This problem is having a major impact for many users in my account.
The users are testing streaming course ware delivery over the Internet and also hitting the proxy re-login prompt.
The problem with them is that after re-logging in the course restarts at the beginning.
So it is not a fit for purpose environment for this application currently.
The same problem occurs for companies webcast through Internet.
Recent test with the users have confirm the issue occurs using the following version of flash:
Adobe Flash Player ActiveX 126.96.36.199
Adobe Flash Player ActiveX 188.8.131.52
The Shockwave Flash NTLM authentication issue is characterised by the following packet sequence: WS sends Request to Server. Server closes the TCP connection without a response to the request. The WS establishes a new TCP connection and resend the request with previous NTLM Authentication details (ie does not go through the correct NTLM handshake for proxy authentication failure and the browser to pop for user credentials.
When the above occurs,
The problem occurs on Windows XP SP3 with IE7 or IE8 with Flash Player 184.108.40.206
Is the problem a known issue with Adobe Flash Player ?
The issue (as attached), I believe, is to do with users accessing http://www.media-server.com/m/p/db5o3sdq, where the user is prompted for authentication while the page is already being accessed.
Could you please open a new bug report on this over at bugbase.adobe.com? Please provide any steps, URL and login information, or sample code/application available. If you'd like to keep these private, please feel free to email them to me directly at firstname.lastname@example.org. Please post back with the URL so that others affected can add their comments and votes.
Do you know what version this started occurring with? If so, please add this information to the bug.
I have submitted Bug 3143847.
If you have any relevant attachment or additional notes, you could add to the bug reported.
Also, you could vote on this bug as I could not vote on this bug.
[private data removed]
Thank you Peter. As mentioned, I'd like to encourage anyone affected by this issue to please visit the following bug, vote for it, and let us know how it impacts your business.
The bug report states can not reproduce. I understand the problem and am happy to help Adobe understand if they want to email me and organise a webex.
The problem is associated with the way IE handles NTLM on a new connection. When performing a POST request, it will make two requests: the first contains a type1 NTLM token and no body, and the second will contain the type 3 token and the body. It does this because it expects to perform NTLM authentication as NTLM is connection not session based, and hence for efficiency, it doesn't send the POST body on the first request (knowing a second request will be required).
The POST request initiated by the Flash application is only made once, so it presents a POST request and no body with the type 1 token to the web server (ie IIS, or some Java implementation such as SSO Plugin), and does not make a second request with a type 3 token and the body. It gives up and automatically prompts the user for a username/password, which is the wrong behaviour when the browser is in the Local Intranet zone and the web server responded with a type 2 token.
I can reproduce this easily and it is a serious bug: it means that any Flash application that is accessed via Integrated Windows Authentication and IE will fail when trying to make a POST request, such as uploading a file from the user.
SSO Plugin for BMC, HP and more.
I've not had any response from Adobe. It's about time we got this issue resolved and I can provide a Fiddler trace if my lengthy explanation was not clear enough. I'm happy to provide a webex to demonstrate the problem, if this would be of help to Adobe.
Please contact me via email to arrange the next steps.
I just took a look at the bug report and it looks like the last message from Adobe was a request to test this against 11.3. Since there was no response until today, it's possible we were waiting on a response before continuing. I know this doesn't sound optimal, but with your response we should take a look again.
I'd also like to once again encourage everyone affected to vote for this bug. We have a limited number of resources available for each upcoming release. A bug with just a single vote might not garner the same attention as one with 30+ votes.
That said, this looks similar to another bug I was reading yesterday that should be fixed in our beta 2 release (scheduled for early to mid next week.)
Thanks for the update.
Production Engineering NSW
HP Enterprise Services
Telephone +61 2 9012 5257
Mobile +61 414 886 757
Level 4, 36-46 George Street, Burwood NSW 2134