Cannot connect to Reverse Proxy
Hi- I have what I think is a basic Lync setup, but it's basica-ally driving me crazy! What I have is:
1 Standard Edition Server
1 Edge Server
1 Reverse Proxy (IIS with ARR)
1 Office Web Apps Server
I've followed some of the numerous how-tos to set up these boxes. My internal setup works great with no issues.
I've worked with my security admin to get the firewall rules set up.. We have SSL certs (with SANs) installed and assigned on RP and Edge. I've set up persistent routes on RP and Edge to FE server. I can telnet from Reverse Proxy to Edge and
back. I've ran netstat to ensure both are listening on 443. But when I run the Microsoft Connectivity Analyzer (online) results show that connection to port 443 on the server failed and says that the port is either blocked or not listening.
Using the Lync Connectivity Analyzer (in house) shows that a connection to "Lyncdiscover.domain.com" failed.
Any insight is greatly appreciated.
Thanx
Public DNS records verified. (Although I do see some posts that say to create CNAME records instead of A records (we created A records) and other posts that say it doesn't matter.
Rewrite rules in IIS ARR verified.
I've triple-checked the certificate (issued by Digicert) and the simple URLs are all listed in the SAN:
sip.domain.com, meet.domain.com, dialin.domain.com, lyncdiscover.domain.com, and officewebapps.domain.com
Here's the error generated by the LCA:
An error occurred while sending the request.
Unable to connect to the remote server
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond [xx.xxx.xxx.xxx]:443
If I try to open the Default Web Site from the server, I'm first presented with "There is a problem with this website's security certificate. The security certificate presented by this website was issued for a different website's address" message.
Clicking on "continue to this website" I get a "403-Forbidden" error. I read in another post that this message was as expected.
Trying to connect to lyncdiscover.domain.com from a browser on the RP returns a "Server not found". [This leads me to believe that the request is not getting through the firewall]. Attempts to access the simple URLs returns a "This page cannot
be displayed"
All services work internally...
More telnet testing: As previously posted, I CAN telnet between RP and Edge (external IPs) but CANNOT telnet to public IP of RP on 443
A similar issue with the Edge Server: netstat shows 0.0.0.0:443 listening but cannot connect via telnet to public IP on 443
RELATED QUESTION: Do I need the SANs included on my internal cert, too?
Thanx
SteveSmo
"Never, ever doubt what nobody is sure about." -Willy Wonka
Similar Messages
-
Secured connections for reverse proxy 4.0 possible?
Hi,
Is there any way to have a secure https to https connection while using Sun proxy server 4.0 as a reverse?
I did the whole connect:// item with the 'connect://.*' defined in the routing table and just keep getting:
"trying to GET /testdev/, deny-service reports: denying service of connect://testserver.***.com:481/testdev/"
I tried defining it to https and get the "unable to find certificate".
I am not showing the internal destination server ever receives any traffic from the reverse proxy, and the proxy logs seems to show it is blocking it all.
So far coming in to the proxy server on an ssl https url and attempting to map it to another internal https server always fails.
Mapping the same incoming https traffic to the same internal http server works fine (that is HTTP).
So a client can hit our reverse proxy at HTTPS://reverseproxy.../testdev and get sent to an internal HTTP URL just fine.
Doing the same thing to an internal HTTPS URL fails...
Thanks much.The CONNECT is a method meant only for Proxies
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.9
You might try searching for setting up secure reverse proxy in the docs.
the method is to map using https->http & http->https in both sides. -
Firefox 4.6 Beta cannot connect to the proxy server each time I load it.
In the advanced settings (Network) I have to manually set it to Auto Detect each time and and it works fine. However, each time I restart Firefox it automatically defaults to Manual Proxy Settings and does not work. It seems that Firefox does not save my change to Auto-Detect Proxy and each time defaults to Manual Proxy Settings when restarted.
Did you create a new profile for the 4.0 beta version?
Are you still using a Firefox 3.6.x version with that same profile?
See http://kb.mozillazine.org/Testing_pre-release_versions -
Post Moved Cannot-connect-through-anonymous-prox...
Post moved to Other BB Queries http://community.bt.com/t5/Other-BB-Queries/Cannot-connect-through-anonymous-proxy/td-p/650446
If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’You could try reading about wingates, socks and proxies (oh before i forget, turn off java, javascript, cookies, what's related, and smart update ... if you are using IE you're not very smart). Also try installing a firewall, or DHCP or you can learn from me!Here is the info of best 10 proxy software, from which you may try: http://www.techyv.com/article/top-10-free-proxy-software
-
ISP redundancy and reverse proxy
Greetings, community!
We have two EDGE TMG servers and two INTERNAL TMG servers.
We have two providers with two dedicated external IP addresses each.
I configure ISP Redundancy for each EDGE TMG servers with parameters:
Each EDGE TMG server has two External NIC and one Internal NIC.
EDGE 1: Provider1_IP1 and Provider2_IP1
EDGE 2: Provider1_IP2 and Provider2_IP2
ISP Connections:
Provider1 and Provider2
So, the trouble:
We have some published Web-Services, like OWA, ActiveSync, TerminalGatewayServers and others.
Also we made 4 external DNS records for each Web-Service.
For example:
mail.domain.com Provider1_IP1
mail.domain.com Provider1_IP2
mail.domain.com Provider2_IP1
mail.domain.com Provider2_IP2
If we try to connect from external to any published Web-Services, we have big delay (~ 30 sec), and then it connected.
After some tests we find that ONLY ONE EDGE TMG server is used for reverce proxy. IP Addresses from EDGE 1 is unavailable from external access. But it still works as Web-Proxy from Internal connections. Reverse-Proxy works only for EDGE 2 IP Addresses.
If we shutdown EDGE 2 TMG server, then Reverse-Proxy for EDGE 1 IP addresses are works correctly.
Why all 4 my external IP addresses are not works for reverse-proxy? Only 2 from one of my EDGE servers.So, I still try to solve my problem...
When I try to connect from External to one of my EDGE1 IP addresses, I got these logs:
LOGS on DMZ server (EDGE1):
Failed Connection Attempt DMZ-TMG-01 21.07.2014 11:27:40
Log type: Firewall service
Status: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Rule: Publish TMGBE HTTP
Source: External (77.73.111.194:3427)
Destination: Internal (172.16.0.100:80)
Protocol: HTTP Server
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 21000ms Original Client IP: 77.73.111.194
LOGS on INTERNAL server:
Initiated Connection BLK-TMG-02 21.07.2014 11:27:20
Log type: Firewall service
Status: The operation completed successfully.
Source: External (77.73.111.194:3427)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
Closed Connection BLK-TMG-02 21.07.2014 11:27:40
Log type: Firewall service
Status: A connection was abortively closed after one of the peers sent an RST packet.
Source: External (77.73.111.194:3427)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 304 Number of bytes received: 192
Processing time: 20281ms Original Client IP: 77.73.111.194
When I try to connect my EDGE2 server external IP addresses, then:
LOGS on DMZ server (EDGE2):
Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17
Log type: Firewall service
Status: The operation completed successfully.
Rule: Publish TMGBE HTTP
Source: External (77.73.111.194:3429)
Destination: Internal (172.16.0.100:80)
Protocol: HTTP Server
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
Closed Connection DMZ-TMG-02 21.07.2014 11:57:17
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
Rule: Publish TMGBE HTTP
Source: External (77.73.111.194:3429)
Destination: Internal (172.16.0.100:80)
Protocol: HTTP Server
Additional information
Number of bytes sent: 534 Number of bytes received: 146
Processing time: 203ms Original Client IP: 77.73.111.194
Then traffic was redirected to HTTPS:
Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17
Log type: Firewall service
Status: The operation completed successfully.
Rule: Publish TMGBE HTTPS
Source: External (77.73.111.194:3430)
Destination: Internal (172.16.0.100:443)
Protocol: HTTPS Server
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
LOGS on INTERNAL server:
Failed Connection Attempt BLK-TMG-02 21.07.2014 11:57:17
Log type: Web Proxy (Reverse)
Status: 12311 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator.
Rule: Publish OWA
Source: External (77.73.111.194:3429)
Destination: Local Host (172.16.0.100:80)
Request: GET http://mail.domain.com/
Filter information: Req ID: 0a314138; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:
It's OK, because IIS require SSL. Then:
Initiated Connection BLK-TMG-02 21.07.2014 11:57:18
Log type: Firewall service
Status: The operation completed successfully.
Source: External (77.73.111.194:3429)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
Closed Connection BLK-TMG-02 21.07.2014 11:57:18
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
Source: External (77.73.111.194:3429)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 786 Number of bytes received: 318
Processing time: 15ms Original Client IP: 77.73.111.194
And HTTPS:
Allowed Connection BLK-TMG-02 21.07.2014 11:57:17
Log type: Web Proxy (Reverse)
Status: 302 Moved Temporarily
Rule: Publish OWA
Source: External (77.73.111.194:3430)
Destination: Local Host (10.1.200.129:443)
Request: GET http://mail.domain.com/
Filter information: Req ID: 0a31413a; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
Protocol: https
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x40000000 (Response should not be cached.)
Processing time: 1 MIME type: text/html; charset=UTF-8
I can't understand the difference between there servers. If I shutdown EDGE2, the Publishing will work fine through EDGE1. -
Change the redirect URL sent to reverse proxy
Hi all,
My system is composed of a reverse proxy(Apache 2.046) and a backend webserver (Oracle HTTP Server).
To connect to a web application on the back end web server, the Internet user connect to reverse proxy via HTTPS and the reverse proxy forward the request to backend webserver via HTTP.
Example :
Internet user type :
https://myreverseproxy/myWebApp
The reverse proxy translate this to :
http://mybackendserver/myWebApp
The problem is myWebApp do a redirect like this:
http://myreverseproxy/myWebApp/login.jsp
How can I config the reverse proxy to change the redirect URL to :
https://myreverseproxy/myWebApp/login.jsp
Thank you in advanceHi Ove
That is working fine.. Only thing i did is mapping node to /author . But is it possible to hit the author instance only wen i type http://localhost:4502/author . Ie: if I type http://localhost:4502 it should not resolve to my login page
Thanks
veena -
Cannot access the content producer portal via reverse proxy
Hi all,
I hope my post is in the right forum
We have an FPN environment using RRA with our EP (NW 7.0 SPS18) as the consumer and our BI portal (NW 7.0 SPS18) as the content producer. The consumer is registered with the producer using HTTP protocol. Everything works as expected.
We're trying to implement an Apache reverse proxy for our FPN with SSL termination so that we can access the portals from the Internet with HTTPS protocol while keeping HTTP protocol for the internal users.
Through the reverse proxy, we can access the consumer portal and we can access the producer portal directly without any problem. The only problem is that, if we logged onto the consumer via the reverse proxy, we cannot access the content from the producer. We'd get the browser security warning message
"Although this page is encrypted. The information you have entered will be sent over an unencrypted connection. ..."
When we hit the Continue button, we'd get the eror 404 Not Found - The request resource does not exist.
Our Unix admin tried both Apache and SAP Web Dispatcher but we couldn't get it to work properly. We went through a lot of blogs and documents and we are at our wits end. We would greatly appreciate if someone can point out where we should look at.
Thank you very much in advance.
DaoHi Kevin,
Unfortunately, our Unix admin thinks you missed the point because my question was not clear enough
We do not have problems with the "correct name" in the reverse proxy and our main SSL termination works fine.
It's just that the consumer is registered with the producer using HTTP protocol; as a result, the producer's URL link is 'hard-coded' to use HTTP protocol in the consumer portal since we are not using SSL in the internal network. Hence, we'd like to know if there's any way to change them to HTTPS for the Internet clients while keeping the HTTP protocol for the internal users.
I hope I made it clearer this time
Regards,
Dao -
Cannot connect to SGD server via proxy
Hello
We have a recently installed SGD server running.
Some clients have been setup today with accounts to access it but none of them can get on at the moment. The error message presented is as follows:
Cannot connect to the server sgd.ourdomain.co.uk:443
The HTTP proxy "NTLM" at devicename:8080 failed to connect to the server sgd.ourdomain.co.uk:443
The following response was returned:
HTTP/1.1 403 Forbidden
Clearly there's a proxy/firewall getting in the way.
Client has tried to connect from a network that is behind a different firewall and has been sucessful.
I'm hoping to get further details on the proxy/firewall setup but this could take a while.
Has anyone encountered this previously and if so, can any solutions be suggested.
Thanks,
RobHi Team,
I am facing the same issue and I am using Oracle system user credentials to connect Oracle server and I have also installed extension pack for the SQL Server instance which i am using for migration. Still I am getting the following error in last step (Migrate
data).
Cannot connect to Oracle server via SQL Server tester extensions.
Oracle
10.2.0.4 verion
SQL Server 2012 SP1
SSMA 6.0
Please help me if you have gone through the same problem.
Thanks,
Vijaysqldb -
System Update -- Cannot connect to proxy server - SOLVED
I'm on a ThinkPad T61 running Windows Vista. When I try to download from System Update, I always get the error message "Cannot connect to proxy server."
I have tried connecting to the Internet directly via Ethernet rather than through a wireless router--it doesn't make any difference.
I have also uninstalled System Update and then installed the version I downloaded from lenovo.com--same result.
System Update is an exception in Windows Firewall, and I have even tried running System Update with Firewall disabled--ditto.
Can someone please help me?
Message Edited by Tim_Lenovo on 01-29-2008 02:49 PM
Solved!
Go to Solution.I have discovered one other potential cause of this behaviour.
If your computer is attached to a Domain, ensure you are connected to the Domain using a profile that has administrator rights when attempting these upgrades.
I was using a local profile with administrative rights, on a network connection that was outside of the corporate LAN, and I was getting the "Cannot connect to proxy server" error.
When I connected to our Corporate LAN and logged on to the machine with an administrative profile, the Proxy Server error went away, and I was then able to connect and download my required updates.
Just an FYI if you are doing this inside a large, firewalled LAN running from Active Directory. -
HCI/ECC connection issue with reverse proxy
Hi,
we are struggling to set up the connection from C4C to ECC using a reverse proxy (apache).
Thank you for any help!
Best Regards
Florian
Our apache config is as follows:
<VirtualHost *:443>
ServerName customer.reverseproxy.com
SSLEngine On
SSLProxyEngine On
ErrorLog /var/www/customer/log/error.log
Customlog /var/www/customer/log/access.log "common"
# TransferLog "<Apache_home>/logs/access.log"
# Offical SSL Certificate for customer.reverseproxy.com
SSLCertificateFile "/etc/apache2/ssl/customer/customer_cert.pem"
SSLCertificateKeyFile "/etc/apache2/ssl/customer/customer_key_np.pem"
SSLCACertificateFile "/etc/apache2/ssl/customer/SSL123_CA_Bundle.pem"
# SSLCertificateChainFile "<Apache_home>/conf/proxy-server-ca.crt" # activate the client certificate authentication
#SSLCertificateChainFile "/etc/apache2/ssl/customer/SAP-CA.crt"
# Signing CA's for SAP client certificate (Baltimore CyberTrust Root & Verizon Public SureServer CA G14-SHA2 + more)
SSLCertificateChainFile "/etc/apache2/ssl/customer/SAPClientCA.pem"
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +ExportCertData +StdEnvVars
# CA's from SAP and customer for backend connections between Proxy and SAP system (Baltimore CyberTrust Root & Verizon Public SureServer CA G14-SHA2 + more)
SSLProxyCACertificateFile "/etc/apache2/ssl/customer/SAP-CA.crt"
# SSLProxyMachineCertificateFile <Apache_home>/conf/proxy-client.pem
# initialize the special headers to a blank value to avoid http header forgeries
RequestHeader set SSL_CLIENT_CERT ""
<Location />
# add SSL_CLIENT_CERT header to forward real client certificate
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
ProxyPass https://sap.internal.com:8300/
ProxyPassReverse https://sap.internal.com:8300/
</Location>
</VirtualHost>
On the HCI we get the following error shown
Message Processing Log{
ContextName = com.sap.scenarios.cod2erp.customermaster.replicate
IntermediateError = true
MessageGuid = AFU2MVOblsS5yIwpSvYiCt7XnLaT
Node = vsaxxxxxx.od.sap.biz
OverallStatus = FAILED
ReceiverId = Q47_
StartTime = Tue Apr 21 11:15:31 UTC 2015
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Invoked endpoint{
Cxf.EndpointAddress = https://HCI.intaas.hana.ondemand.com/cxf/COD/ERP/BP_MASTER_REPLICATION
Error = Inbound processing in endpoint at https://HCI.intaas.hana.ondemand.com/cxf/COD/ERP/BP_MASTER_REPLICATION failed with message "Sequential processing failed for number 0. Exchange[Message: [Body is not logged]]. Caused by: [org.apache.cxf.interceptor.Fault - Could not send Message.]", caused by "SunCertPathBuilderException:unable to find valid certification path to requested target"
StartTime = Tue Apr 21 11:15:31 UTC 2015
Status = FAILED
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Entering Camel route route52{
StartTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 created in Endpoint[cxf://bean:my308416_]{
StartTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in ref:encodingProcessor{
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = process151
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in removeHeaders[*]{
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = removeHeaders52
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in setHeader[MessageId]{
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = setHeader76
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in sap-map-pi:COD_ERP_BusinessPartnerERPBulkReplicateRequest{
Sent To URI = sap-map-pi://COD_ERP_BusinessPartnerERPBulkReplicateRequest
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = CallActivity_1
StopTime = Tue Apr 21 11:15:31 UTC 2015
Time Taken = 11
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in ref:idocOutboundRequest{
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = process152
StopTime = Tue Apr 21 11:15:31 UTC 2015
com.sap.sod.utils.idoc.soap.messageid= 00163E0CB1A01EE4BA82F713C72AD65B
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in split[bean{idocPackageSplitter, method=split}]{
Error = org.apache.camel.CamelExchangeException: Sequential processing failed for number 0. Exchange[Message: [Body is not logged]]. Caused by: [org.apache.cxf.interceptor.Fault - Could not send Message.], cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = CallActivity_2
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Successor Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 created with reference to Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38{
StartTime = Tue Apr 21 11:15:31 UTC 2015
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in setHeader[SapIDocContentType]{
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = setHeader77
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[ssl_client_cert]{
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = removeHeader197
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[ssl_client_user]{
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = removeHeader198
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[operationName]{
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = removeHeader199
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[operationNamespace]{
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = removeHeader200
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in cxf:bean:Q47_{
Error = org.apache.cxf.interceptor.Fault: Could not send Message., cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Sent To URI = cxf://bean:Q47_
StartTime = Tue Apr 21 11:15:31 UTC 2015
StepId = MessageFlow_2
StopTime = Tue Apr 21 11:15:31 UTC 2015
Time Taken = 123
Children [
Sent message to endpoint{
Cxf.EndpointAddress = https://customer.reverseproxy.com:443/sap/bc/srt/idoc?sap-client=310
Error = Outbound processing in endpoint at https://customer.reverseproxy.com:443/sap/bc/srt/idoc?sap-client=310 failed with message "Could not send Message.", caused by "SunCertPathBuilderException:unable to find valid certification path to requested target"
StartTime = Tue Apr 21 11:15:31 UTC 2015
Status = FAILED
StopTime = Tue Apr 21 11:15:31 UTC 2015
Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 failed{
StartTime = Tue Apr 21 11:15:31 UTC 2015
Status = FAILED
Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 failed{
StartTime = Tue Apr 21 11:15:31 UTC 2015
Status = FAILED
Children [
Exiting Camel route route52{
StartTime = Tue Apr 21 11:15:31 UTC 2015
ReceiverIds [
Q47_Hi Abinash,
now we are one step further and receive a HTTP 401 on the reverse proxy. It looks like the client cert from HCI is not handled correctly. Can you help?
Best Regards
Florian
HCI log
Sent message to endpoint{
Cxf.EndpointAddress = https://customer.reverse.com:443/sap/bc/srt/idoc?sap-client=310
Error = Outbound processing in endpoint at https://customer.reverse.com:443/sap/bc/srt/idoc?sap-client=310 failed with message "HTTP response '401: Unauthorized' when communicating with https://customer.reverse.com:443/sap/bc/srt/idoc?sap-client=310"
StartTime = Fri Apr 24 11:03:12 UTC 2015
Status = FAILED
StopTime = Fri Apr 24 11:03:12 UTC 2015
Apache config
<VirtualHost *:443>
ServerName cuscrm.webmail.cus.com
SSLEngine On
SSLProxyEngine On
ErrorLog /var/www/cuscrm/log/error.log
Customlog /var/www/cuscrm/log/access.log "common"
# TransferLog "<Apache_home>/logs/access.log"
# Offical SSL Certificate for cuscrm.webmail.cus.com
SSLCertificateFile "/etc/apache2/ssl/cuscrm/cuscrm_cert.pem"
SSLCertificateKeyFile "/etc/apache2/ssl/cuscrm/cuscrm_key_np.pem"
SSLCertificateChainFile "/etc/apache2/ssl/cuscrm/ThawteCAChain.pem"
# SAP Baltimore Cybertrust Chain for Client authentication
SSLCACertificateFile "/etc/apache2/ssl/cuscrm/SAPCybertrust.pem"
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +ExportCertData +StdEnvVars
# CA's from SAP and Schunk for backend connections between Proxy and SAP system
#SSLProxyCACertificateFile "/etc/apache2/ssl/cuscrm/SAP-CA.crt"
SSLProxyCACertificateFile "/etc/apache2/ssl/cuscrm/SAPCHAIN.pem"
# SSLProxyMachineCertificateFile <Apache_home>/conf/proxy-client.pem
# initialize the special headers to a blank value to avoid http header forgeries
RequestHeader set SSL_CLIENT_CERT ""
<Location />
# add SSL_CLIENT_CERT header to forward real client certificate
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
ProxyPass https://internal.sap:8300/
ProxyPassReverse https://internal.sap:8300/
</Location>
</VirtualHost> -
cannot connect to internet via firefox, can connect via aol, firefox was conneting before, now I get "connot connect to proxy setting"
You can find the connection settings in Tools > Options > Advanced : Network : Connection
If you do not need to use a proxy to connect to internet then select "No Proxy" if the default "Use the system proxy settings" setting doesn't work.
See "Firefox connection settings":
* https://support.mozilla.com/kb/Firefox+cannot+load+websites+but+other+programs+can -
using win7. firefox was running fine until updating to v18. i see in release notes that proxy server was updated! i have tried changing the proxy server setup but still no luck, it is setup just like ie right now and ie will connect. i also checked windows firewall (which is my only firewall) and followed instructions on removing entry and adding it back but still no luck.
Hi,
same problem here behind proxy with authentication (ntlm)
Tried both:
- Plain vanilla firefox 18 installation
- Upgrade from firefox 17
Result: firefox keeps asking for authentication credentials again and again and cannot connect to internet.
Solution: rollback to firefox 17
Regards -
TV System Update hangs at 21% with message "Cannot connect to proxy server"
Hi,
just installed TVSU (latest version) on my Thinkpad T40 (with WinXP Pro SP3, German). Installs fine, runs perfect after reboot, recognises the correct model, initiates search for updates and then stops at 21% whilst displaying
"Downloading Packet Information: Lenovo Help Center (1 of 1)".
A few seconds later the error message
"Cannot connect to Proxy Server"
comes up with an OK-Box. Clicking OK terminates the entire update process, however TVSU continues to run properly and the process can be restarted with the identical result. This happens with Kaspersky Firewall on and off, no difference. Even rebooting the system w/o firewall and virus protection and starting afresh does not help either. Tried perhaps 15 times over the last 4 hours with same results. I assume that the error message refers to a proxy at Lenovo since in my local environment there is no proxy involved. The system is known to be free of viruses (clean installation yesterday and virus checked this morning).
Note:
The display/error message above were translated from German into English so the corresponding original English displays/messages may look slightly different.
Any ideas?
Regards from Germany...I have discovered one other potential cause of this behaviour.
If your computer is attached to a Domain, ensure you are connected to the Domain using a profile that has administrator rights when attempting these upgrades.
I was using a local profile with administrative rights, on a network connection that was outside of the corporate LAN, and I was getting the "Cannot connect to proxy server" error.
When I connected to our Corporate LAN and logged on to the machine with an administrative profile, the Proxy Server error went away, and I was then able to connect and download my required updates.
Just an FYI if you are doing this inside a large, firewalled LAN running from Active Directory. -
Hi,
I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
a second request with NTLMSSP_AUTH is sent.
Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
Any idea?
ThanksHi,
I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
a second request with NTLMSSP_AUTH is sent.
Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
Any idea?
Thanks -
ODI cannot connect to Planning RMI during Reverse Engineer task
Gents ,
Here Iam Unable to load the dimention using ODI
and throws exceptions
like
Attempt to connect to Planning or HTM via HAL adapter & receive error: "Connection refused to host: <INTERNAL_IP>;nested exception is: java.net.ConnectionException: Connection refused: connect"
Would like to welcome your thoughts
regards
vasavya
Edited by: VASAVYA on Nov 25, 2009 9:47 AMHi,
It means it cannot connect to planning, it needs to be able to access planning via the RMI registry on port 11333.
Cheers
John
http://john-goodwin.blogspot.com/
Maybe you are looking for
-
HT202079 Why does the Belkin 4K Mini DisplayPort to HDMI Adapter not make sound on the tv?
I connected my cable to my tv and it displays on the tv just fine but no sound comes from the tv only the laptop. What do i need to do?
-
Can I use iCloud to since many users to one account for my business and have me as a administrator to oversee and change my employees calendars and contacts??
-
I would like to save the WMF file with proper dimensions as they are in the editor (my saved WMFs have the dimensions of my screen resolution). They come from a RichEdit. Thanks. Edit: My goal is to convert the images that appear on a RichEdit to a
-
URL problems with SQL Server Reporting Services 2012 with wildcard SSL certificate
Hi, I have single server, domain member, with SQL Server 2012 SP1 Reporting Services. I am trying to get work with url: https://reports.mydomain.com I have valid wildcard certificate (*.mydomain.com) implemented and configured URLs in Configuration M
-
Jittery (less than smooth) video with Final Fantasy XI
Is anyone else out there playing Final Fantasy XI? My game play seems a little jittery. Not quite as smooth as I'd expect it to be. I I don't know that much about computer video, so i'll try my best to describe it. it's almost like if you were wat