DirectAccess Force Tunneling via proxy server (TMG)

Similar Messages

• DirectAccess force tunneling - Web proxy (TMG) needs authentication

  Hello,
  I have deployed a DirectAccess 2012 server using computer certificate authentication. The clients are connecting to corporate resources over the WAN usin DirectAccess. Forced tunneling is a requirement. The DirectAccess is only configured for IPHTTPS using
  a single NIC behind a firewall.
  But there is a TMG web proxy in the corporate network that authenticates users. When these users connect over the Internet using devices that have DirectAccess enabled, they are not able to visit any sites as TMG blocks the connection. In the TMG logs, I
  see that the reason it is dropping these web connections are because the traffic is coming from an 'anonymous' user as per the logs.
  The proxy requires user authentication.
  Can someone please advise?
  Thanks in advance,
  SinghP80

  Yes I was able to resolve this by using the command below on the DA server:
  Set-DAClientDNSConfiguration -DNSSuffix '.' -ProxyServer ProxyFQDN:PortNumber
  Hope this helps you as well. Please let me know. if it does.
  Regards,
  SinghP80

• Cannot connect via proxy server

  I need to use a proxy server in order to access university resources from off-campus.  (This is set up in Firefox using Tools > Options > Advanced > Network > Settings > Automatic proxy configuration URL.)  I have been doing this for two and a half years with no problems, but all of a sudden it doesn't work anymore.  I have made no recent changes to my computer (Windows XP laptop) or browser settings.  I get a connection has timed out / the server is taking too long to respond error message whenever I try to access a website via the university proxy server.  This is only an issue for websites that require the proxy, such as databases that the university library subscribed to.  I can access all public websites as usual.
  I have tried Internet Explorer and get the same problem.  If I disable the proxy server then my connection does not time out, I just get redirected to the university's "you are off campus and need to enable a proxy server to connect to this resource" page.  University technical support tells me there is nothing wrong with the proxy server and that I am set up properly to use it, and that as far as they can tell the issue is probably with my ISP.
  I am pretty sure this is indeed as Verizon issue, as I took my computer to a coffee shop and was able to access university resources via the proxy server just fine using the free wireless.  I also got out my old laptop, reformatted the hard drive, reinstalled the OS (Windows XP), and had the exact same problem trying to use the proxy server via my home Verizon connection.
  Incidentally, I am also unable to log in to Second Life using my home Verizon connection.  I get an error message saying the server isn't responding.  Again, I had no trouble with this using the coffee shop wireless.
  I have spent about three hours trying to get someone from Verizon to address this problem, but keep being told I need to talk to someone else.  I have now described this problem to ten different Verizon employees but have yet to reach anyone who even seems to know what a proxy server is, much less anyone who can help with this problem.  If anyone out there has any suggestions, I'd much appreciate it.  I cannot do much work from my apartment if I cannot access university resources.

  That Trace suggests there is a firewall at play somewhere blocking ICMP Echo. Since it's timing out past the modem I do have reason to believe that the modem may be up to something. Visit http://192.168.1.1/ and check the Firewall settings. If it's set to Low or High, disable it. If you are prompted for a User/Pass, try the following:
  admin/password
  admin/password1
  admin/admin
  admin/admin1
  Your Verizon Username and Password
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• Referencing images via proxy server

  Hi. Has anyone else run into referencing images via an IIS proxy server? I
  can use the method to get the context path, but it doesn't bring me back
  something I can use to reference images. Do I have to hard code those in
  there all the time? :< DOH!

  I solved this problem last night. I ditched IIS, redid my machine with just
  WLS on it now! :> Now I just have to figure out how to get the FTP
  functionality I lost. Any ideas?
  "PHenry" <[RemoveBeforeSending][email protected]> wrote in message
  news:[email protected]..
  Hi. Has anyone else run into referencing images via an IIS proxy server?I
  can use the method to get the context path, but it doesn't bring me back
  something I can use to reference images. Do I have to hard code those in
  there all the time? :< DOH!

• Timeout to Web Services using via Proxy Server

  Hello,
  I'm wondering if anybody can help.
  I have a couple of preset web services on the coldfusion web server. As far as I know these have never worked since it's original installation back in June 2011.
  Whenever I attempt to refresh one of the web services using CF administrator I am seeing the following error message:
  Unable to refresh webservice.
  Unable to read WSDL from URL: https://www.****.cfc?wsdl.
  Error: java.net.ConnectException: Connection timed out: connect.
  The server does not have a direct connection to the internet as it is connected to the internal company network which uses a proxy server for internet connectivity.
  I am suspecting that CF is attempting to connect to the internet without the knowledge of the proxy server.
  I have looked high and low but unable to locate anything in CF admin to add a proxy server.
  I'm hoping somebody can reply with a simple solution to fix the above.
  Many Thanks,
  Andy

  Andy, two things.
  First, the problem could be proxy-related, but I notice also that the URL has https. And in that you’re getting a connection timeout, it could be that the destination server (at that URL in the web service call) is set to only allow SSL calls (or perhaps even calls to that specific site, directory, or file) from a specific IP address. Try visiting that URL from a browser running ON THAT SERVER (where CF is installed). It does not good to test the URL from your local development workstation. That would not be the same IP address from which the request would come when run via CF.
  Second, as for specification of proxy info, here’s something to consider: the CF Admin interface showing web services is populated by a call from within CFML code (using CFINVOKE/cfobject/createobject) invoking that web service. If you can find the code that is really calling the web service, you should find that you can specify the proxy info there. See:
  http://livedocs.adobe.com/coldfusion/8/htmldocs/Tags_i_10.html (cfinvoke)
  http://livedocs.adobe.com/coldfusion/8/htmldocs/Tags_m-o_14.html (cfobject)
  http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=functions-pt0_23.html (createobject)
  Note that with createobject, you do it using a new (for CF8) argstruct. See the docs there for more, or my blog entry:
  http://www.carehart.org/blog/client/index.cfm/2007/9/5/cf8_hiddengem_createobject_argstruc t
  Let us know if any of this helps.
  /charlie

• ACE SSL initiation via Proxy server (squid)

  Hi,
  is it possible to configure ACE with SSL initiation if the connection goes via http/https proxy (squid) ?
  I mean local host is requesting http://xyz.com, ACE doing SSL and requesting https://xyz.com, not directly but via http/https proxy server (squid).
  Thanks

  Hi Ryszard,
  Yes, ACE can initiate SSL traffic and maintain SSL connection. So in SSL initiation ACE will act as a CLIENT receiving clear text HTTP traffic at the front end and sending traffic encrypted over the backend.
  For more details please visit the below link and let me know if you have any questions.
  http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/ssl/guide/sslgd/initiate.html#wp1010343
  Regards,
  Kanwal

• Cant access Cs Live from application via proxy server

  Hi,
  I have a problem with CS Live. When I try and access it via a web browser I can login ok, but when I try using the application extension and sign in that way it gets rejected.
  Web access is via a Bluecoat proxy server. Checking the access logs I found the following message (ip's replaced with x's):
  xxx.xxx.xxx.xxx - - authentication_failed PROXIED "Computers/Internet" - 407 TCP_DENIED CONNECT - tcp services.acrobat.com 443 / - - "Adobe-ServiceManager" xxx.xxx.xxx.xxx 341 179 -
  I have rules setup inside the proxy for whitelist's that can allow access for problem websites, but including services.acrobat.com inside them doesnt have any effect.
  has anyone every come across this as it was working ok with no changes made a week ago and now it doesnt.
  Thanks

  Having the same problem - Having no luck either, sorry I'm of no help but would appreciate some help if you figure something out. Thanks
  Stephanie

• Ftp via proxy server 4.0.1

  We have proble with ftp access via our proxy server 4.0.1, with authentization to LDAP database.
  We can connect to anonymous FTP servers with Firefox, but to nonanonymous we can not.
  If we use some software for connect to FTP (Total Commander etc.), we can not connect to anonymous and nonanonymous FTP.
  connecting process to anonzmous FTP with Total Commander:
  Connect to:(12.10.2006)
  hostname=ftp.nai.com/CommonUpdater
  Firewall=192.168.1.112:8080
  Connect
  GET ftp://ftp.nai.com/CommonUpdater/HTTP/1.0 Host:ftp.nai.com/CommonUpdater
  HTTP/1.1 200 OK
  Copied (12.10.2006 ..) http://ftp.nai.com/CommonUpdater/ -> D:\temp...
  and then popup error window "Connecting closed"
  thanks

  Does total commnder recognize http proxy gatewaying for ftp?
  If so, can you capture the traffic between the total commander, the proxy, and the ftp server? (Use any available snoop commands to do this.) and paste it here?

• "Sorry, we can't connect to your account. Please try again later." when attempting to activate access 2013 via proxy server

  I am able to install Access 2013 but when it comes to activating it, it gives me the above error.
  I have already had my SysAdmin add the following URLs to our whitelist but with no effect:
  roaming.officeapps.live.com:443/
  ols.officeapps.live.com:443/
  Can anyone suggest anything else that I could try or any other URLs that I may need to add to our whitelist?
  Many thanks,
  Ricky

  We recommend you check the corporate proxy server / firewall log, it will tell you the URL that
  Office 2013 was trying to access.
  Add them to your whitelist to see if the issue persists.
  Tylor Wang
  TechNet Community Support

• Error during connection to https web-service via proxy-server

  Hello!
  I have created Web Service Proxy using wizard in JDeveloper. Then added some code for authorization on my corporate proxy server.
  Then I was trying to connect to two different web services
  - first one was HTTP web-service - successful
  - second one was HTTPS web-service - failed with error :
  <Error> <Net> <BEA-000903> <Failed to communicate with proxy: myproxy/myproxyport. Will try connection target_url/443 now.
  java.net.ProtocolException: Server redirected too many times (4)
       at weblogic.net.http.HttpsClient.makeConnectionUsingProxy(HttpsClient.java:433)
       at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:358)
       at weblogic.net.http.HttpsClient.New(HttpsClient.java:527)
       at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:239)
       at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:136)
       at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:187)
       at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:124)
       at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:121)
       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
       at com.sun.xml.ws.client.Stub.process(Stub.java:272)
       at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153)
       at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
       at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
       at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
       at $Proxy30.queryRange(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
       at $Proxy31.queryRange(Unknown Source)
       at com.volga_dnepr.wsi.fusion.model.sched_mov.SchedMovSoap12Client.main(SchedMovSoap12Client.java:54)
  Although if i switch off proxy server everything works perfect (both HTTP and HTTPS web-services).
  What could be the problem with?

  Hi Kenneth,
  At the moment, SALT does not support the configuring of an outbound proxy server. I suspect you could use a transparent proxy server, i.e., a proxy server/router combination that proxies outgoing requests, although this isn't something we have tested. My suggestion would be to open a support case and ask for this enhancement. I think it is a reasonable thing for SALT to support.
  Regards,
  Todd Little
  Oracle Tuxedo Chief Architect

• SFTP via proxy server

  Hi
  I am using jcracft api for SFTP. It is working fine. But now i want to do same using proxy server.
  can anybody tell me suitable proxy server and some code example.
  Thanks in advance

  Just a further update on the above :
  I saw some advice suggesting I need to connect to a SOCKS server as well. So I put the below code in place.
  System.getProperties().put( "socksProxyPort", "80");
  System.getProperties().put( "socksProxyHost" ,"proxy.abc.def");
  However, this gave me the same error as above.
  Then I heard that I need to authenticate myself to the SOCKS server.
  So, here is what I wrote to do that:
  Authenticator.setDefault(new Authenticator(){
  protected PasswordAuthentication getPasswordAuthentication() {
  return new PasswordAuthentication("auser", "apswd".toCharArray());
  I used the same username and passwords as I had used for the ftp.proxyUser and ftp.proxyPassword, because I do not have any other passwords - perhaps this is the incorrect thing to do....?
  Then, I got the following exception:
  java.net.SocketException: Malformed reply from SOCKS server
  Does that mean I am actually connected to the SOCKS server or not, I wonder. I read in a few places that some proxies use SOCKS and some don't. I don't know how to determine whether mine does or not. When I look at the properties of the proxy in Internet explorer, I notice that the SOCKS section is blanked out. I can fill it in myself, of course, but my program still has the same errors as above.

• Webclipping via proxy server with autorization

  I am using a proxy server that requires authorization to access web pages. How can I configure the web clipping tool to use username and password during the authorization with the proxy server? The wireless portal configuration page has an option to define this username/pwd pair but it seems not to be used by the web clipping tool according to the application logs (DEBUG WcsTxLiaison: setupProxyAuthorization host = *******, user = null, scheme = null). I tried to access the web clipping tool by logging in on the hostname/webtools/login.uix page with both the orcladmin or my private username and navigating to the "services" tab and clicking on the "web clipping" tool link.
  More debug messages:
  (webclipping-web: DEBUG Provider Id = default_wireless_instance_id
  webclipping-web: DEBUG Portlet Id = -1
  webclipping-web: DEBUG Portlet Instance Id = default_wireless_service_id
  webclipping-web: DEBUG Portal User Id = default_wireless_user_name

  Does total commnder recognize http proxy gatewaying for ftp?
  If so, can you capture the traffic between the total commander, the proxy, and the ftp server? (Use any available snoop commands to do this.) and paste it here?

• Ftp via Proxy server

  Is it just me or is documentation for FTP and all related thereto rather lacking and such that exists rather confusing?
  Anyway, I have an FTP related question. I wish to connect to an FTP server. Trouble is that the internet connection goes through a proxy server.
  Step 2 of connecting to the FTP server works when I connect to the proxy server myself first (open Internet explorer and type in the user and password) and then run the FTP connection program (uses Jakarta)
  However, step 1 is proving problematic. Here is the code:
  System.getProperties().put("ftp.proxySet","true");
       System.getProperties().put("ftp.proxyHost", "proxy.abc.def");
       System.getProperties().put("ftp.proxyPort", "80");
       System.getProperties().put("ftp.proxyUser", "auser");
       System.getProperties().put("ftp.proxyPassword", "apswd");
  Then comes the code for part 2 - ie connect to ftp host -      
  connect("abcd.dfg.ert");
  However, when I run the program and it comes to do the actual connection to the FTP host, part 2 above, I get "java.net.ConnectException: Connection timed out: connect".
  Any suggestions as to what I am doing wrong would be greatly appreciated. I've been banging my head against the wall on this since the start of the week.

  Just a further update on the above :
  I saw some advice suggesting I need to connect to a SOCKS server as well. So I put the below code in place.
  System.getProperties().put( "socksProxyPort", "80");
  System.getProperties().put( "socksProxyHost" ,"proxy.abc.def");
  However, this gave me the same error as above.
  Then I heard that I need to authenticate myself to the SOCKS server.
  So, here is what I wrote to do that:
  Authenticator.setDefault(new Authenticator(){
  protected PasswordAuthentication getPasswordAuthentication() {
  return new PasswordAuthentication("auser", "apswd".toCharArray());
  I used the same username and passwords as I had used for the ftp.proxyUser and ftp.proxyPassword, because I do not have any other passwords - perhaps this is the incorrect thing to do....?
  Then, I got the following exception:
  java.net.SocketException: Malformed reply from SOCKS server
  Does that mean I am actually connected to the SOCKS server or not, I wonder. I read in a few places that some proxies use SOCKS and some don't. I don't know how to determine whether mine does or not. When I look at the properties of the proxy in Internet explorer, I notice that the SOCKS section is blanked out. I can fill it in myself, of course, but my program still has the same errors as above.

• Will my Siri get banned, when I provide it via proxy server to other people?

  Will or not?

  Siri is not available via any sort of proxy unless you hack iOS, and if you do indeed open up said services by such hacking, you most certainly risk having your accounts terminated by Apple or your cell carrier.
  Other than that, we cannot discuss the matter here since it would violate Apple's licensing.
  Regards.

• Access via Proxy Server to App Store

  Hello,
  Is it possible to have access via our network and internet proxy by using the Cisco VN Client (Port 8080)?
  Has anyone done that before?
  Surfing in the internet works. When accessing the App Sore, the user / password has been requested again.
  After entering it, I do not get access.
  Any idea - why?
  Thanks and regards,
  Patrick

  Are you performing any filtering? Not only are components loading from *.apple.com but also streamhost.com (particularly the top app lists etc)