Thanks for the clarification, even im with you that NTLM negotiation failed that's why user gets prompted. Leve 5 to Level 4 is ok, there is no issue. Even we tested with all other schemes(html, custom,2 factor, basic) they work as expected.
Issue is only with IWA auth scheme.
We could capture one successful and one failure request as out of many requests, one request passes where user does not get prompted for windows prompt and he is taken to next level.
Compared the web agent trace logs on web server, i see only following difference in the logs.
For successful request, i see generated NTLMCRED cookie. Does this log make any sense??
dvancedAuthCore.cpp:162][SmAdvancedAuthCore::GatherCredentials][00000000000000000000000001000000-2eb0-561fcc4d-356c-037a68db][*172.26.41.183][][/][][Validating target for 4.x compatibility mode.]
[10/15/2015][10:54:53][11952][13676][SmAdvancedAuthCore.cpp:933][SmAdvancedAuthCore::validateTargetDomain][00000000000000000000000001000000-2eb0-561fcc4d-356c-037a68db][*172.26.41.183][][][][][Target's c and agent configured match.]
[10/15/2015][10:54:53][11952][13676][SmAdvancedAuthCore.cpp:202][SmAdvancedAuthCore::GatherCredentials][00000000000000000000000001000000-2eb0-561fcc4d-356c-037a68db][*172.26.41.183][][][Credential Collector using 4.x compatibility mode.]
[10/15/2015][10:54:53][11952][13676][SmNTC.cpp:545][SmNtc::processCompatMode][00000000000000000000000001000000-2eb0-561fcc4d-356c-037a68db][*172.26.41.183][][][][][Generated NTLMCRED cookie.]
[10/15/2015][10:54:53][11952][13676][SmPluginUtilities.cpp:481][HandleCredCollectorReturn][00000000000000000000000001000000-2eb0-561fcc4d-356c-037a68db][*172.26.41.183][]][][POST preservation, handling return from credential collector.]
[10/15/2015][10:54:53][11952][13676][SmPluginUtilities.cpp:618][HandleCredCollectorReturn][00000000000000000000000001000000-2eb0-561fcc4d-356c-037a68db][*172.26.41.183][]][][http response ]