Root Cause: Endpoints on public networks often cannot reach the corporate Key Distribution Center
(KDC), causing Kerberos to fail.
Solution:
-
Disable Kerberos: In your settings, disable Kerberos and enable only NTLM authentication to support remote users. Refer to Configuring the authentication proxy service for corporate intranet locations and public or home networks
-
Public DNS: Ensure the Auth Proxy FQDN resolves to a public IP address accessible from the internet.
-
Connectivity: Ensure the client machine can reach the Auth Proxy working port (default port 8089) from the internet.
-
Proxy Bypass: Add the Auth Proxy FQDN to your PAC file or proxy bypass list.