Customer noticed that NTLM authentication was failing when hitting specific BCAAA servers but working fine when the authentication requests was hitting a different BCAAA servers.
Kerberos authentication worked fine via both BCAAA servers.
PCAP simply showed that the proxy was returning a HTTP 500 internal server error to the client
ProxySG eventlog showed a generic message
2016-09-13 13:30:25+01:00BST "Unrecognised error reported to authentication agent." 2D 3B0003:1 pe_policy_action_auth_internal.cpp:676BCAAA windows eventlog was showing
6887.303 NTLMAuthenticateRCB@0x1F97E784F0[IWA_Realm]: Error returned from NTLM agent: 0x250129 Enabling BCAAA debug logs (see
How do I enable BCAAA debug logging?) showed that BCAAA was returning the following error
[15520:21700] AcceptSecurityContext failure, ContextLink=0x0 count=0, detail=1(Incorrect function.); status=-2146893054:0x80090302:The function requested is not supported