^^
> Sep 7 10:34:27 : The nonce is: åyß ^[k6µ.
> Sep 7 10:34:27 : Finished Step 4
> Sep 7 10:34:27 : Entering Step 5
> Sep 7 10:34:27 : Got Type 3 msg of 176 characters.
> Sep 7 10:34:27 : Finished NTLM!
>
> Hmmmm I did it again and it again took exactly 120 seconds to complete step 2... Sounds like a timeout or something is in operation here...
>
> Settings: Authoxy on port 8081, points to proxy 10.2.0.2:8080, NTLM on, domain mbbc host/workstation 10.2.0.2
> Network settings point to proxies to 127.0.0.1:8081, *.mbbc.edu is bypassed
>
> Hmmmm again. I blanked out the NTLM host/workstation, left mbbc in the domain, and restarted Authoxy, same result.......
>
> Testing.......
>
> OK I KNOW I have to use NTLM, because if it s not checked, Authoxy doesn t work, and if it is checked, Authoxy DOES work. However, no matter what I put in the blanks for BOTH domain and host/workstation don t seem to matter, I get a 120 second timeout in step 2.
>
> Testing........ I left both fields blank for NTLM, and this is what happened:
>
> Sep 7 11:08:37 : Authoxy has started successfully
> Sep 7 11:08:46 : Ready to NTLM!
> Sep 7 11:08:46 : Entering Step 1
> Sep 7 11:08:46 : Entering Step 2
> Sep 7 11:08:46 : Found Connection: close. Hiding for NTLM Authentication
> Sep 7 11:08:46 : Waiting for Step 2
> Sep 7 11:10:46 : Step 2 is complete
> Sep 7 11:10:46 : Entering Step 3
> Sep 7 11:10:46 : Created Type 1 string of 44 characters
> Sep 7 11:10:46 : Pausing in Step 3
> Sep 7 11:10:46 : Entering Step 4
> Sep 7 11:10:46 : Content-Length: 2639
> Sep 7 11:10:46 : No authentication challenge in NTLM authentication Step 4. Giving up.
>
> I will consult with my system administrator, or maybe someone has an idea. Thanks for your help. Sooooooo close. :)
>
> --Steve
>
> On 9/6/04 5:07 PM, "bruce" <[EMAIL PROTECTED]> wrote:
>
> > Set in the NTLM your windows domain name eg for us its "curriculum2"
> > and in the host, its NOT you/your workstation but the IP address of
> > your proxy server 10.2.0.1 or whatever,
> >
> > Well thats what we do...
> >
> > Try that.
> >
> > Cheers,
> > Bruce.
> >
> >
> >> --> NTLM Authentication is on, set to my domain (mbbc) and my computer name
> >> (sstratpbook)--I'm checking with our system admin to be sure that's correct
> >>
> >> Note: In Authoxy control panel, the number of daemons running increases with
> >> each web access, but doesn't seem to decrease back to 1 after the web page
> >> finishes loading. Don't know if that's normal.
> >>
> >> Any ideas? Thanks for your help--this tool has great potential for me to
> >> provide a higher level of compatibility with our MS network, so I'm not
> >> willing to give up yet!
> >>
> >> --Steve
> >
> >
>

Re: [discuss] Speed question

Reply via email to