Google Apps—Error Message HTTP 403: Forbidden Received When Using NTLM Authentication

Release Notes › Known Issues › Endpoint Types › Google Apps › Google Apps—Error Message HTTP 403: Forbidden Received When Using NTLM Authentication

Google Apps—Error Message HTTP 403: Forbidden Received When Using NTLM Authentication

Symptom:

When I try to use NTLM authentication I receive the error HTTP 403: Forbidden from the proxy server and the Google Apps domain is not acquired.

Solution:

The error occurs because on a Windows computer, CA IAM CS is installed as a Windows Service and runs as Local System by default.

If CA IAM CS is running on a Windows computer and NTLM is the strongest authentication scheme supported by the HTTP proxy, the Google Apps connector attempts to use NTLM authentication with the HTTP proxy.

If your HTTP proxy server uses NTLM authentication, configure CA IAM CS to run under a Windows domain account or a Windows local account.

To configure NTLM authentication

Do either of the following:

Run CA IAM CS with a Windows account that can be authenticated with the HTTP proxy server without providing a user name and password for proxy authentication when creating the endpoint.
Run CA IAM CS with a Windows account that cannot be authenticated with the HTTP proxy server, and provide a HTTP user name and password that can be authenticated with the proxy when creating the endpoint.

Note: If you use a Windows domain user for HTTP proxy authentication, prefix the HTTP proxy user name with the Windows domain that the user is in. For example, DOMAIN\ProxyUserAccountName.