What are the potential causes of the " Authentication agent rejected request (context lost) " event on the ProxySG ?
Last Updated May 13, 2017
The "context lost" messages are a result of failed NTLM authentications. NTLM requires two round-trips between the browser and the BCAAA server, and BCAAA has to save state between these round-trips. The "context lost" message means that the client began its second round-trip, but BCAAA was unable to find the "context" it saved from the first round-trip. BCAAA therefore fails the request, because it no longer has the information it needs to validate the user credentials.
Some possible causes of "context lost" event : 1. The client took a realy long time to respond and begin the second round-trip. BCAAA keeps these NTLM context objects in a linked list, and will purge this list every two minutes. Any context object that is more than two minutes old will be deleted. Since the thread which does this purge only wakes up every two minutes, each context will have a maximum lifetime of between two and four minutes.
2. If the BCAAA processor (bcaaa-130.exe) was restarted, or if the BCAAA processor crashed between round-trips, then this problem might occur. In either of these cases, BCAAA would reset its TCP connection with the ProxySG, and the ProxySG would then reconnect. However, since BCAAA stores the context objects in the RAM, clients who performed their first round-trip before the crash would likely fail with this error.
Imported Document ID: 000014739
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe