Hello Wasfi,
I know this is going to sound silly but check in the Policy trace as you reproduce this issue that the request is matching the correct Authentication Policy, and then check the authentication policy Action to make sure it is referencing the correct Realm, also verify that the correct Auth Mode is selected, or set it to Auto.
If the above is all good, then check the Eventlog of the AD server to find the Auth Requests from this user to see what is the error message if there is any.
You may need to provide to the support team under the ticket the , Auth/debug and the lsa/debug as you reproduce the issue.
Things to try.
Reboot the proxy and rejoin to the domain in case something is stuck in the memory .
Slava
Original Message:
Sent: 09-18-2020 06:08 AM
From: Wasfi Bounni
Subject: I am not getting the NTLM challenge "Type 2 messages" from the Proxy SG
Hi;
In an IWA direct realm, the client sends the NTLM negotiate "Type 1 message". However, no NTLM Challenge comes back from the Proxy SG. As a result, the client sees an Authentication Prompt presented by the Proxy SG. This is notwithstanding that the client is a domain user already authenticated to the domain. Has anyone encountered this situation before?
Kindly
Wasfi