NTLM authentication not supported under FIPS compliance

Technote (troubleshooting)


NTLM proxy authentication for X-Press Update Server is no longer supported under FIPS compliant versions of SiteProtector (SP 8.0+).


When FIPS support was added in SiteProtector 2.0 SP 8.0+, NTLM authentication was discontinued. As result, downloading SiteProtector updates via proxy NTLM is not possible.

The only workaround is to use an older version of X-Press Update Server (XUS) that does not support FIPS installed on a different location, and use it as secondary remote XUS for your local Site Protector deployment. The remote XUS will authenticate against the proxy with NTLM support as needed.

Resolving the problem

Starting with SiteProtector 2.0 Service Pack 8.0, SiteProtector now supports FIPS (Federal Information Processing Standards) for usage by government agencies. However, by introducing FIPS support, this made the MD5 algorithm incompatible with NTLM authentication. This means that NTLM is no longer working in X-Press Update Server 1.8 and above.

If NTLM authentication is a strict requirement, we recommend using a secondary stand-alone XUS at version 1.7. Install it on a different server and point the locally deployed primary XUS to download from the secondary according to the documentation. SiteProtector 7 stand-alone XUS install would work.

In this scenario, it is fundamental to change the secondary XUS component update policy to disable the self-update feature which would cause the XUS to go up to latest version and reintroduce the problem.

This restrictions also applies to the Manual Upgrader.

Because NTLM conflicts with FIPS compliance, there is currently no plan to add it.

If the above information does not resolve your issue, please contact IBM Security Systems Customer Support.

Rate this page:

(0 users)Average rating

Document information

More support for:

IBM Security SiteProtector System

Software version:

2.0 SP 8.0, 2.0 SP 8.1, 2.9, 3.0

Operating system(s):


Reference #:


Modified date:


Translate my page

Machine Translation

Content navigation