Normally if a user logon to the Symantec Management Platform 7.1 (SMP or NS) server, he should be able to browse all the pages without being required to logon again unless the logon state expired. It is observed that in SMP 7.1, it appears the user needs to logon a few times to properly load certain SMP Console items, especially when selecting the 'Settings > All Settings' console item, you have to logon about 6 to 8 times to allow the whole left navigation tree properly loaded. This issue is experienced 100% if the NS is a newly installed and the logon is the first logon to this NS server.
Steps to reproduce:
- Create a new SMP account, assign it as a member of the Symantec administrators
- Logon your SMP using a new created user (you can reset your IIS/NS service to make the issue more reproducible, however the behavior was not caused by restarting the IIS/NS service)
- Navigate to the 'Settings >All settings' page
In the left navigation pane, the 'Settings' navigation tree should be loaded properly without requesting re-logon
User had to logon another 6 to 8 times to allow the full tree completely loaded.
This issue has been noticed randomly and there is not a 100% duplication rate.
Many of the reasons that were causing to prompt for Credentials were addressed with the SMP 7.1 SP2 Release. However, there were other use cases where Dev couldn't duplicate what the customers reported.
The following steps are provided as suggestion if the issue is still present:
1) Please review and try the suggestions on Microsoft KB2749007 "An unexpected 401.1 status is returned when using Pre-Authentication Headers with Internet Explorer and Internet Information Services" 2) Within IE, add the SMP URL as a "Intranet site". 3) Open IIS Manager, select "/Default Web Site/Altiris/Console". On the right pane, double-click on "Authentication". After that, right-click on "Windows Authentication" and select "Providers...". By default, the Enabled Providers have the order of "Negotiate" and then "NTLM". We need to swap these so that "NTLM" is at the top of the list. 4) Check the "Enable Integrated Windows Authentication" checkbox in IE (under Tools_>Internet Options->Advanced->Security).