FrontMotion

I'm having a strange problem with Integrated Windows Authentication and FM Firefox CE 7.0.1. We have intranet sites that seem to work fine. They get the NTLM information and we are never prompted for username or password. However, we also use an automatic proxy script (PAC file) for internet access and the IWA isn't working using FM Firefox CE 7.0.1 and Windows 7. It works fine with the same exact settings for Windows XP machines, AND it works fine on Windows 7 machines if you use IE with the same exact PAC script. I know this might not be directly caused by the FMFirefoxCE package, but I have googled this problem for days with no leads at all. It appears that it has to be related to how Firefox reads the PAC script, since Internet Exporer works fine on the same machine.

I had similar problems with Firefox network settings (not related to a specific version, it was Firefox 4 I first tested it with, was the same with Firefox 5, and I guess that it might still be the same with the latest version). In our case it was not a PAC file as we do not use it, but I thought that I could say "Use system settings" (or similar as I don't know the original English text) in network tab so that I do not have to configure everything for Firefox, too. But the proxy override list ("do not use proxy for...") configured in Windows/Internet Explorer was not used. That is why we switched back to manual configuration for the network settings. So, only with manual configuation Firefox works in all cases, it seems. I second this that it probably is a general Firefox problem, not a FirefoxCE problem.

In my case, I have narrowed it down to actually having something to do with the commands written in our PAC script. I verified this by pointing Firefox CE to a different PAC script that is much simpler with less commands. I can't tell you which commands are failing yet.

I also don't understand why the same commands work fine on a Windows XP box with the same exact version of FIrefox CE and the same GPO settings. It seems to be related to how Firefox CE and Windows 7 interact, because Internet Explorer and Windows 7 don't have any problem processing the same PAC script.

Anyway, for now I am sending Firefox to the working PAC script. Thanks to FrontMotion and the ability to control Firefox CE with GPO settings!

May be the script is trying to read somethings that may require a UAC prompt? wmi is one potentially.

No, we have UAC completely disabled in our environment. I need to research javascript some more.

Looks like I might have stumbled across a "fix" for this issue. There is a chance Firefox was using an older "cached" version of the PAC script and some of the commands might also have been trying to use the IPv6 machine address instead of the IPv4 address. I'll know for sure in a few days, but so far the following 2 changes have allowed the PAC script to function correctly.

In Firefox config, I set

"network.dns.disableIPv6" to TRUE

and

"network.http.use-cache" to FALSE