• Products
    • View all products
    • Free trials
    • Buy online
    • Product lines
      • ApexSQL
      • Change Auditor
      • Enterprise Reporter
      • Foglight Database Monitoring
      • Foglight Evolve
      • KACE
      • Metalogix
      • Migration Manager
      • NetVault Backup
      • One Identity
      • QoreStor
      • Quest On Demand
      • Rapid Recovery
      • Recovery Manager
      • RemoteScan
      • SharePlex
      • Spotlight
      • Stat
      • Toad
    • Featured products
      • Cloud Management
        • Cloud Access Manager
        • Foglight for Virtualization, Enterprise Edition
        • Identity Manager
        • On Demand Migration for Email
        • Quest On Demand
        • Rapid Recovery
      • Data Protection
        • Foglight for Virtualization
        • NetVault
        • NetVault for Office 365
        • QorePortal
        • QoreStor
        • Rapid Recovery
        • vRanger
      • Database Management
        • Foglight for Databases
        • Litespeed for SQL Server
        • SharePlex
        • Spotlight SQL Server Enterprise
        • Toad Data Point
        • Toad DevOps Toolkit
        • Toad Edge
        • Toad for Oracle
        • Toad for SQL Server
      • Identity & Access Management
        • Active Roles
        • Defender
        • Identity Manager
        • Identity Manager Data Governance
        • One Identity Safeguard
        • Password Manager
        • Privileged Access Suite for Unix
        • Starling Connect
        • Starling Two-Factor Authentication
        • syslog-ng
      • Microsoft Platform Management
        • Active Administrator
        • Change Auditor
        • Enterprise Reporter
        • GPOADmin
        • InTrust
        • Metalogix
        • Migration Manager
        • On Demand Migration for Email
        • Quest On Demand
        • Recovery Manager
      • Performance Monitoring
        • Foglight Capacity Director
        • Foglight Hybrid Cloud Manager
        • Foglight for Databases
        • Foglight for Operating Systems
        • Foglight for Oracle
        • Foglight for PostgreSQL
        • Foglight for SQL Server
        • Foglight for Storage Management
        • Foglight for Virtualization
        • Spotlight on SQL Server
      • Unified Endpoint Management
        • Desktop Authority Management Suite
        • KACE Cloud Mobile Device Manager
        • KACE Desktop Authority
        • KACE Privilege Manager
        • KACE Systems Deployment Appliance
        • KACE Systems Management Appliance
        • RemoteScan
  • Solutions
    • View all Solutions
    • Industries
      • Education
      • Energy
      • Federal Government
      • Financial Services
      • Healthcare
      • State & Local Government
    • Platforms
      • Active Directory
      • Cisco
      • DB2
      • Exchange
      • Google
      • Hyper-v
      • Lotus Notes
      • OneDrive for Business
      • Office 365
      • Oracle
      • SAP/Sybase
      • SharePoint
      • SQL Server
      • Teams
      • Unix/Linux
      • VMware
      • Windows Server
    • Cloud Management
    • Data Protection
      • Overview
      • Backup & Recovery
      • Cloud Management
      • Deduplication & Compression
      • Disaster Recovery
      • Office 365 Data Protection
      • Virtualization Management
    • Database Management
      • Overview
      • Administration
      • Cloud Migration
      • Data Preparation and Provisioning
      • Development
      • DevOps
      • Performance Monitoring
      • Replication
      • Supported Platforms
        • IBM DB2
        • MySQL
        • Oracle
        • PostgreSQL
        • SAP Solutions
        • SQL Server
    • GDPR Compliance
    • Identity & Access Management
      • Overview
      • Identity Administration
      • Identity Governance
      • Privileged Access Management
      • AD Account Lifecycle Management
      • Access Control
      • Cloud
      • Log Management
    • Microsoft Platform Management
      • Overview
      • Mergers & Acquisitions
      • Migration & Consolidation
      • Office 365 Migration & Management
      • Security & Compliance
      • Windows Backup & Recovery
      • Supported Platforms
        • Active Directory
        • Cisco
        • Exchange
        • Google
        • Groupwise
        • Lotus Notes
        • Office 365
        • OneDrive for Business
        • SharePoint
        • SQL Server
        • Teams
        • Unix/Linux
        • Windows Server
    • Performance Monitoring
      • Overview
      • Database Performance Monitoring
      • Operating System Monitoring
      • Storage Performance & Utilization Management
      • Supported Platforms
        • Active Directory
        • DB2
        • Exchange
        • Java
        • Hyper-V
        • .NET
        • Oracle
        • SAP/Sybase
        • Storage
        • SQL Server
        • VMware
    • Unified Endpoint Management
      • Overview
      • Endpoint Compliance
      • Endpoint Security
      • Endpoint Visibility
      • Industries
        • Education
        • Healthcare
      • Supported Platforms
        • Internet of things
        • Microsoft® Windows
        • MAC
        • UNIX/LinuX
  • Resources
    • Blogs
      • Data Protection
      • Database Management
      • IT industry Insights
      • IT Ninja
      • Microsoft Platform Management
      • Performance Monitoring
      • Toad World Blog
      • Unified Endpoint Management
    • Customer Stories
    • Documents
    • Events
    • Webcasts
    • Technical Documentation
    • Videos
    • Whitepapers
  • Trials
  • Services
    • Consulting Services
      • Overview
      • Microsoft Platform Services
      • Data Protection Services
      • Unified Endpoint Management
      • Performance Monitoring Services
      • Database Management Services
    • Educational Services
    • Support Services
  • Support
    • Support Home
    • By Product
      • All Products
      • AppAssure
      • Archive Manager
      • Change Auditor
      • Desktop Authority
      • DR Series
      • Foglight
      • KACE
      • Migration Manager
      • NetVault
      • Rapid Recovery
      • SharePlex
      • Toad
      • vRanger
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Consulting Services
      • Microsoft Platform Management
      • Data Protection
      • Unified Endpoint Management
      • Performance Monitoring
      • Database Management
    • Technical Documentation
    • Educational Services
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Blogs
    • IT Industry Insights
    • Quest Solution Blogs
      • Data Protection
      • Database Management
      • ITNinja
      • Microsoft Platform Management
      • Performance Monitoring
      • Toad World Blog
      • Unified Endpoint Management
  • Forums
  • 製品情報
    • すべての製品情報を見る
    • Change Auditor
    • Foglight
    • KACE
    • Metalogix
    • Migration Manager
    • Migrator for Notes to SharePoint
    • NetVault Backup
    • On Demand Migration for Email
    • QoreStor
    • Rapid Recovery
    • Recovery Manager
    • SharePlex
    • Spotlight
    • Toad
  • ソリューション
    • すべてのプラットフォームを見る
    • クラウド管理
    • GDPRコンプライアンス
    • データ保護
      • 概要
      • クラウド管理
      • ディザスタリカバリ
      • バックアップとリカバリ
      • Office 365 データ保護
      • 仮想化管理
      • 重複除外と複製
    • データベース管理
      • 概要
      • DevOps
      • データの準備と分析
      • データベースのクラウド移行
      • データベースパフォーマンス監視
      • データベース管理
      • データベース複製ソフトウェアツール
    • 統合エンドポイント管理
      • 概要
      • エンドポイントコンプライアンス
      • エンドポイントセキュリティ
      • エンドポイントの可視化
    • Microsoftプラットフォーム管理
      • 概要
      • ハイブリッドActive Directoryのセキュリティとガバナンス
      • Microsoftプラットフォームの移行計画と統合
      • セキュリティとコンプライアンス
      • 情報アーカイブおよびストレージ管理ソリューション
      • Windowsのバックアップとリカバリ
      • Microsoft Serverのパフォーマンスと可用性
      • レポート作成機能
      • グループポリシーと権限
    • パフォーマンス監視
  • サービス
    • コンサルティングサービス
      • 概要
      • Microsoftプラットフォーム管理
      • データ保護
      • 統合エンドポイント管理
      • パフォーマンス監視
      • データベース管理
    • トレーニングと認定資格
    • サポートサービス
  • サポート
    • サポートホーム
    • 製品で検索
      • All Products
      • AppAssure
      • Archive Manager
      • Change Auditor
      • Desktop Authority
      • DR Series
      • Foglight
      • KACE
      • Migration Manager
      • NetVault
      • Rapid Recovery
      • SharePlex
      • Toad
      • vRanger
    • お問い合わせ
      • すべて
      • カスタマサービス
      • ライセンス アシスタンス
      • 更新のアシスタンス
      • 技術サポート
    • コミュニティフォーラム
    • ソフトウェアのダウンロード
    • ナレッジベ%E3%83%BCス
    • マイアカウント
      • マイ プロダクト
      • Myサービスリクエスト
      • マイ ライセンス
      • マイ グループ
      • マイ プロファイル
    • ポリシーおよび手順
    • コンサルティングサービス
      • Microsoftプラットフォーム管理
      • データ保護
      • 統合エンドポイント管理
      • パフォーマンス監視
      • データベース管理
    • リリースノートおよびガイド
    • 教育サービス
    • ビデオチュートリアル
  • トライアル
  • パートナー
    • 概要
    • Partner Circleへのログイン
    • パートナーになる
    • Find a Partner
    • パートナーコミュニティ
  • コミュニティ
Quest Community
Quest Community
  • Site
  • User
  • Site
  • Search
  • User
Foglight
Foglight
Foglight Administrators How to Handle NTLM within UEM
  • Forum
  • Wikis
  • Sub-Groups
  • More
  • Cancel
  • New
  • -Foglight Administrators
    • A New Foglight Service Status Widget - Text with Colored Background
    • Adding APM views to an existing Foglight Java cartridge installation
    • Adventures in Agent Creation - Part 1
    • Adventures in Agent Creation - Part 2
    • Adventures in Agent Creation - Part 3
    • Anonymizing the Foglight End User Monitoring Solution
    • Another Foglight Service Status Widget - Colored Text
    • Building a custom dashboard to summarize LogFilter alarms
    • Building a geo drag and drop Foglight dashboard for a service
    • Building Complex Schedules with Foglight
    • Busting Frame Busters in Foglight Experience Viewer (FxV)
    • Community Cartridge: Notification Management Cartridge
    • Compatibility for Navigation Timing API
    • Configuring Internet Explorer 9 (IE9), to best work with Foglight
    • Converting Foglight 4 Script Agents to Foglight 5
    • Creating Load Testing Scripts from FxM and FxV Session Data
    • Custom Agents - Introduction to Script Agents
    • Custom Agents - Script Agent Data Modeling and Units
    • Custom Foglight Dashboards: adding alarm colors to spinners, jelly beans and other gauges
    • Custom Script Agent 1: Leverage an Existing Monitoring Script To Push Data into Foglight
    • Custom Script Agent 2: Build a WCF Dashboard to View the Custom Agent Data
    • Custom Script Agent 3: Add a Metric and Build a WCF Chart to Display it
    • Custom Script Agent 4: Add a Metric to a Table
    • Customizing Foglight – Expert Services Discount Available for a Limited Time!
    • Customizing the out-of-the-box Host Status view
    • Dashboard speed-up
    • Deploying Two FglAMs to the Same Windows Host and running each as a Windows Service
    • Different Thresholds for Different Tablespaces
    • Different Thresholds for Different Tablespaces - Part 2
    • Emailing reports with the proper name and format
    • FGL IDE (Export Customizations & more)
    • Flexible, Cost-effective Remote Administration Services
    • Foglight 5 - Topology Localization
    • Foglight Advanced Administration Training - Limited Space for February 2012
    • Foglight APM Basics (Videos)
    • Foglight APM Features (videos)
    • +Foglight Best Practices
    • Foglight Best Practices (videos)
    • Foglight Best Practices Monthly Webcast – Sign Up for Session 1!
    • Foglight Best Practices: Dashboards and Reports Webcast Registration Open Now!
    • Foglight dashboard as a SharePoint WebPart
    • Foglight Dev Camp & Hackathon 2017
    • Foglight End User Management: Using Network TAPs versus a Switch SPAN Port
    • Foglight End User Service Availability Reporting, Foglight Experience Monitor or Foglight Transaction Recorder which one to use?
    • Foglight Event Synchronization Solution for HP Operations Manager Services Pack Available Now!
    • Foglight Experience Viewer (FxV) URL Search Shortcuts
    • Foglight Host OS Monitoring (videos)
    • Foglight iGoogle Gadget
    • Foglight nologinuser dashboard in SharePoint
    • Foglight Public Virtual Training Courses
    • Foglight Quickstart Services Offering
    • Foglight Reporting using Metric Queries or Groovy
    • Foglight Training Classes -- Public and Private Options Available
    • Foglight Training Packages with Free Healthcheck Services - Limited Time Offer
    • Fraud Support with FxV
    • FxM and Apache Proxy Server (X-Forwarded-Host)
    • FxM: IP Multicasting and Sessionizing
    • FxV Storage Tier Expansion & Analysis Repository Considerations
    • Getting the most out of Foglight's .NET Monitoring - Part 1
    • Getting the most out of Foglight's .NET Monitoring - Part 2: Agent Configuration Specifics and Best Practices
    • Getting the most out of Foglight's .NET Monitoring - Part 3: Monitoring a .NET Executable Application
    • HDIDT - View an Exported Real User Session File
    • How are your Java components processing?
    • How to Handle NTLM within UEM
    • Improve Organizational Adoption of Your APM Solution
    • January Foglight Best Practices Thursday, January 5 - Register Now!
    • Java APM
    • June 2012 Best Practices Webcast Open for Registration!
    • Migrating your Foglight Management Server
    • Monitoring .NET Request Memory Usage with Foglight
    • Monitoring an independent Java process using Foglight
    • Monitoring application availability using Foglight Utility Agents
    • New Foglight Services Packs Available
    • New Sizing Guide for FxM and FxV
    • New UEM Sizing Guide
    • Predicting the Impact of Moving a Guest to Another Host
    • +Quest Application Performance Monitoring (APM) Implementation Methodology
    • Reading a XML File with a powershell script agent
    • Really Simple (Foglight) Syndication
    • Services Section of Quest.com Gets a Facelift
    • Setting the value of a Registry Variable from the Command Line
    • SNMP trap variables in Foglight Alarms
    • The End-User as an Instrument...
    • Thoughts from the road - Foglight Java agent Tag and Follow
    • Thoughts from the road – User session replay - YOU CAN ACTUALLY DO THAT???
    • Training Update - New Foglight Reporting Course Available
    • Understanding Foglight Metrics
    • Updates to Quest's Foglight Public Virtual Training Calendar
    • Use a Foglight to monitor itself
    • Use Foglight to Drive Business Performance
    • Use Foglight to monitor itself
    • User Experience Mgmt Overview
    • Using telnet or wget to check connectivity
    • Using the ConfigService API to setup agent properties (ASPs)
    • Utilizing MS Exchange distribution lists to help with user attribute maintenance
    • We've Redesigned SupportLink to Get You Answers Faster Than Ever - See for Yourself and Enter to Win an iPad!
    • [Case Scenario] - How to avoid duplicate rows when building a report with 5 min granular data
  • (iNdOrE) && (GwAlIoR) +91-9915786526 ##LoVe Marriage Specialist Pandit ji kota
  • Custom Script Agent - Counting Files in a Windows Folder - How-To
  • Foglight Admin 101
  • Foglight monitoring application components running on Docker Containers
  • Foglight User 101
  • Memory Utilization for all processes over X months
  • NetMonitor - Quick How-To Guide
  • Setting JBoss Server name and domain in Foglight
  • Setting Tomcat server name and domain in Foglight
  • testing a bug - Do not publish
  • WebMonitor - Quick How-To Guide
  • WebMonitor agent installation

How to Handle NTLM within UEM

Several customers have inquired about how our UEM solution deals with HTTP applications that use NTLM authentication. How does our UEM solution (Foglight Experience Monitor, Foglight Experience Viewer) replay behave with the Windows-based NTLM authentication? What can be seen?
To the typical web application user who integrates with NTLM, they may get automatically logged in from their user credentials from their Windows operating system. For those who are not automatically authenticated, they may be presented with a dialog box asking for credentials like this one:
Since that dialog is handled by the browser, and not actual HTML, this cannot be replayed. What gets displayed instead in the browser during an FxV replay is quite different:
Why? Short answer: it's pretty ugly what goes over the http conversation during an NTLM handshake. Plain and simple.
What can you do? Well, in FxV you can create a simple hit filter that matches on the 401 http code and simply discard it. This doesn't mean the data didn't go over the wire, you are just choosing not to store that hit in the FxV database, and therefore squelch it from replay.
What about FxM? Glad you asked. FxM is going to drop these by default. There is a setting in "Advanced Options" seen below where NTLM is dealt with simply by discarding it.
If you're still interested why NTLM is so chatty over http, here is a great article referencing it...http://davenport.sourceforge.net/ntlm.html#respondingToTheChallenge :
Appendix B: Application Protocol Usage of NTLM
This section examines the use of NTLM authentication within some of Microsoft's network protocol implementations.
NTLM HTTP Authentication
Microsoft has established the proprietary "NTLM" authentication scheme for HTTP to provide integrated authentication to IIS web servers. This authentication mechanism allows clients to access resources using their Windows credentials, and is typically used within corporate environments to provide single sign-on functionality to intranet sites. Historically, NTLM authentication was only supported by Internet Explorer; recently, however, support has been added to various other user agents.
The NTLM HTTP authentication mechanism works as follows:
1. The client requests a protected resource from the server:
2. GET /index.html HTTP/1.1
3. The server responds with a 401 status, indicating that the client must authenticate. "NTLM" is presented as a supported authentication mechanism via the " WWW-Authenticate " header. Typically, the server closes the connection at this time:
4. HTTP/1.1 401 Unauthorized
5. WWW-Authenticate: NTLM
6. Connection: close
Note that Internet Explorer will only select NTLM if it is the first mechanism offered; this is at odds with RFC 2616, which states that the client must select the strongest supported authentication scheme.
7. The client resubmits the request with an " Authorization " header containing a Type 1 message parameter. The Type 1 message is Base-64 encoded for transmission. From this point forward, the connection is kept open; closing the connection requires reauthentication of subsequent requests. This implies that the server and client must support persistent connections, via either the HTTP 1.0-style "Keep-Alive" header or HTTP 1.1 (in which persistent connections are employed by default). The relevant request headers appear as follows (the line break in the " Authorization " header below is for display purposes only, and is not present in the actual message):
8. GET /index.html HTTP/1.1
9. Authorization: NTLM TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1
10. JLU1RBVElPTkRPTUFJTg==
11. The server replies with a 401 status containing a Type 2 message in the " WWW-Authenticate " header (again, Base-64 encoded). This is shown below (the line breaks in the " WWW-Authenticate " header are for editorial clarity only, and are not present in the actual header).
12. HTTP/1.1 401 Unauthorized
13. WWW-Authenticate: NTLM TlRMTVNTUAACAAAADAAMADAAAAABAoEAASNFZ4mrze8
14. AAAAAAAAAAGIAYgA8AAAARABPAE0AQQBJAE4AAgAMAEQATwBNAEEASQBOAAEADABTA
15. EUAUgBWAEUAUgAEABQAZABvAG0AYQBpAG4ALgBjAG8AbQADACIAcwBlAHIAdgBlAHI
16. ALgBkAG8AbQBhAGkAbgAuAGMAbwBtAAAAAAA=
17. The client responds to the Type 2 message by resubmitting the request with an " Authorization " header containing a Base-64 encoded Type 3 message (again, the line breaks in the " Authorization " header below are for display purposes only):
18. GET /index.html HTTP/1.1
19. Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAA
20. AACAAIAEwAAAAWABYAVAAAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIA
21. VwBPAFIASwBTAFQAQQBUAEkATwBOAMM3zVy9RPyXgqZnr21CfG3mfCDC0+d8ViWpjB
22. wx6BhHRmspst9GgPOZWPuMITqcxg==
23. Finally, the server validates the responses in the client's Type 3 message and allows access to the resource.
24. HTTP/1.1 200 OK
This scheme differs from most "normal" HTTP authentication mechanisms, in that subsequent requests over the authenticated connection are not themselves authenticated; NTLM is connection-oriented, rather than request-oriented. So a second request for " /index.html " would not carry any authentication information, and the server would request none. If the server detects that the connection to the client has been dropped, a request for " /index.html " would result in the server reinitiating the NTLM handshake.
A notable exception to the above is the client's behavior when submitting a POST request (typically employed when the client is sending form data to the server). If the client determines that the server is not the local host, the client will initiate reauthentication for POST requests over the active connection. The client will first submit an empty POST request with a Type 1 message in the " Authorization " header; the server responds with the Type 2 message (in the " WWW-Authenticate " header as shown above). The client then resubmits the POST with the Type 3 message, sending the form data with the request.
The NTLM HTTP mechanism can also be used for HTTP proxy authentication. The process is similar, except:
  • The server uses the 407 response code (indicating proxy authentication required) rather than 401.
  • The client's Type 1 and 3 messages are sent in the " Proxy-Authorization " request header, rather than the " Authorization " header.
  • The server's Type 2 challenge is sent in the " Proxy-Authenticate " response header (instead of " WWW-Authenticate ").
With Windows 2000, Microsoft introduced the "Negotiate" HTTP authentication mechanism. While primarily aimed at providing a means of authenticating the user against Active Directory via Kerberos, it is backward-compatible with the NTLM scheme. When the Negotiate mechanism is used in "legacy" mode, the headers passed between the client and server are identical, except "Negotiate" (rather than "NTLM") is indicated as the mechanism name.
  • ntlm
  • fxm
  • fxv
  • Share
  • History
  • More
  • Cancel
Related
Recommended
  • Company
    • About Us
    • Buy
    • Contact Us
    • Careers
    • News
  • Resources
    • Industry Insights Blog
    • Communities
    • Customer Stories
    • Documents
    • Events
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • Training & Certification
    • Support Services
  • Social Networks
    • Facebook
    • LinkedIn
    • Twitter
    • YouTube
  • © 2023 Quest Software Inc. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center
  • 会社名
    • 会社情報
    • 購入
    • お問い合わせ
    • 採用情報
    • ニュース
  • リソース
    • ブログ
    • お客様の事例
    • ドキュメント
    • イベント
    • ビデオ
  • サポート
    • プロフェッショナルサービス
    • サポートの更新
    • テクニカルサポート
    • トレーニングと認定資格
    • サポートサービス
  • ソーシャルネットワーク
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2023 Quest Software Inc. ALL RIGHTS RESERVED.
  • 「法務」
  • ご利用規約
  • 個人情報保護方針
  • コミュニティのフィードバックとサポート