Mozilla Firefox keeps asking for credentials repeatedly

The information in this article applies to:

  • GFI FAXmaker for Networks 11

Article ID: KBID001782

Query keywords: Firefox

Issue Encountered

GFI WebMonitor is installed on Microsoft Windows 2008 and is configured to use integrated authentication. Mozilla Firefox browser keeps asking for credentials repeatedly when installed on Microsoft Windows 7.

More Information

On Microsoft Windows 2008, the default setting for the LAN Manager authentication level security policy (shown below) is "Send NTLMv2 response only", and on Microsoft Windows 7 the default is to have this policy not defined. This causes the workstation and server computers to negotiate usage of NTLMv2 for authentication. Support for NTLMv2 in Mozilla Firefox is flaky or non-existent, causing the observed behaviour.

Resolution:

If you’re using Mozilla Firefox in such an environment and you’re observing the above behavior, you need to do one of the following:

  • Make use of hostname rather than IP when configuring the proxy settings in the browser. If you are using the WPAD option in GFI WebMonitor you should select “Publish the host name of the GFI WebMonitor proxy in WPAD” in the ‘Network Configuration’ section of the GFI WebMonitor ‘Proxy Settings’ node.
     
  • Ensure that both the GFI WebMonitor server and workstations use a common authentication mechanism. Such a change can be applied on either the GFI WebMonitor server or the client machines:

    GFI WebMonitor server

    If you wish to change the GFI WebMonitor server authentication mechanism, perform the following procedure:
  1. Click 'Start' > 'Administrative Tools' > 'Local Security Policy'
  2. Expand 'Local Policies' and select 'Security Options'
  3. Right click on 'Network Security: LAN Manager authentication level' from the right panel and click 'Properties'
  4. Select 'Local Security Setting' tab in the Network Security: LAN Manager authentication level Properties dialog
  5. Select 'Send LM & NTLM - use NTLMv2 session security if negotiated from the Network security' drop-down list
  6. Click 'Apply' and 'OK'
  7. Close Local Security Policy dialog

Workstations

Should you wish not to update the GFI WebMonitor server authentication mechanism, you can update the authentication mechanism of your workstations. Set the "Network security: LAN Manager authentication level" policy to "Send LM & NTLM - use NTLMv2 session security if negotiated" on your workstations. If your workstations are joined to an Active Directory domain you can do this centrally via domain security policy