[KB7241] Resolve the intranet single sign-on authentication issues with TLS filtering activated

Issue

Details

This situation can occur if the authentication is based on protocols such as SPNEGO (WWW-Authenticate: Negotiate), Kerberos, NTLM and if Channel Binding Tokens are utilized.

This behavior is a security feature of the underlying authentication protocol.

Solution

Create an exception on the affected computers-preferred solution

  1. Open the main program window of your ESET Windows product.
     
  2. Press the F5 key to access Advanced setup.
     
  3. Click Web and Email, expand SSL/TLS and next to List of known certificates click Edit.

Figure 1-1

  1. Click Add.

Figure 1-2

  1. Click URL and in the URL address field, type the domain name of the server and then click OK. To import the certificate manually, click File.

    Figure 1-3

  2. Next to Scan action, select Ignore and click OK.

Figure 1-4

  1. Click OK → OK to confirm the configuration change.

Figure 1-5

If you are managing ESET endpoint products remotely using ESET Security Management Center (or ERA/ECA), apply these settings as a policy.


Disable the "Extended Protection for Authentication" feature on the server

Disabling this feature will leave your server vulnerable to Man in the Middle attacks and is not recommended. We recommend that you attempt the solution above.

For more information see: