Having a Windows Server which uses Kerberos or NTLM (obsolete) authentication and Firefox can’t access it?
It takes a long time loading the page, and it finally shows the following error message:
-2146893039 (0x80090311)
The server’s event log may contain errors with the IDs 537, 3034 and 681.
As it might be insecure to respond to negotiations, Firefox will not answer them as long as the server is not on the whitelist. It can be set in about:config
(type it in the address bar). Add your server to either of the following entries:
network.automatic-ntlm-auth.trusted-uris
network.negotiate-auth.trusted-uris
(In IE, this settings are located at Tools > Internet Options > Security > Local Intranet > Sites
)
For logging in, the SPNEGO protocol will be used. Here browser and server will negotiate whether to use NTLM or Kerberos for Authentication. Firefox rejects SPNEGO requests due to security reasons (DNS Spoofing, Man-in-the-Middle Attacks) if the server is not on the whitelist.
To change the settings for all computers, e.g. when distributing Firefox on PCs in a local network, adjust the following file:
Mozilla Firefox/geprefs/all.js
User settings can also be changed via a file named prefs.js
which is located in the profile directory.
Opera 9.5 does not support NTLM, Safari 3 does.