I'm testing this on both the View Horizon Client, 2.1 for the MAC and 5.4.0 build 1219906 for the PC. I'll do some more testing this afternoon. A grep on "Payload Equals" (redacted)…
Oct 18 07:22:29 an2 info tmm[16097]: Rule /Common/view_ssl_auth : : Payload equals windows-password username User1 domain DOMAIN-NET password Password
Oct 18 07:22:30 an2 info tmm[16097]: Rule /Common/view_ssl_auth : : Payload equals
The second one is of course right before things stop working, the rest of the logged conversation including the second entry:
Fri Oct 18 07:22:30 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : Payload equals
Fri Oct 18 07:22:30 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : Server responds with JSESSIONID:
Fri Oct 18 07:22:30 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : Content-Length exists and is 530
Fri Oct 18 07:22:30 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : At or after Login Request
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : Client Accepted: a.b.c.d:51489 10.10.100.224:443
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : new request
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : Client Cookies:
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : Client JSESSIONID:
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : User-Agent Exists, iPad or Full Client coming in
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : Found jsessionid variable:
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : There are currently 1 entries in the table.
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : No table entry found for that jsessionid of
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : before collect
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : Set content-length to 5000
Fri Oct 18 07:22:31 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : after collect
Fri Oct 18 07:32:52 EDT 2013 info an2 tmm[16097] Rule /Common/view_ssl_auth : : In Request data
Thanks!