NTLM proxy authentication for XPress Update Server (XUS) is no longer supported under FIPS compliant versions of SiteProtector (SP 8.0, SP8.1 and SP9.0). When FIPS support was added, NTLM authentication was discontinued.
As result, downloading SiteProtector updates via proxy NTLM is not possible.
The only workaround is to use an old version of XUS (with no FIPS support) installed on a different location, and use it as secondary remote XUS for your local Site Protector deployment. The remote XUS will authenticate against the proxy with NTLM support as needed.
Starting from Service Pack 8.0, SiteProtector now supports FIPS (Federal Information Processing Standards) for usage by government agencies. However, by introducing FIPS support, this made the MD5 algorithm incompatible with NTLM authentication. This means that NTLM is no longer working in XPress Update Server 1.8 and above.
We are currently investigating on the possibility to have NTLM working if FIPS is not enabled. Future versions of XUS might allow NTLM authentication again but for the moment there is not a definite date or version when this could be fixed.
If NTLM authentication is a strict requirement, we recommend using a secondary stand-alone XPress Update Server at version 1.7. Install it on a different server and point the locally deployed primary XUS to download from the secondary according to the documentation. SiteProtector 7 stand-alone XUS install would work.
In this scenario, it is fundamental to change the secondary XUS component update policy to disable the self-update feature which would cause the XUS to go up to latest version and reintroduce the problem.
This restrictions also apply to the Manual Upgrader.
Because NTLM conflicts with FIPS compliance, there is currently no plan to add it.