This is an old Netware 6.0 SP5 / eDir system running BM 3.8.4, with two other NW 6.5 SP7 / eDir servers. NDS is in sync, time is in sync. All client machines were upgraded to Dell Optiplex 960's last summer and are functionally identical, running Windows XP SP3, Client 4.91 SP4, and Symantec Antivirus

The BM proxy cache and the Client Trust have worked fine for years but recently has started to behave oddly. It apparently randomly won't authenticate certain client IP addresses on our LAN.

On certain specific machines with CLNTRUST loaded, going to a website through the BM proxy results in an unending wait on a blank page that eventually times out. CLNTRUST shows no activity: no success or failures show up in the CLNTRUST window.

Meanwhile a computer right next to the misbehaving one will authenticate via CLNTRUST without any trouble. I have seen this problem randomly impact half the computers in a student computer lab. Rebooting the server makes the problem apparently go away for a while but it crops up again on a few machines in a week or two.

On friday I noted this one computer had problems so I put an out of order sign on it. All the machines were shut down Friday at 6pm. Today Sunday I power up this machine, try to authenticate via CLNTRUST and it still is hanging with no success or failure noted.

I am using the UDP 3024 client trust exception in the Windows XP firewall. Completely turning off the Windows firewall has no effect on this authentication problem.

Interestingly, if I manually change the client IP address of a machine having problems, then it will authenticate via the Client Trust just fine. I am unable to determine why this should matter. Our internal NAT'd ddresses are auto-assigned via DHCP.

If I take the known malfunctioning client address and now manually assign it to the machine that authenticated okay, and clear the authentication by force-closing and reloading the CLNTRUST, and closing and reopening the web browsers.... now this client also sits at a blank browser screen saying "connecting to site..." and no CLNTRUST activity.

So it is client-address specific and not machine-specific. In this case the "bad" address is / There's nothing special about this client address.

I have set up a Squid / Ubuntu proxy on this network alongside the BM proxy, and it has no problems whatsoever with the client computer that won't authenticate to BM.

Due to the apparent imminent death of Netware / BM this summer, I am contemplating just moving everyone over to the squid, though I will lose the per-user proxy-log capability if I do that.