Websense Logon Agent unable to identify users after Microsoft Update 971737 applied


Applies to all sites using Websense Web security software with Logon Agent and Active Directory user accounts. Versions likely to be affected are Websense Web security software versions 6.x and 7.x, used in conjunction with Windows XP, 2003, and 2008.

If you apply Microsoft update KB 971737, Websense Logon Agent is no longer able to identify users who have Active Directory accounts. As a result, Web filtering for these users does not occur.

If Microsoft update KB 971737 is not installed (or is removed), Logon Agent works as expected, and Active Directory users are filtered properly.


Microsoft update KB 971737 enhances the way Windows authentication works and makes changes to a library used by Websense software. This library is used by LogonApp.exe to authenticate itself with Logon Agent. The update enables extended protection for Windows authentication and turns on NTLM version 2. Support for NTLM version 2 is planned for support in a future version of Websense software.

Websense is researching the scope of the Microsoft changes for affected Websense versions and is considering options for our customers.

Temporary Workaround:

While Websense assesses the changes, one suggested workaround is to defer the installation of Microsoft update KB 971737 until Websense analysis is completed.

Another option is to install the Microsoft patch and then edit the Windows registry to disable extended protection for Windows authentication and revert to using NTLM version 1 (this would involves two different registry changes). Websense will confirm the specific changes soon.


Websense is researching the impact on each affected version of Websense Web security software. Customers will be alerted as soon as we have additional instructions for each version.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: