NTLM issue after jonin domain for HAProxy

My website uses the Window Account to authenticate.
After I joined HAProxy to AD, The browser: Microsoft Edge always asked for credentials even though I input the correct username and password.

HAProxy version: 2.6
SSSD version 1.8

Do you guys have any idea?

in Edge or via GPO you can define when the Browser will use Auth via NTLM (Windows integragted). There are a few rules, which IE or Edge will use to detect, whether its “intranet” or “everything else”.
eg. signle domain names like will use ntlm, any domain like my.server.com will use basic auth or the creditential popup.

you have to set http-keep-alive and prefer-last-server on backend and http-keep-alive on frontend

Thanks Markus

I recognize that issue with DNS loop. HAProxy set the nameserver to the AD and AD had the record point to HAProxy.