Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
RBA
Staff
Staff

Created on ‎10-30-2023 05:39 AM Edited on ‎10-30-2023 05:40 AM By Community Manager

Article Id 281853

Troubleshooting Tip: NTLM authentication failure (FSSO Fallback)

Description This article describes how to troubleshoot the NTLM authentication failure with log 'AcceptSecurityContext failed: 0x8009030c'.
Scope FortiGate.
Solution

This article only focuses on NTLM authentication failure with the error log 'AcceptSecurityContext failed: 0x8009030c'.

 

Refer to the following article to follow NTLM authentication flow and troubleshooting:
Troubleshooting Tip: NTLM authentication (FSSO fallback)

 

NTLM authentication stops suddenly, resulting in an internet access issue.
WAD (Policy in proxy mode inspection) and Authd debug on FortiGate shows authentication failure with the reason 'not_authenticated' and groups returned as 'null' as below:

 

2023-08-02 08:12:15 [authd_http_wait_req:2298]: src 10.150.1.50 flag 10210000
2023-08-02 08:12:15 [authd_http_read_http_message:493]: called
2023-08-02 08:12:15 [authd_http_is_full_http_message:443]: called
2023-08-02 08:12:15 [authd_http_on_method_get:5697]: src 10.150.1.50 flag 10210000
2023-08-02 08:12:15 [authd_http_check_local_portal:1835]: src 10.150.1.50 flag 10210000
2023-08-02 08:12:15 [authd_http_send_https_redir:4642]: src 10.150.1.50 flag 10210000
2023-08-02 08:12:15 [authd_http_prepare_javascript_redir:3908]: http://10.150.0.243:1000/fgtauth?040981b32cbd00ab <----- Firewall redirecting the user to a auth page.

2023-08-02 08:12:15 authd_fp_on_ntlm_req[Fortigroup]: tag 0x88, seq 1688044638/1688041086, msg "TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAKADk4AAAADw==Fortigroup"
2023-08-02 08:12:15 _process_ntlm_result[Fortigroup]: tag 0x8b, seq 1688044638, result 0, user FORTIADM, domain TESTNET, groups "(null)" 
2023-08-02 08:12:15 NTLM failed: FORTI@TESTNET((null)), reason: not_authenticated 

FSSO Collector agent debug shows the error 'AcceptSecurityContext failed: 0x8009030c' for user 'FORTIADM' as below.

08/02/2023 08:12:15 [ 9704] AcceptSecurityContext failed: 0x8009030c
08/02/2023 08:12:15 [ 9704] NTLM auth failed
08/02/2023 08:12:15 [ 9704] domain:TESTNET
08/02/2023 08:12:15 [ 9704] user:fortiadm
08/02/2023 08:12:15 [ 9704] workstation:TESTPC01

 

The error code '0x8009030c' is a Windows error code for 'SEC_E_LOGON_DENIED' and it is not related to FortiGate or FSSO agent:

AcceptSecurityContext (General) function

 

The issue can be resolved by disabling the authentication loopback check for the NTLM by following the below steps:

  1. Select Start, select Run, type regedit, and then select 'OK'.
  2. Locate and then select the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. 'Right-click' Lsa, point to New and then select DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. 'Right-click' DisableLoopbackCheck, and then select 'Modify'.
  6. In the Value data box, type 1, and then select 'OK'.
  7. Exit Registry Editor.
  8. Restart Server.
704
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.