Proxy autoconfiguration
I think i detected a problem with proxy autoconfiguration.
We have created a wpad.dat file and configured the DNS to point to the web server with the file. This works ok with Internet Explorer and Chrome. Windows proxy settings are configured to "automatically detect" the proxy server.
But it doesn't works with Firefox with the default "use system proxy settings" option (in Options -> Advanced -> Network -> Connection). It works well if i select "autodetect proxy settings on this network" instead (note: i have firefox in spanish, the name of the settings in english could be slightly different).
I think it's either a bug, or i misunderstood what the default option does.
I'm using Firefox 24 in spanish.
Hi,
proxy autoconfiguration (PAC) is working in 10.5.1 for us for an admin user, it is also working for a simple user but not for a user which has parental control activated, even if nothing is restricted. That's really a big bug
Similar Messages
-
Proxy Autoconfiguration File, Authenticated Proxy and iTunes iPad/iPod updates
Hi All,
Please can someone advise if there is anything that can be done to get iPad/ Ipod updates working using iTunes and an authenticating proxy server?
Scenario is as follows:
1. Proxy settings in IE is configured using a proxy autoconfiguration file (PAC file).
2. The URLS *.apple.com is allowed to bypass authentication on the Proxy server.
3. Itunes is used to update the devices from a PC running windows as OS.
When Itunes is opened, the connection to the Itunes store works 100%. The iOS downloads using iTunes is also successfull.
Issue:
As soon as the downloaded iOS is being extracted and communicated to the devices, iTunes fails with an error code of 3004..
It seems like the PC is trying to make direct connections out instead of using the proxy settings in the PAC file.
Any advice / ideas to get this working?
RegardsHI,
From the Safari Menu Bar, click Safari / Empty Cache. When you are done with that...
From the Safari Menu Bar, click Safari / Reset Safari. Select the top 5 buttons and click Reset.
If you have Safari 3rd party plugins, they may not be compatible with 10.6. Go here for trouble shooting.
If you use GlimmerBlocker by chance, that could be the culprit. Check out this thread.
http://discussions.apple.com/thread.jspa?messageID=10589731
http://support.apple.com/kb/TS1594
Same with any Input Managers. Move any files in the /Library/InputManagers folder to the Trash
If you are running Safari in 64 bit mode, try running in 32-bit mode instead. Right or control click the Safari icon in the Applications folder, then click: Get Info In the Get Info window click the black disclosure triangle next to General so it faces down. Select 32 bit mode. Also, (in that same window) make sure Safari is NOT running in Rosetta.
Go to ~/Library/Cookies and move the Cookies.plist file to the Trash.
Try Open DNS - Free / Basic
If Safari still can't open web pages, go to the Menu Bar, click Safari/Preferences. Make note of all the preferences under each tab. Quit Safari. Now go to ~/Library/Preferences and move this file com.apple.safari.plist to the Desktop. Relaunch Safari. If Safari loads web pages then that .plist file needs to be moved to the Trash.
Carolyn -
Proxy autoconfigure script, netlet and ie5.5
I've setup a netlet rule to access an internal proxy server through the netlet. The proxy settings in the browser are configured using an autoconfigure script. This script looks like:
<snip>
1,1,-1,-1
1,.domain.nl
function FindProxyForURL(url, host)
if (isPlainHostName(host))
return "DIRECT";
else if (shExpMatch(host, "*.slashdot.org"))
return "PROXY 127.0.0.1:8080";
else
return "DIRECT";
</snip>
When I logon to the portal with Mozilla everything works ok. If I use IE6 to access the portal the following netlet warning message pops up:
<snip>
Netlet was unable to determine your browser proxy settings. If your browser preferences are set to use Automatic Proxy Configuration:
- set the Security proxy in your browser proxy configuration
- restart your browser
</snip>
No port 8080 is opened on the localhost. Any idea?Karthik,
thanks for the quick response. While browsing trough IE settings I rembered the buggy, ill implemented JVM from Microsoft. After configuring IE to use the SUN JVM everything works fine. I will report this problem to SUN and hope they will find a solution. I will include the output of the JAVA console. For now (we're on a tight schedule) I have a workaround.. Use Netscape or Mozilla or IE and the SUN JVM. -
JRE 6u2 is unable to recognize proxy autoconfiguration functions
JRE 6u2 is not able to determine the correct proxy-settings from proxy.pac File if it contains the 'IsInNet" or "IsResolvable" functions. Instead JRE falls back to DIRECT. I am looking for the workaround for these functions.
Hi,
Please refer to the following article :
http://support.microsoft.com/kb/923575
Cause:
This issue may occur if one or more of the following conditions are true:
The connection to the server requires a certification authority (CA).
You have not trusted the certification authority at the root.
The certificate may be invalid or revoked.
The certificate does not match the name of the site.
A third-party add-in is preventing access.
Solution:
To examine the certificate, follow these steps:
In Microsoft Internet Explorer, connect to the RPC server or to the secure server. For example, type
https://www.<var>server_name</var>.com/rpc in the Address bar of the Web browser, and then press ENTER.
Note The <var>server_name</var> placeholder references the RPC server name or the secure server name.
Double-click the padlock icon that is located in the lower-right corner of the Web browser.
Click the Details tab.
Note the information in the following fields:
Valid to
The Valid to field indicates the date until which the certificate is valid.
Subject
The data in the Subject field should match the site name.
Hope this helps!
Thanks.
Niko Cheng
TechNet Community Support -
Is there any way of forcing the proxy username and password to be the login name and password. The problem I have is students not clicking the save to keychain clickbox, then using other peoples proxy login and password as it may have different permissions.
On windows this comes from the active directory, is there a similar setting I can set on the Mac?
Many ThanksMicrosoft ISA can authenticate via various means including your mentioned AD, Kerberos and various LDAP schemes, which implies there's a problematic authentication means here or there's a misconfiguration of some sort. This particularly if the users are re-using previous credentials; that's (badness) occurring out at the ISA box.
I'm not an ISA expert, and I'm not at all current on Microsoft technologies. You might want to check in a more Microsoft-focused forum, and particularly search for discussions of operating ISA with Linux (yes, Linux), Unix, or Mac OS X clients; with non-Microsoft platforms.
Based on some digging, it looks like MCX might be your path forward if you want to get Mac OS X hard-wired with these and not go near the ISA box configuration; the 10.6 Proxies set-up does provide for proxy credentials, and the path into that storage (if you're auto-configuring) is usually via the user's input or via MCX.
This possibly in conjunction with the [WPAD proxy autoconfiguration|http://tips4macosx.blogspot.com/2009/07/use-web-proxy-auto-di scovery-in-safari.html] setting. (And there's an interesting thread [here|http://forums.isaserver.org/m2002033963/mpage_1/key/tm.htm#2002033963] related to proxy authentication)
Check with the Microsoft ISA folks and forums, too. This can't be the first time they've encountered Linux (and I'd start there, with this question; most any "foreign" system OS will do for the purposes of the initial question) or Mac OS X boxes. -
ACNS wait 120 seconds for reply not long enough
Hello
Using CE-7305A-K9 with ACNS 5.5.5 for outgoing proxy towards the Internet. A POST is send via the proxy and TCP ack'd by the application provider. The HTTP reply comes back from the application almost 4 minutes later. ACNS only waits for 120 seconds (I think) and then sends an error message to the client browser. The browser waits for 5 minutes so this works when the proxy is not there.
Can this max time that the proxy waits for a reply be increased ?
ThanksThis problem occurs when the first configured name server is down and replies with ICMP unreachable for the DNS queries.
or
CSCef67934
Symptom: The proxy autoconfiguration file is missing from the Content Engine after you switch from group settings to device settings, and then switch back to group settings.
Condition: This problem occurs in the following circumstances:
a. You have specified values in the Client Proxy Autoconfig Device Group window of the Content Distribution Manager GUI.
b. You override these values through the Client Proxy Autoconfig Device window of the Content Distribution Manager GUI.
c. You revert the Content Engine back to the device group settings (you click the Force device group settings button in the device group window or you select the device group from the drop-down menu in the device window).
The autoconfiguration file is not found, but the proxy autoconfiguration feature is shown as enabled.
Workaround: Return to the device window in the Content Distribution Manager GUI, delete the values from the proxy autoconfiguration fields in the device window, and then select device group from the drop-down menu. -
Is DNS prefetch disable broken in Firefox 13?
My quick comparison of 12 vs 13 seems to show that dns prefetching became active in 13 even though the disableprefetch setting was true.
Just seeking confirmation.Hmmm, I knew about a Firefox preference to disable ''link'' prefetching ([http://kb.mozillazine.org/Network.prefetch-next Network.prefetch-next @ MozillaZine Knowledge Base]). But I didn't know about the preferences related to DNS prefetching ([http://kb.mozillazine.org/Network.dns.disablePrefetch Network.dns.disablePrefetch] and, per [https://developer.mozilla.org/En/Controlling_DNS_prefetching Controlling DNS prefetching], network.dns.disablePrefetchFromHTTPS).
The Firefox 13 "all changes" page listing fixed bugs ([https://www.mozilla.org/en-US/firefox/13.0/releasenotes/buglist.html buglist.html]) shows one change to how DNS requests are handled, intended to apply to users using a proxy autoconfiguration (PAC) file. Maybe there is a connection there? -
[SOLVED] Using chromium-browser-bin with tsocks
Has anyone else tried to to use chromium with tsocks? I thought it would be transparent and work fine, but it doesn't seem to work at all. I just get error messages that chromium can't load the web page, but no site errors. I've tried both by setting LD_PRELOAD and by running 'tsocks chromium-browser' with an existing /etc/tsocks.conf that works perfectly with other applications (mutt,irssi, pacman, etc.). Is this just a chromium bug? Anyone else care to test this?
Thanks!
Scott
Last edited by firecat53 (2010-01-07 17:00:49)EDIT: I should have had SOCKS_VERSION=4 or just left it alone for the default of 4. Works as expected now.
I have a computer ($BG) with sshd open on port 81.
from my .bashrc
function unblock() {
port=5432
export SOCKS_SERVER=localhost:$port
export SOCKS_VERSION=5
chromium &
ssh -p 81 -D $port $BG
"unblock" brings chromium up but with no change in it's behavior. It's not using SOCKS.
man chromium wrote:
ENVIRONMENT
Chromium obeys the following environment variables:
all_proxy
Shorthand for specifying all of http_proxy, https_proxy, ftp_proxy
http_proxy, https_proxy, ftp_proxy
The proxy servers used for HTTP, HTTPS, and FTP. Note: because Gnome/KDE proxy settings may propagate into these variables in some terminals, this variable is ignored (in preference for actual system proxy settings) when running under Gnome or KDE. Use the command-line flags to set these when you want to force their values.
auto_proxy
Specify proxy autoconfiguration. Defined and empty autodetects; otherwise, it should be an autoconfig URL. But see above note about Gnome/KDE.
FILES
The man page does not mention any SOCKS_* settings.
However, wrench icon->options->Under the Hood: Network (Change proxy settings) launches about:linux-proxy-config which does.
about:linux-proxy-config wrote:SOCKS_SERVER: SOCKS proxy server (defaults to SOCKS v4, also specify SOCKS_VERSION=5 to use SOCKS v5)
pacman -Qi chromium wrote:Version : 5.0.375.55-1
Am I doing it wrong?
Last edited by _will (2010-06-09 15:39:40) -
Any idea why dns-related .pac functions only half-implemented?
My first post! How exciting...
I work for a fairly large company which requires proxy access to get to external (internet) sites. But, due to the number of clients we have (and due to the fact that it just kinda seems silly), we don't want clients going to the proxies for internal sites.
Due to the fact that we have a ton of machines both inside and outside of our proxies/firewalls and that many use the same domain name, we rely heavily on functions such as dnsResolve, isResolvable, and isInNet to determine via a PAC file whether or not to go to a proxy or not. After all, even though I have a bunch of box names with the same domain suffix (making hard-coding of DNS names in the PAC file a ludicrous idea), we currently only have a handful of network IP address segments on the internet. This way, we can say using isInNet "if host is on IP address segment x.y.z.0/255.255.255.0 then go to proxy, else stay direct."
This works great for the several thousand browsers we have deployed. Unfortunately, now that we are looking to upgrade from the MS JVM/JRE to the Sun JVM/JRE , we see big problems with these functions as they only work with IP addresses.
Really. The whole point of DNS is to resolve DNS names to IP addresses. So the fact that a function named dnsResolve would not perform a forward lookup eludes me.
According to the documentation, these functions only work on IP addresses. Does anyone know why the forward functionality was left out?
Thanks!Sorry, guess I wasn't too terribly clear.
Java 1.4 supports .pac files for proxy autoconfiguration. From what I have read, java uses the javascript engine supplied by the browser, but the runtime internally defines the functions required for using a .pac file. These include shExpMatch, dnsDomainIs, and others. These are not java functions that can be used in applets or applications. -
AutoDiscover is a new feature in Exchange 2007, to provide access to Microsoft Exchange features (OAB, Availability service, UM) for Outlook 2007
clients or later.
We can determine whether problems related to AutoDiscover via OWA.
For example:
OOF is not working in Outlook Client but it is working in OWA.
When we realized this issue is not related to Outlook Client side and network side after performing some troubleshooting steps, it should be something
abnormal on AutoDiscover.
There is a common tool to check AutoDiscover in Outlook, Test E-mail AutoConfiguration.
Today, we will introduce AutoDisocver and “Test E-mail AutoConfiguration” in details. Hope it is helpful for AutoDiscover troubleshooting and self-learning.
1. Differences between “Test E-mail AutoConfiguration” and other tools
The “Test-OutlookWebServices” cmdlet allows us to test the functionality of the following services:
Autodisocver
Exchange Web Services
Availability Service
Offline Address Book
When we run “Test-OutlookWebServices”, it returns all the web services’ states.
However, some information are useless for some scenarios.
For example:
We just want our Exchange 2010 Server working internally. So it is unnecessary to enable Outlook Anywhere.
However, when we run “Test-OutlookWebServices”, it returns Outlook Anywhere errors because the Outlook Anywhere does not need to been enabled.
In contrast, using “Test E-mail Autodiscover” is more intuitive.
If there is any problems, it will return error code from the test result, like 0x8004010F etc. We can do some research from TechNet articles or MS
KBs.
Although it is difficult to say where the specific problem is just via the error codes, we can combine with IIS logs to perform troubleshooting and
find the root of problem.
2. How to use “Test E-mail AutoConfiguration” Tool
a. Open Outlook, we can find there is an Outlook Icon at the right bottom of System tray. Holding down “Ctrl” button and right click the Outlook Icon, we will see “Test E-mail
AutoConfiguration” option. Please see Figure 01.
Figure 01
b. Click “Test E-mail AutoCofiguration” and input user name, uncheck the “Use Guessmart” and “Secure Guessmart Authentication” checkboxes, then click “Test”. Please see
Figure 02.
Figure 02
c. “Test E-mail AutoConfiguration” result panel and log panel. Please see Figure 03 and Figure 04.
Figure 03
Figure 04
3. How to understand “Test E-mail AutoConfiguration” result
According to the Figure 03, we found there are many URLs in the “Test E-mail AutoConfiguration” result panel. Let us understand the details of these
URLs.
If we these URLs are not the correct ones, we can re-setting or re-creating them via commands.
- Internal OWA URL:
https://vamwan310.vamwan.com/owa/
OWA internal access.
- External OWA URL:
https://mail.vamwan.com/owa/
OWA external access.
- Availability service URL:
https://vamwan310.vamwan.com/EWS/Exchange.asmx
Free/Busy, OOF and meeting suggestions.
- OOF URL:
https://vamwan310.vamwan.com/EWS/Exchange.asmx
Out of Office access.
- OAB URL:
https://vamwan310.vamwan.com/OAB/023ef307-b18a-4911-a52c-de26700f6173/
OAB access.
- Exchange Control Panel URL:
https://vamwan310.vamwan.com/ecp/
ECP access.
4. AutoDiscover Tips
- AutoDiscover Service itself is a web application running on the AutoDiscover virtual directory (not a server service) designed to provide connection information to various
clients.
- The AutoDiscover service is automatically installed and configured when CAS role is added to any Exchange Server.
- AutoDisocver virtual directory is created in IIS within the Default Web Site.
- A Sercive-Connection-Point (SCP) object is created in AD.
- The SCP contains a URL to the AutoDiscover service. This is for intranet clients so they do not have to use DNS to locate the AutoDiscover service.
- In AD this object is located at the following location:
DC=<domain>, CN=Configuration, CN=Services, CN=Microsoft Exchange, CN=First Organization, CN=Administrative Groups, CN=Exchange Administrative
Group, CN=Servers, CN=<CAS Name>, CN=Protocols, CN=AutoDiscover, CN=<CAS Name>
- Setup creates the AutoDiscover URL based on the following structure:
<CASNetbiosName>.domain.com/AutoDiscover/AutoDiscover.xml
If a PKI certificate is not already present, a self-signed certificate is installed on the Default Web Site.
To help allow this certificate pass the Issues to test it is set up with a Subject Alternative Name containing urls.
If a PKI certificate is present, that certificate is utilized and configured for use in IIS.
The Outlook Provider is used to configure separate settings for the Exchange PRC protocol (internal to network), Outlook Anywhere (Exchange HTTP protocol), and WEB:
EXCH, EXPR, WEB
The
EXCH and EXPR setting are vital for the proper configuration of Outlook.
5. AutoDiscover Workflow
General Process flow:
There are various components surrounding the AutoDiscover Service and all are necessary to complete a request. Including IIS, AutoDiscover service
itself, the provider, and AD.
a.
Client constructs service URL and submits Autodiscover Request. First attempt to locate the SCP object in AD. So, DNS is not needed.
b.
IIS Authenticates User.
c.
Is the Autodiscover service in the appropriate forest?
+ If YES.
1)
Parse/Validate Request
2)
Is there a provider that can service the Request?
++ If YES
a)
Config provider processes request and returns config settings.
b)
Return config setting to client
++ If NO
Inform client we cannot process request
+ If NO.
Redirect client to Autodiscover service in the appropriate forest.
Methods to find Autodiscover services: SCP and DNS
Domain-joined
a. Find SCP first.
The SCP contains the URL to the AutoDiscover service.
URL: https://CAS01.contoso.com(CAS’ FQDN)/AutoDiscover/AutoDiscover.xml
If more than one SCP object is found in AD (it means there are multiple CAS servers in the Exchange organization), Outlook client will choose one of the SCP entries that
are in the same site to obtain the AutoDisocover URL.
b. If we cannot find SCP object, then Outlook client will use DNS to locate AutoDiscover.
Outlook parses out the domain (SMTP suffix) via your EmaiAddress, then attempts to connect to the predetermined order of URLs via the suffix.
For example: If my email address is
[email protected]
Outlook tries POST commands to the following order of URLs:
https://contoso.com/autodiscover/autodiscover.xml
https://autodiscover.contoso.com/autodiscover/autodiscover.xml
NOTE: The URLs above is by design, hardcode
and cannot be changed.
c.
If those fail, Outlook tries a simple redirect to another URLs in IIS:
http://contoso.com/autodiscover/autodiscover.xml
http://autodiscover.contoso.com/autodiscover/autodiscover.xml
If none of these URLs work then DNS is most likely not set up correctly.
We can test that by pinging one of the above URLs.
If that is successful, we must ensure the URLs contoso.com or autodiscover.contoso.com are actually pointing to the CAS server.
If the ping fails then there is a chance that DNS is not set up correctly so be sure to check that the URLs are even registered.
NOTE: If contoso.com is a non-CAS server,
we should add a Host record with just AutoDiscover. And point that entry to your CAS server that is running AutoDiscover.
d.
If still failed, we can use DNS SRV lookup for _autodiscover._tcp.contoso.com, then “CAS01.contoso.com” returned. Outlook will ask permission from the user to continue
with AutoDiscover to post to https://CAS01.contoso.com/autodiscover/autodiscover.xml
Non-Domain-joined
It first tries to locate the Autodiscover service by looking up the SCP object in AD. However the client is unable to contact AD, it tries to locate
the Autodiscover service by using DNS.
Then, same as step b, c, d in
Domain-joined scenario.
6. How to change the AutoDiscover
service location order forcibly?
By default, Outlook client locates AutoDiscover service in that order above.
We can also change the order forcibly.
a.
If we want to locate AutoDiscover service via one of the autodiscover URLs, please running following command in EMS:
Set-ClientAccessServer -identity <servername> -AutodiscoverServiceInternalUri https://autodiscover.contoso.com/autodiscover/autodiscover.xml(URL
that you want)
b. If we want to locate AutoDiscover service via
SRV record, please follows this KB to set up SRV:
http://support.microsoft.com/kb/940881
7. How to check AutoDiscover Healthy
a. We should make sure the AutoDiscover
is healthy before using AutoDiscover to perform troubleshooting.
b.
We can browse following URL in IE explorer:
https://autodiscover.vamwan.com/autodiscover/autodiscover.xml
If it returns “code 600”, that means AutoDiscover is healthy.
Screenshot as below:
c. AutoDiscover itself returns errors to the requesting client if the incoming request does not contain the appropriate information to complete a
request.
The following table explains the possible errors that could be returned.
Error Value
Description
600
Mailbox not found and a referral could not be generated.
601
Address supplied is not a mailbox. The provided email address is not something a client can connect to. It could
be a group or public folder.
602
Active Directory error.
603
Others.
The 600 “Invalid Request” error is returned because a user name was not passed to the service. That is OK for this test because this does confirm
the service is running and accepting requests.
d.
If AutoDiscover service is not working well, I suggest re-building the AutoDiscover Virtual Directory for testing.
Steps as below:
1) Running following command in EMS to remove the AutoDiscover VD (we cannot delete it via EMC):
Remove-AutodiscoverVirtualDirectory -Identity "CAS01\autodiscover(autodiscover.contoso.com)"
Please refer:
http://technet.microsoft.com/en-us/library/bb124113(v=exchg.141).aspx
2)
Running following command in EMS to verify whether we have removed the AutoDisocver VD successfully:
Get-AutodiscoverVirtualDirectory | FL
Please refer:
http://technet.microsoft.com/en-us/library/aa996819(v=exchg.141).aspx
3)
Running following command in EMS to re-creating a new AutoDiscover VD:
New-AutodiscoverVirtualDirectory -Websitename <websitename> -BasicAuthentication:$true -WindowsAuthentication:$true
Please refer:
http://technet.microsoft.com/en-us/library/aa996418(v=exchg.141).aspx
8. Common issues
a. Outlook Disconnection
Issue and Troubleshooting
Issue:
Sometimes the Outlook clients cannot connect to the Exchange server after migrating to a new Exchange server or changing to new CAS. The Outlook clients
always connect to the old CAS server.
Troubleshooting:
To solve this issue, we should change the SCP via following command:
Set-ClientAccessServer -Identity
<var>CAS_Server_Name</var> -AutodiscoverServiceInternalUri
https://mail.contoso.com(newCAS’FQDN)/autodiscover/autodiscover.xml
b. Autodiscover
Certificate issue
Tips on Certificate:
Exchange requires a certificate to run an SSL protocol such as HTTPS. We can use the certificate that supports subject alternate names (SAN) in Exchange.
This is to allow the certificate to support resources that have different names, such as Outlook Anywhere and the Autodisocver Web application.
Issue and Troubleshooting
Issue:
We receiver the Certificate Principal Mismatch error when we use a SAN certificate.
Troubleshooting:
1) Please determine the FQDN that the client
uses to access the resource. Steps as below:
OutlookàToolsàAccount
SettingsàE-mailàclick
the Exchange accountàChangeàMore
SettingsàConnectionàExchange
Proxy Settingsànote the FQND that list in the
Only connect to proxy servers that have this principal name in their certificate box.
2)
Please using EMS to determine the value for the CerPrincipalName attribute: Get-OutlookProvider
This command returns the result for the EXPR name.
3)
Please re-setting the CertPrincipalName attribute to match the FQDN via following command:
Set-OutlookProvider EXPR –CertPrincipalName: “msstd:<FQDN the certificate is issued to>”
9. Resource for reference:
Autodiscover and Exchange 2007
http://technet.microsoft.com/en-us/library/bb232838(v=exchg.80).aspx
White Paper: Understanding the Exchange 2010 Autodiscover Service
http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx
Certificate Principal Mismatch
http://technet.microsoft.com/en-us/library/aa998424(v=exchg.80).aspx
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.HI,
I get following? when run the test? user is login to Domain A but accessing exchange in Domain B? -
Hi all,
From time to time (at least once a day), the following message pops up on the user's screen:
"There is a problem with the proxy server's security certificate. Outlook is unable to connect to the proxy server . Error Code 80000000)."
If we click "OK" it goes away and everything continues to work although sometimes Outlook disconnects. It is quite annoying...
Any ideas?
Thank you in advanceHi,
For the security alert issue, I'd like to recommend you check the name in the alert windows, and confirm if the name is in your certificate.
Additionally, to narrow down the cause, when the Outlook client cannot connect again, I recommand you firstly check the connectivity by using Test E-mail AutoConfiguration. For more information, you can refe to the following article:
http://social.technet.microsoft.com/Forums/en-US/54bc6b17-9b60-46a4-9dad-584836d15a02/troubleshooting-and-introduction-for-exchange-20072010-autodiscover-details-about-test-email?forum=exchangesvrgeneral
Thanks,
Angela Shi
TechNet Community Support -
Outlook is unable to connect to the proxy server.(Error Code 10)
Hi,
I had problems with RPC proxy, I was trying to setup cutover migration.
So I read somewhere that i need to change the certprincipalname with Set-Outlookprovider.
But after this change my outlook was not working anymore
The settings before the change were:
Name Server CertPrincipalName TTL
EXCH
1
EXPR
1
WEB
1
So I set this back to the original (above) but this didn't helped...
Outlook 2013 and Exchange 2013
There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site mail.abc-company.com.
Outlook is unable to connect to the proxy server.(Error Code 10)Hi,
Please make sure the mail.abc-company.com is included in your Exchange certificate which has been assigned with IIS service.
If possible, please run the following command for double check:
Get-ExchangeCertificate | FL
For Autodiscover service, please run
Test E-mail AutoConfiguration to check if the connection is successful in Log tab and confirm the other services URL can use proper namespace in Results tab for request access.
If the Autodiscover service fails, please create a SRV record with mail.abc-company.com for Autodiscover service to have a try:
http://support2.microsoft.com/kb/940881/en-us
Regards,
Winnie Liang
TechNet Community Support -
Exchange 2013 - RCA reports RPC Proxy can't be pinged (404)
Hi, I've searched extensively and spent hours trying to fix my problem and nothing in the forums has addressed yet.
I have a new exchange server 2013 SP1 and Outlook 2013 clients can't connect. Outlook states Exchange Server is Unavailable.
This led me to Microsoft RCA. RCA reported that the RPC Proxy can't be pinged with a 404 error. But I CAN visit the server RCA references a step or two above and am treated to a white page, no 404. (
https://xch.domain.com/rpc/rpcproxy.dll?xch.domain.com:6002 )
I have set ExternalAuthenticatoin to Negotiate and internal to NTLM, I have set outlookProvider to
[PS] C:\Windows\system32>Get-Outlookprovider
Name Server CertPrincipalName TTL
EXCH msstd:*.domain.com 1
EXPR msstd:*.domain.com 1
WEB
1
The SSL Certificate is a trusted one, the External URL is set properly in the server settings via ECP as well.
Any ideas would be greatly appreciated. I'm tired and incapable of listing all of the steps I've tried, but if you know of any tips for troubleshooting and fixing RPC Ping issues, I would love to hear them.
Thanks!Hi,
How about OWA, does it works well?
1. If OWA doesn't work, please check wether the Outlook Anywhere has been enabled.
It seems you have configured Outlook Anywhere as below. If not, please change the configuration.
Does the whole error message like this:
Attempting to ping RPC proxy mail.contoso.co.nz.
RPC Proxy can't be pinged.
Additional Details
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
Please make sure the configuration as below:
Set-OutlookAnywhere
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : NTLM
IISAuthenticationMethods : {basic, ntlm, negotiate}
Set-OutlookProvider
Name Server CertPrincipalName TTL
EXCH
msstd:*.contoso.co.nz 1
EXPR
msstd:*.contoso.co.nz 1
WEB 1
More details in the following link:
Exchange 2013 Outlook Anywhere (RPC) Settings
http://infused.co.nz/2013/05/13/exchange-2013-outlook-anywhere-rpc-settings/
Disclaimer:
Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure
that you completely understand the risk before retrieving any suggestions from the above link.
2. If the method 1 doesn't help, please collect some related error message in App Log without sensitive information for the further troubleshooting.
3. If OWA works well, just Outlook doesn't work, I suggest try to run 'Test-OutlookConnectivity' command in EMS to verify the connectivity between Exchange server and Outlook client. Please paste the details without sensitive information if there is any
abnormal.
4. Please also run 'Test E-mail AutoConfiguration' on Outlook to verify whether there is anything abnormal.
Thanks
Mavis
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Mavis Huang
TechNet Community Support -
How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?
Some of our installations use the Sun Web Server 7.0 (update 1, usually)
for hosting some of the public resource and reverse-proxying other parts
of the URI namespace from other backend servers (content, application
and other types of servers).
So far every type of backend server served a unique part of the namespace
and there was no collision of names, and the backend resources were
published in a one-to-one manner. That is, a backend resource like, say,
http://appserver:8080/content/page.html would be published in the internet
as http://www.publicsite.com/content/page.html
I was recently asked to research whether we can rename some parts of
the public URI namespace, to publish some or all resources as, say,
http://www.publicsite.com/data/page.html while using the same backend
resources.
Another quest, possibly related in solution, was to make a tidy url for the
first page the user opens of the site. That is, in the current solution when
a visitor types the url "www.publicsite.com" in his or her browser, our web
server returns an HTTP-302 redirect to the actual first page URL, so the
browser sends a second request (and changes the URL in its location bar).
One customer said that it is not "tidy". They don't want the URL to change
right upon first rendering the page. They want the root page to be rendered
instantly i the first HTTP request.
So far I found that I can't solve these problems. I believe these problems
share a solution because it relies on ability to control the actual URI strings
requested by Sun Web Server from backend servers.
Some details follow, now:
It seems that the reverse proxy (Service fn="service-passthrough") takes
only the $uri value which was originally requested by the browser. I didn't
yet manage to override this value while processing a request, not even if
I "restart" a request. Turning the error log up to "finest" I see that even
when making the "service-passthrough" operation, the Sun Web Server
still remembers that the request was for "/test" (in my test case below);
it does indeed ask the backend server for an URI "/test" and that fails.
[04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
fn="service-passthrough" rewrite-host="true" rewrite-location="true"
servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
# this causes /content/* to be taken from another (backend) server
NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
# this causes requests to site root to be HTTP-redirected to a certain page URI
<If $uri =~ '^/$'>
NameTrans fn="redirect"
url="http://www.publicsite.com/content/MainPage.html"
</If>
<Object name="content-test">
### This maps http://public/content/* to http://10.16.2.127:8080/content/*
### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
</Object>
I have also tried "restart"ing the request like this:
NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
Service fn="set-variable" uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
//JimSome of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
I was recently asked to research whether we can rename some parts of
the public URI namespace, to publish some or all resources as, say,
http://www.publicsite.com/data/page.html while using the same backend
resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
yes, you could do something like
- edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
<Object name=¨default¨>
<If $uri = ¨/page/¨>
#move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
NameTrans.. fn=map
</If
</Object>
and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
<install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
<install-root>/bin/wadm deploy-config --user=admin <hostname>
you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
>
One customer said that it is not "tidy". They don't want the URL to change
right upon first rendering the page. They want the root page to be rendered
instantly i the first HTTP request.
please check out the rewrite / restart SAF. this should help you.
http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
It seems that the reverse proxy (Service fn="service-passthrough") takes
only the $uri value which was originally requested by the browser. I didn't
yet manage to override this value while processing a request, not even if
I "restart" a request. Turning the error log up to "finest" I see that even
when making the "service-passthrough" operation, the Sun Web Server
still remembers that the request was for "/test" (in my test case below);
it does indeed ask the backend server for an URI "/test" and that fails.
now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
feel free to post to us if you need any futher help
you are probably better off - starting fresh
- install ws7u4
- use gui or CLI to create a reverse proxy and map one on one - say content
http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
<install-root>/bin/wadm disable-java user=admin config=<hostname>
<install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
<install-root>/bin/wadm deploy-config --user=admin <hostname>
now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
>
I have also tried "restart"ing the request like this:
NameTrans fn="restart" uri="/data"
ordering is very important here... you need to do this some thing like
<Object name=default>
<If not $restarted>
NameTrans fn=restart uri from=/¨ uri=/foo.
</If> -
ater upgrading to firefox 7 from version 5 i cant open this web browser it worked b4 but after upgrade it will not open. i did system restore to go back to a time when it did work and i still have this problem.the message says website is too busy or proxy settings r wrong but i changed them every way possible.i uninstalled the program and reinstalled it with no success. even google chrome will give me same message is my pc infected? or is there a way to get firefox to be my primary web browser?my operating system is win7 vista i am currently backing up my files to a portable drive and my intension is to save files and reboot entire system and then d-load firefox again will this solve this issue?
ater upgrading to firefox 7 from version 5 i cant open this web browser it worked b4 but after upgrade it will not open. i did system restore to go back to a time when it did work and i still have this problem.the message says website is too busy or proxy settings r wrong but i changed them every way possible.i uninstalled the program and reinstalled it with no success. even google chrome will give me same message is my pc infected? or is there a way to get firefox to be my primary web browser?my operating system is win7 vista i am currently backing up my files to a portable drive and my intension is to save files and reboot entire system and then d-load firefox again will this solve this issue?
Maybe you are looking for
-
Hello Everyone, Please please please dont say YES ... i tried to update itunes to the latestest version last Saturday, it downloaded to the prompt screen where is says "RUN" software, UNFORTUNATELY my 16 year old wanted to use MSN and crashed the PC
-
Flash not linking in dreamweaver
Hi, Hope someone can help, I have created a navigation bar in flash, and done all the action script (getURL) When putting in DW, the buttons dont link to anywhere, Ive checked on the net and found something, added it but still doent link this is my f
-
Pass/Fail issue with Quiz and Click Buttons
Got a complicated one for ya! I have a project that has about 100 quiz questions. I want to add slides with an image for backgrownd, a voice over and a "Click Button" to be used like a Simulation. If the "Click Button" is not clicked on, I want the
-
HT4211 Facetime - does it support airplay mirroring ?
I tried airplay mirroring from my iphone 5s to my TV using Digital AV adapter,am not getting anything on the screen.
-
2.1 update and still dropping calls
Just loaded the 2.1 again. Had a full signal for about 3 minutes and then went back to no signal and dropped call. As soon as i finished the call the phone flutated back to full signal. I can leave the phone in the same place and watch the signal bar