Kerberos 401 Fallback to forms causing IE to break
I have an APM policy setup to perform Kerberos Auth first then fall back to Logon page if that fails. For IE only, When the fall back occurs and the logon page is returned and the user enters username and password for some reason no form data is posted to the APM and so the following AD Auth fails. Has anyone seen this, it seems to be the initial 401 that causes IE to break. If I clear IE cache then its fine as well as if I disable “Integrated Windows Auth” then the logon page is fine. So seems 401 breaks APM logon pages for IE that has cached a previous logon. Other browsers are fine. I am running IE11 and APM 12.1
APM Negotiate Kerberos Only
I have a simple APM policy starting with 401 Response configured for basic + negotiation, followed with a Kerberos Auth. When a domain member connects with IE, the Integrated Windows Authentication works great and does automatic authentication without prompting the user for logon. The problem is for non domain Windows systems using IE or Firefox. They are immediately presented with a logon window, but every time tries NTLM, which fails. Is there a way to force non domain members to BASIC instead?
