This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

Chained authentication failure in Microsoft Internet Explorer

When Kerberos is chained together with LDAP or AR System for authentication and you try to log on to BMC Atrium SSO Console in Microsoft Internet Explorer (IE) browser, the authentication fails. You can detect the issue by removing the Kerberos module from the authentication chain. The authentication works correctly when Kerberos is removed.


You might face this issue due to an optimization feature that Microsoft added to IE that causes IE to not send user-entered credentials to the BMC Atrium Single Sign-On server. When you disable this optimization, the credentials are sent and the user is successfully authenticated. 


You can also avoid this issue by using Mozilla Firefox or other compatible browsers.

To resolve this issue from the client side

  1. Use the Registry Editor (Regedt32.exe) to add a value to the following registry key:
    HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/


    The registry key shown here is one path; it has been wrapped for readability.

  2. Add the following information for the new registry value:

    Value Name: DisableNTLMPreAuth
    Data Type: REG_DWORD
    Value: 1

For more information about disabling the optimization feature, refer to the knowledge base (KB) article from Microsoft, You cannot post data to a non-NTLM-authenticated Web site.


You should ignore the instructions about disabling Kerberos or Integrated Windows Authentication mentioned in the KB article.

Was this page helpful? Yes No Submitting... Thank you