Received: from BYAPR01MB4888.prod.exchangelabs.com (2603:10b6:5:74::30) by
 DM5PR0101MB3194.prod.exchangelabs.com with HTTPS via
 DM6PR07CA0053.NAMPRD07.PROD.OUTLOOK.COM; Thu, 24 Oct 2019 00:14:13 +0000
Received: from MN2PR01CA0025.prod.exchangelabs.com (2603:10b6:208:10c::38) by
 BYAPR01MB4888.prod.exchangelabs.com (2603:10b6:a03:7a::28) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2367.24; Thu, 24 Oct 2019 00:14:12 +0000
Received: from CO1NAM03FT004.eop-NAM03.prod.protection.outlook.com
 (2a01:111:f400:7e48::206) by MN2PR01CA0025.outlook.office365.com
 (2603:10b6:208:10c::38) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2367.21 via Frontend
 Transport; Thu, 24 Oct 2019 00:14:11 +0000
Authentication-Results: spf=fail (sender IP is 18.7.71.32)
 smtp.mailfrom=PADL.COM; mitprod.mail.onmicrosoft.com; dkim=fail (body hash
 did not verify) header.d=padl.com;mitprod.mail.onmicrosoft.com; dmarc=fail
 action=none header.from=padl.com;
Received-SPF: Fail (protection.outlook.com: domain of PADL.COM does not
 designate 18.7.71.32 as permitted sender) receiver=protection.outlook.com;
 client-ip=18.7.71.32; helo=mail.exchange.mit.edu;
Received: from mail.exchange.mit.edu (18.7.71.32) by
 CO1NAM03FT004.mail.protection.outlook.com (10.152.80.154) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.2387.20 via Frontend Transport; Thu, 24 Oct 2019 00:14:09 +0000
Received: from w92expo13.exchange.mit.edu (18.7.74.67) by
 w92exhyb2.exchange.mit.edu (18.7.71.32) with Microsoft SMTP Server (TLS) id
 15.0.1395.4; Wed, 23 Oct 2019 20:14:08 -0400
Received: from oc11exhyb7.exchange.mit.edu (18.9.1.112) by
 w92expo13.exchange.mit.edu (18.7.74.67) with Microsoft SMTP Server (TLS) id
 15.0.1365.1; Wed, 23 Oct 2019 20:14:08 -0400
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (104.47.37.53) by
 oc11exhyb7.exchange.mit.edu (18.9.1.112) with Microsoft SMTP Server (TLS) id
 15.0.1395.4 via Frontend Transport; Wed, 23 Oct 2019 20:14:08 -0400
Received: from MN2PR01CA0009.prod.exchangelabs.com (2603:10b6:208:10c::22) by
 BN7PR01MB3716.prod.exchangelabs.com (2603:10b6:406:86::14) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2387.20; Thu, 24 Oct 2019 00:14:06 +0000
Received: from CO1NAM03FT019.eop-NAM03.prod.protection.outlook.com
 (2a01:111:f400:7e48::202) by MN2PR01CA0009.outlook.office365.com
 (2603:10b6:208:10c::22) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend
 Transport; Thu, 24 Oct 2019 00:14:06 +0000
Authentication-Results-Original: spf=pass (sender IP is 216.154.215.154)
 smtp.mailfrom=padl.com; mit.edu; dkim=pass (signature was verified)
 header.d=padl.com;mit.edu; dmarc=pass action=none
 header.from=padl.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of padl.com designates
 216.154.215.154 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.154.215.154; helo=us.padl.com;
Received: from us.padl.com (216.154.215.154) by
 CO1NAM03FT019.mail.protection.outlook.com (10.152.80.176) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.2387.20 via Frontend Transport; Thu, 24 Oct 2019 00:14:05 +0000
Received: by us.padl.com  with ESMTP id x9O0Drk6011228; Thu, 24 Oct 2019 00:13:59 GMT
DKIM-Filter: OpenDKIM Filter v2.11.0 us.padl.com x9O0Drk6011228
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=padl.com; s=default;
	t=1571876040; bh=AMYGoSyxYfV/zh78ewi/kvaua0TkVlW6Yg02ajpQvW8=;
	h=From:Subject:Date:In-Reply-To:Cc:To:References:From;
	b=i+w0dLATGB+zAVRvrkEdfjlDA6v2nc6sCnCmlBjv1TkOQh7K51BzCAqFq5o8hsQet
	 Mvpy4m5fKXOD7ugqO4k9u7krZIFpt0w5dUYTmJQQTDRI+0S6EZ24aZWo79hgCXIEbf
	 Y7eRj4mrXEEtljahgPf5VpMxGwA3kfExEJ/WeeXL8IZNebSQaJQRwjtacYzBBR00K/
	 bMqFj4KYcZabkqcc4us+6ELvsK+rlKVAYv9vsK9QX7bbMXWo4+DggGC5+k0YyPYFcn
	 NdMT1TKzjSZ1TmSmQ6J36aGHY+mLb5BwjYrB7Vz1FSPt3UmRFfTSM4KqJBSq4HgFtz
	 GY34j2rWKh2iQ==
From: Luke Howard <lukeh@padl.com>
Message-ID: <CD48E733-0AA0-4E6D-9F61-B7457CC269F0@padl.com>
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_4A99ADCC-47B9-411A-B4BA-D346F2F60216"
Subject: Re: 119100524000153 NegoEx alerts
Date: Thu, 24 Oct 2019 11:13:51 +1100
In-Reply-To: <4e18ba04-85be-ea47-faa3-84f1e2cb046f@mit.edu>
Cc: Edgar Olougouna <edgaro@microsoft.com>,
        support <support@mail.support.microsoft.com>
To: Greg Hudson <ghudson@mit.edu>
References: <BL0PR2101MB09316491570FDAF40165ADD3C5990@BL0PR2101MB0931.namprd21.prod.outlook.com>
 <SN6PR2101MB13427C92A81157D0561D61F8DB9B0@SN6PR2101MB1342.namprd21.prod.outlook.com>
 <c4cfee07-88ac-1475-e019-05b407bc23eb@mit.edu>
 <SN6PR2101MB134210D8EF69D0218411549CDB930@SN6PR2101MB1342.namprd21.prod.outlook.com>
 <SN6PR2101MB13421BCBC309907BA38E3932DB6C0@SN6PR2101MB1342.namprd21.prod.outlook.com>
 <SN6PR2101MB134294FB1A85E7AF4424C829DB6B0@SN6PR2101MB1342.namprd21.prod.outlook.com>
 <4e18ba04-85be-ea47-faa3-84f1e2cb046f@mit.edu>
X-Mailer: Apple Mail (2.3445.9.1)
Return-Path: lukeh@PADL.COM
X-EOPAttributedMessage: 1
X-Forefront-Antispam-Report-Untrusted:
 CIP:216.154.215.154;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(4636009)(199004)(189003)(8156004)(54906003)(71190400001)(6666004)(486006)(7636002)(8676002)(36756003)(34003)(7596002)(229853002)(1096003)(246002)(236005)(476003)(126002)(6916009)(50226002)(107886003)(6246003)(11346002)(5660300002)(7116003)(2171002)(54896002)(2616005)(76176011)(426003)(4326008)(86362001)(446003)(26005)(53546011)(356004)(33964004)(106002)(33656002)(336012)(42186006)(16586007);DIR:INB;SFP:;SCL:1;SRVR:BN7PR01MB3716;H:us.padl.com;FPR:;SPF:Pass;LANG:en;PTR:us.padl.com;A:0;MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: fa13af4a-9caa-4deb-8321-08d7581717b9
X-MS-TrafficTypeDiagnostic: BN7PR01MB3716:|BYAPR01MB4888:
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Oob-TLC-OOBClassifiers: OLM:7691;OLM:7691;
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
 =?us-ascii?Q?CnkjaP+YrMX/BZUTGL8XfNaBmXEShO4LnaniT65/zsESH9P5kVEPadrreXuQ?=
 =?us-ascii?Q?4onYUQleYY03fDtAC57HHVQfgLXfqvTEwfaO9LcBbSY6kSYHHiX3Ju+IF94b?=
 =?us-ascii?Q?tWQ/b5wA0aQ42ognTcwVK8VILfJkuDmYnVV6ep7f+um51NyCghgE83wS6lX2?=
 =?us-ascii?Q?+/eU/0XWIkwJQ0Q/EBvelZKN7hdSas4BgVmr68u24si/j+lVPuTUfLMNg+8B?=
 =?us-ascii?Q?3XcLvycmrzfoG4CPcs5SnW2/oIYH/Ifst3HYBZqA48J+9koyQIV9T1YqnLM+?=
 =?us-ascii?Q?I1SdTQ1dVFJ80l+Rpi/vx36C08TiN6ZlpeQy69F7iM64dSVl26OjgPpz42ct?=
 =?us-ascii?Q?VIaXZcbS6wCNTebcwX1OT1VtbJI04ovme3gZ668tOCGvieRdzK/EaKz3uQT4?=
 =?us-ascii?Q?Tqvoz5zB1bWwbgGosqoVegazyhkn/nN1FMZKmuA0EM+mgo3/E4CuVMtbotuH?=
 =?us-ascii?Q?n6fYBPhyb1QwQw0OxKhG3LbxVaNbAlQSXyW5cx7wxcv0OSB0a2XjoANxa9hy?=
 =?us-ascii?Q?XlR8ZBqppLT9cBkAsFM2rE9wTyVdAMSQSEYnPXJzJxYe0JYQZbJI9d79q5Lf?=
 =?us-ascii?Q?uQw0GfP47APLVdjuodCLb97YTi2mOLec/lLyHkGuF/f1owJQVQzkjh/xblyF?=
 =?us-ascii?Q?a37udzlSPGfKd9+blrWjBQF9n+kvtDRc3BdWgxoxXnW4u3E+DCFGMXhtKulq?=
 =?us-ascii?Q?PQgxqMTlF0C0iaIS8mZ3CWBHxolRxjA526Kg4YjnqlZoTlLbc5MMTIzGLZO2?=
 =?us-ascii?Q?0f56IlUjQ+QTejkWm448ch1MrYNGDJDpQroJuC+/zE2CazOA4j6rkqGSQ09i?=
 =?us-ascii?Q?SGuyg6U1A/7DmK8XLTjEY2Lru1ATR0MDeJH0iNgsg50l3WY7b2c8fxVdHLSM?=
 =?us-ascii?Q?e0ChSfGJw22kcadM77o2YqxWzNBexHwRB2LBVs55Vzgp6Qxov76aprgSpSBa?=
 =?us-ascii?Q?e5eelu88VnWJZwbD90GqgwuQBNmFZA1RJRAgr9hRl/LDf0r2SLOFaQ9e4WGg?=
 =?us-ascii?Q?KD6W2xy1jQ0gA8ORg5wGyOPYmuTBBh5KoU2NB6pW5Ge57uzH/YRXpTv32efy?=
 =?us-ascii?Q?5/Aaqq9m7PMqpgSffjoMIpOk74U6Fg=3D=3D?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR01MB3716
X-OrganizationHeadersPreserved: BN7PR01MB3716.prod.exchangelabs.com
X-CrossPremisesHeadersPromoted: oc11exhyb7.exchange.mit.edu
X-CrossPremisesHeadersFiltered: oc11exhyb7.exchange.mit.edu
X-OrganizationHeadersPreserved: w92expo13.exchange.mit.edu
X-MS-Exchange-Organization-ExpirationStartTime: 24 Oct 2019 00:14:10.1740
 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
 fa13af4a-9caa-4deb-8321-08d7581717b9
X-MS-Exchange-Organization-MessageDirectionality: Originating
X-MS-Exchange-Organization-SCL: 1
X-CrossPremisesHeadersPromoted:
 CO1NAM03FT004.eop-NAM03.prod.protection.outlook.com
X-CrossPremisesHeadersFiltered:
 CO1NAM03FT004.eop-NAM03.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
 CO1NAM03FT004.eop-NAM03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:18.7.71.32;IPV:NLI;CTRY:US;EFV:NLI;
X-MS-Exchange-Organization-AuthSource:
 CO1NAM03FT019.eop-NAM03.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-OriginatorOrg: exchange.mit.edu
X-MS-Office365-Filtering-Correlation-Id-Prvs:
 7e298eb9-ac14-417c-d707-08d758171523
X-Microsoft-Antispam: BCL:0;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2019 00:14:09.8957
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fa13af4a-9caa-4deb-8321-08d7581717b9
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b;Ip=[18.7.71.32];Helo=[mail.exchange.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR01MB4888
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.7452090
X-MS-Exchange-Processed-By-BccFoldering: 15.20.2367.016
X-Microsoft-Antispam-Mailbox-Delivery:
	ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(750127)(520011016)(944506383)(944626516);
X-Microsoft-Antispam-Message-Info:
	G30Blngyd8K27aUWl5F/mPyrqE+4tjykkphHCjyYs22U0i3kEzCbaC4cb96dkkGmuK0fItxiThjwAZ22dEVtarFuCW1wzi16MEMb/xRM2f39CddLH9F0LxS/fe5TiqJKx8dDU2vbTBYkLRBuDF0PAPocpwrpSGaVMcbpMtiILhtPsLcv0BZXeTU6Ed6eHVmIkzJnAmGzJKGx45NU6P8mP/VREM8yqUAl/iCJpi5aKVc6oH90kbVlmxpvpQ0gKQnITc1xUVFwcYMn+VFkrfO6FLBs8H5GVvLOvDDPRXIK/h61Tu4+zkqSYXB1kEg3Eyk9JIzllwrBlMcqWFhoiXd88KOj6W0TiEWl2AtDhShqp3qNjolC2d620U6tnlOnP4KX8Ko9A3nUEcDW2g0Gocq9GLbzaoFvGPnQ2jVrMKNBCKgDQwwHg++QLraDbeHFD77JxRMTMKWyrpGgQthw51dK+A8My09Hoxo+X6LyVt/IEEiYsxd5mXOT4SA6CVk1Lnn7Cw9pCz+0vEO2rvq0RTTd74jyuCTBxdN56U2m0pFz5lNnlCGfKZ9EI6p8TDzj6XaYH7m3+mPilVIy/ZPb6eX5SFhSHrKnhfRHw/sq+SprWes0QIeN1t6AS48wF44Pg6b6W4+2QmxAPrXjxiAX4wRioMX5njKWW0lBdk0CU7DiRhMmp2r6wrGFkVgw0YZvVd0gVbz7C3SnMFBaQ7LLNC0xRmJJ3fa92zDzpRjlz4R/3j+E6AAuZyi+gAep6khfc4hDuT3EbwGABItsFK2uvTTGutjOORNYnqzUOm4WB99jm8CCjjEK+9pqP7hd+vBkNGBSIp2gOfvTpdwU73GHztIfDxcUPbenUjb83sChlpSRVVaOFVu855dmaAz2De5CsnO8M9czuTATGbBUYhgm6N39W8bSN5KOheaJ+QfLjdKWSoSzWOkhVKtmawrvQkGEllgv0qN2OCLsMl1HuDzQozfFgw==
MIME-Version: 1.0

--Apple-Mail=_4A99ADCC-47B9-411A-B4BA-D346F2F60216
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"


> On 24 Oct 2019, at 2:44 am, Greg Hudson <ghudson@mit.edu> wrote:
>=20
> been written for Windows.  (My vague understanding is that Windows =
makes
> it complicated for SSPs to be advertised directly under SPNEGO, so =
they
> tend to be negotiated via NegoEx.)

Yes, from Windows 8, it=E2=80=99s not possible for an SSP to advertise =
as both SPNEGO and NegoEx, and also there are some limitations to =
advertising it under SPNEGO (you need to place it in front of NTLM for =
example). So it can be useful from an interop perspective.

Cheers,
Luke=

--Apple-Mail=_4A99ADCC-47B9-411A-B4BA-D346F2F60216
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"

<html><head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8"></=
head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; line-b=
reak: after-white-space;" class=3D""><br class=3D""><div><blockquote type=
=3D"cite" class=3D""><div class=3D"">On 24 Oct 2019, at 2:44 am, Greg Hudso=
n &lt;<a href=3D"mailto:ghudson@mit.edu" class=3D"">ghudson@mit.edu</a>&gt;=
 wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><span =
style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px=
; font-style: normal; font-variant-caps: normal; font-weight: normal; lette=
r-spacing: normal; text-align: start; text-indent: 0px; text-transform: non=
e; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none; float: none; display: inline !important;" class=3D""=
>been written for Windows. &nbsp;(My vague understanding is that Windows ma=
kes</span><br style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; f=
ont-size: 14px; font-style: normal; font-variant-caps: normal; font-weight:=
 normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-=
transform: none; white-space: normal; word-spacing: 0px; -webkit-text-strok=
e-width: 0px; text-decoration: none;" class=3D""><span style=3D"caret-color=
: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal=
; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: non=
e; float: none; display: inline !important;" class=3D"">it complicated for =
SSPs to be advertised directly under SPNEGO, so they</span><br style=3D"car=
et-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style=
: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: n=
ormal; text-align: start; text-indent: 0px; text-transform: none; white-spa=
ce: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decorat=
ion: none;" class=3D""><span style=3D"caret-color: rgb(0, 0, 0); font-famil=
y: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: norma=
l; font-weight: normal; letter-spacing: normal; text-align: start; text-ind=
ent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -we=
bkit-text-stroke-width: 0px; text-decoration: none; float: none; display: i=
nline !important;" class=3D"">tend to be negotiated via NegoEx.)</span></di=
v></blockquote></div><br class=3D""><div class=3D"">Yes, from Windows 8, it=
=E2=80=99s not possible for an SSP to advertise as both SPNEGO and NegoEx, =
and also there are some limitations to advertising it under SPNEGO (you nee=
d to place it in front of NTLM for example). So it can be useful from an in=
terop perspective.</div><div class=3D""><br class=3D""></div><div class=3D"=
">Cheers,</div><div class=3D"">Luke</div></body></html>=

--Apple-Mail=_4A99ADCC-47B9-411A-B4BA-D346F2F60216--