We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Mulongo oyo etiyamaki na archive. Tuna motuna mosusu soki osengeli na lisalisi

Proxy authentication causes connection to icloud.com to fail

more options

Hello,

Whenever we try to connect to www.icloud.com with Firefox, communication fails. We use an explicit Blue Coat proxy setup to connect to the internet and Kerberos/NTLM authentication. We opened a case with Blue Coat, but we concluded the problem is related to Firefox. Disabling authentication is an option, but more and more users are complaining on different websites, and we cannot keep on disabling authentication on all websites.

When we take a closer look on the packet capture, it appears all communication goes through fine, except for connections to setup.icloud.com. The proxy generates errors like these: onbox_unmapped_error - an unrecoverable internal error These indicate an internal proxy error, however, after further verification it appears to be a bug in Firefox.

This occurs both with Kerberos & NTLM. Kerberos:

6288.030 LW_Error_to_auth_result(), mapping unknown error code -1765328350 to AUTH_E_ONBOX_UNMAPPED_ERROR 2425350 6288.030 gss_accept_sec_context failed. Major: 0xD0000, Minor: 0x96C73A22(-1765328350). Request is a replay 6288.030 GSSAPI: Error in gss_accept_sec_context() at g_accept_sec_context.c:225 [major: 851968, minor: -1765328350] 6288.030 GSSAPI: gss_accept_sec_context() at g_accept_sec_context.c:223 [Minor: -1765328350] 6288.030 GSSAPI: Error in gss_accept_sec_context() at g_accept_sec_context.c:225 [major: 851968, minor: -1765328350] 6288.030 GSSAPI: gss_accept_sec_context() at g_accept_sec_context.c:223 [Minor: -1765328350]

NTLM:

0994.251 TRACE: lsass - [ntlm_gss_accept_sec_context() gssntlm.c:1201] Error code: 40041 (symbol: LW_ERROR_INVALID_PARAMETER) 0994.251 TRACE: lsass - [NtlmClientAcceptSecurityContext() acceptsecctxt.c:93] Error code: 40041 (symbol: LW_ERROR_INVALID_PARAMETER) 0994.251 TRACE: lsass - [NtlmTransactAcceptSecurityContext() clientipc.c:222] Error code: 40041 (symbol: LW_ERROR_INVALID_PARAMETER)

We never experience this with other browsers such as Chrome, Internet Explorer, ... We first experienced it with Firefox 45. However, we are now at Firefox 53 and are still experiencing this. I was hoping the Firefox development team would have solved this by now. We realize we have no support contract, however, I would be surprised if we would be the only ones experiencing this.

We also noticed this towards other websites, however, icloud.com is the easiest to replicate the issue. Attached you can find the output of this error in the browser

Best Regards, Dimi De Belder

Hello, Whenever we try to connect to www.icloud.com with Firefox, communication fails. We use an explicit Blue Coat proxy setup to connect to the internet and Kerberos/NTLM authentication. We opened a case with Blue Coat, but we concluded the problem is related to Firefox. Disabling authentication is an option, but more and more users are complaining on different websites, and we cannot keep on disabling authentication on all websites. When we take a closer look on the packet capture, it appears all communication goes through fine, except for connections to setup.icloud.com. The proxy generates errors like these: onbox_unmapped_error - an unrecoverable internal error These indicate an internal proxy error, however, after further verification it appears to be a bug in Firefox. This occurs both with Kerberos & NTLM. Kerberos: 6288.030 LW_Error_to_auth_result(), mapping unknown error code -1765328350 to AUTH_E_ONBOX_UNMAPPED_ERROR 2425350 6288.030 gss_accept_sec_context failed. Major: 0xD0000, Minor: 0x96C73A22(-1765328350). Request is a replay 6288.030 GSSAPI: Error in gss_accept_sec_context() at g_accept_sec_context.c:225 [major: 851968, minor: -1765328350] 6288.030 GSSAPI: gss_accept_sec_context() at g_accept_sec_context.c:223 [Minor: -1765328350] 6288.030 GSSAPI: Error in gss_accept_sec_context() at g_accept_sec_context.c:225 [major: 851968, minor: -1765328350] 6288.030 GSSAPI: gss_accept_sec_context() at g_accept_sec_context.c:223 [Minor: -1765328350] NTLM: 0994.251 TRACE: lsass - [ntlm_gss_accept_sec_context() gssntlm.c:1201] Error code: 40041 (symbol: LW_ERROR_INVALID_PARAMETER) 0994.251 TRACE: lsass - [NtlmClientAcceptSecurityContext() acceptsecctxt.c:93] Error code: 40041 (symbol: LW_ERROR_INVALID_PARAMETER) 0994.251 TRACE: lsass - [NtlmTransactAcceptSecurityContext() clientipc.c:222] Error code: 40041 (symbol: LW_ERROR_INVALID_PARAMETER) We never experience this with other browsers such as Chrome, Internet Explorer, ... We first experienced it with Firefox 45. However, we are now at Firefox 53 and are still experiencing this. I was hoping the Firefox development team would have solved this by now. We realize we have no support contract, however, I would be surprised if we would be the only ones experiencing this. We also noticed this towards other websites, however, icloud.com is the easiest to replicate the issue. Attached you can find the output of this error in the browser Best Regards, Dimi De Belder

All Replies (1)

more options

Image uploaded