After upgrading the SteelHead appliance to RiOS 9.12.x (or higher) in Kerberos Authentication mode (aka WORKSTATION mode), SMB traffic is getting blacklisted due to NTLM authentication problems.
On the Server-Side SteelHead Appliance the following error messages are observed:
Sep 14 00:10:00 Steelhead sport[63484]: [smbsign/sfe.NOTICE] 98910 {x.x.x.x:55136 y.y.y.y:445} connection in black list - NTLM traffic
configured for pass through. Steelhead domain join type does not support NTLM.
Sep 14 00:15:00 Steelhead sport[63484]: [smbsign/sfe.NOTICE] 99976 {x.x.x.x:55165 y.y.y.y:445} Adding connection to timed black list - NTLM
traffic configured for pass through. Steelhead domain join type does not support NTLM.
This issue is caused by the Client-Side SteelHead appliances being joined to the Domain with Kerberos Mode without configuring the Server-Side SteelHead appliance to pass through NTLM Traffic.
To correct this issue, please follow the instructions located at link below: https://supportkb.riverbed.com/support/index?page=content&id=S36944
If you need any additional assistance, please open a ticket with Teneo Support.
Comments
0 comments
Please sign in to leave a comment.