Proxy server + HttpClusterServlet

Similar Messages

• Basic auth in proxy server breaks managed server form auth

  Hi,
  I have a proxy server configured in front of 2 managed servers.
  The managed servers have secure pages and are using form auth and the
  proxy server is working properly. In other words, I point my browser
  at the proxy and I end up being services by one of the managed servers.
  If I attempt to access a secure page via the proxy I am sent to the form
  login page via the proxy.
  Now for the problem:
  If I configure the proxy server to use basic auth, and secure all
  pages in the proxy, I must provide my userid/password to the proxy
  server (this is working fine) before I can get to one of the managed
  servers. I can get to the welcome page of the managed server (which is
  not secure) There is a link to a secure page on the welcome page. When
  I click on the link to the secure page, I am sent to the form auth by
  the managed server. I authenticate, but I can never see the secure
  page. I end up being redirected to the form login page endlessly.
  Both the proxy server and the managed server are usign the default
  JSESSIONID.
  Here is a section of the web.xml for the proxy server:
  <servlet>
  <servlet-name>HttpClusterServlet</servlet-name>
  <servlet-class>weblogic.servlet.proxy.HttpClusterServlet</servlet-class>
  <init-param>
  <param-name>WebLogicCluster</param-name>
  <param-value>${ProxyConfig}</param-value>
  </init-param>
  <init-param>
  <param-name>SecureProxy</param-name>
  <param-value>ON</param-value>
  </init-param>
  <init-param>
  <param-name>Debug</param-name>
  <param-value>ON</param-value>
  </init-param>
  <init-param>
  <param-name>DebugConfigInfo</param-name>
  <param-value>ON</param-value>
  </init-param>
  <init-param>
  <param-name>CookieName</param-name>
  <param-value>JSESSIONID</param-value>
  </init-param>
  <init-param>
  <param-name>CookieName</param-name>
  <param-value>wlauthcookie_</param-value>
  </init-param>
  </servlet>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>gcmgui/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>applauncher/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>ssoadmin/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>default/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>domainadmin/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>gsc/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>psr/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>broadcastclient/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>nra/*</url-pattern>
  </servlet-mapping>
  Here is the proxy debug:
  <Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
  /applauncher/jsp/AppLaunche
  r.jsp HTTP/1.1
  <Fri Jul 11 14:40:07 EDT 2003>: Found cookie: Sf4VoFtpQwG]dTNEh9Yq
  <Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
  -213061352!10
  .68.10.87!1080!10443
  <Fri Jul 11 14:40:07 EDT 2003>: Remove idle for '30' secs:
  ProxyConnection(isSec
  ureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: Create connection:
  ProxyConnection(isSecureProxy
  =true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
  <Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
  image/jpeg,
  image/pjpeg, application/vnd.ms-excel, application/msword,
  application/vnd.ms-po
  werpoint, */*
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
  <Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
  MSIE 6.0; W
  indows NT 4.0; H010818)
  <Fri Jul 11 14:40:07 EDT 2003>: Host: localhost:18002
  <Fri Jul 11 14:40:07 EDT 2003>: Connection: Keep-Alive
  <Fri Jul 11 14:40:07 EDT 2003>: Cookie:
  JSESSIONID=1PEosMJQ9ZJrewjj1t5nZfNtYe1e5
  pWYbjyBGvZ1ExEY8YoueKTG!-213061352!NONE;
  wlauthcookie_=Sf4VoFtpQwG]dTNEh9Yq
  <Fri Jul 11 14:40:07 EDT 2003>: Authorization: Basic
  cmFwcGVsYmE6b3V0Mmx1bmNo
  <Fri Jul 11 14:40:07 EDT 2003>: HTTP/1.1 302 Moved Temporarily
  <Fri Jul 11 14:40:07 EDT 2003>: Out-bound headers:
  <Fri Jul 11 14:40:07 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:07 GMT
  <Fri Jul 11 14:40:07 EDT 2003>: Location:
  https://localhost:18002/applauncher/un
  restricted/jsp/FormLogin.jsp
  <Fri Jul 11 14:40:07 EDT 2003>: Server: WebLogic WebLogic Server 8.1
  Thu Mar 20
  23:06:05 PST 2003 246620
  <Fri Jul 11 14:40:07 EDT 2003>: Transfer-Encoding: Chunked
  <Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
  /applauncher/unrestricted/j
  sp/FormLogin.jsp HTTP/1.1
  <Fri Jul 11 14:40:07 EDT 2003>: Found cookie: UZ]OrXsBP6uEEa[0veSz
  <Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
  -213061352!10
  .68.10.87!1080!10443
  <Fri Jul 11 14:40:07 EDT 2003>: Requeue connection:
  ProxyConnection(isSecureProx
  y=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: Recycle connection:
  ProxyConnection(isSecureProx
  y=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
  <Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
  image/jpeg,
  image/pjpeg, application/vnd.ms-excel, application/msword,
  application/vnd.ms-po
  werpoint, */*
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
  <Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
  MSIE 6.0; W
  indows NT 4.0; H010818)
  <Fri Jul 11 14:40:08 EDT 2003>: Host: localhost:18002
  <Fri Jul 11 14:40:08 EDT 2003>: Connection: Keep-Alive
  <Fri Jul 11 14:40:08 EDT 2003>: Authorization: Basic
  cmFwcGVsYmE6b3V0Mmx1bmNo
  <Fri Jul 11 14:40:08 EDT 2003>: Cookie:
  JSESSIONID=1PEHvo1gQIbwOMuVsU9pJnnvlGBSP
  74ZUcSHwazE7domCL8UlVA2!-937872307; wlauthcookie_=UZ]OrXsBP6uEEa[0veSz
  <Fri Jul 11 14:40:08 EDT 2003>: HTTP/1.1 200 OK
  <Fri Jul 11 14:40:08 EDT 2003>: Out-bound headers:
  <Fri Jul 11 14:40:08 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:08 GMT
  <Fri Jul 11 14:40:08 EDT 2003>: Server: WebLogic WebLogic Server 8.1
  Thu Mar 20
  23:06:05 PST 2003 246620
  <Fri Jul 11 14:40:08 EDT 2003>: Content-Length: 4238
  <Fri Jul 11 14:40:08 EDT 2003>: Set-Cookie:
  JSESSIONID=1PEIxJ21oT5H3Z2ilQjPqpq1V
  kdOhEnNbbz9wviTtTTZj6IBp29b!-213061352!NONE; path=/
  <Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:08 EDT 2003>: Requeue connection:
  ProxyConnection(isSecureProx
  y=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:44 EDT 2003>: Trigger remove idle for '35' secs:
  ProxyConnecti
  on(isSecureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
  Thanks,
  Rob

  I typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.

• Single-point failure of proxy server??

  Three questions regarding using the proxy server for WLS clustering:
            1. What happen if the proxy server fails? The entire cluster won't be
            accessible?
            If so, is there a implication of having "meta-configuration" for
            proxy server failover?
            2. Does the term "in-memory persistence" clustering (over JDBC) does
            imply
            the session data is "shared" in memory between the primary &
            secondary
            servers, or they are compleleted replicated in each server??
            3. How bad is it in terms of performance using the JDBC session
            persistence
            and the in-memory replication? Any one has experimented it??
            Any thoughts and comments are helpful and appreciated??
            Frank Wang
            

  Frank,
            If using File/JDBC persistence, it doesn't matter which server gets the request
            because all servers have access to every session's data.
            When you assign a hostname "to the cluster" and map that hostname to the IP
            address of each server in the cluster, this sets up something called DNS
            round-robining. What this does is round-robin which IP address is returned when
            the cluster hostname is resolved. Unfortunately, DNS is not very good at
            detecting failed machines so it may continue to hand out IP addresses of failed
            machines.
            A better way to do this is with a hardware router that is made for this purpose
            (e.g., LocalDirector). The router can detect a failed machine and redirect the
            request to another machine in the cluster. Unlike the in-memory replication
            case, it doesn't matter which server gets each request so no proxy is required.
            Hope this helps,
            Robert
            Frank Wagn wrote:
            > Hi, Robert,
            >
            > Thank you for the answers !!
            >
            > It is still not very clear to me when using the File/JDBC session
            > persistence.
            > Since there is no such a "coordinating" proxy server who knows how to
            > load balancing among the servers in the cluster (based on the specified
            > algorithm in the proxy server properties file), how does the load balancing
            > (and failover) work, when the requests are directed to a "mask" of cluster IP
            >
            > (virtual proxy) which in terms broadcast to all the servers??
            >
            > Frank
            >
            > Robert Patrick wrote:
            >
            > > Hi Frank,
            > >
            > > Frank Wang wrote:
            > >
            > > > Three questions regarding using the proxy server for WLS clustering:
            > > >
            > > > 1. What happen if the proxy server fails? The entire cluster won't be
            > > > accessible?
            > > > If so, is there a implication of having "meta-configuration" for
            > > > proxy server failover?
            > >
            > > If you have a single proxy server, this is correct in that it is a single
            > > point of failure. A common configuration is to use multiple proxy
            > > servers (with something like LocalDirector sitting in front to do routing
            > > and load balancing to the proxy servers) that proxy requests to a cluster
            > > of WLS servers.
            > >
            > > > 2. Does the term "in-memory persistence" clustering (over JDBC) does
            > > > imply
            > > > the session data is "shared" in memory between the primary &
            > > > secondary
            > > > servers, or they are compleleted replicated in each server??
            > >
            > > HttpSession state can be shared across the servers in a cluster in one of
            > > three ways.
            > >
            > > 1.) Using File-based persistence (i.e., serialization) - This requires a
            > > shared file system across all of the servers in the cluster. In this
            > > configuration, all servers are equal and can access the session state.
            > > As you might imagine, this approach is rather expensive since file I/O is
            > > involved.
            > >
            > > 2.) Using JDBC-based persistence - This requires that all servers in the
            > > cluster be configured with the same JDBC connection pool. As with method
            > > 1, all servers are equal and can access the session state. As you might
            > > imagine, this approach is rather expensive since database I/O is
            > > involved.
            > >
            > > 3.) In-memory replication (not really persistence) - This scheme uses a
            > > primary-secondary replication scheme so that each session object is kept
            > > on only two machines in the cluster (which two machines vary depending on
            > > the particular session instance). In this scheme, we need a proxy server
            > > sitting in front of the cluster that can route the requests to the server
            > > with the primary copy of the session for each request (or to the
            > > secondary if the primary has failed). The location information is
            > > encoded in the session id and the proxy knows how to decode this
            > > information and route the requests accordingly (because the proxy is
            > > using code supplied by BEA -- the NSAPI or ISAPI plugins or the
            > > HttpClusterServlet).
            > >
            > > > 3. How bad is it in terms of performance using the JDBC session
            > > > persistence
            > > > and the in-memory replication? Any one has experimented it??
            > >
            > > JDBC session persistence performance is highly dependent on the
            > > underlying DBMS. In my experience in doing benchmarks with WLS,
            > > in-memory replication (of a reasonably small amount of session data) does
            > > not add any measurable overhead. Of course, the key words here are
            > > "reasonably small amount of session data". The more data you stuff into
            > > the HttpSession, the more data that needs to be serialized between
            > > servers, more performance will be impacted.
            > >
            > > Just my two cents,
            > > Robert
            

• Successfully Installing & Activating CS6 (not Creative Cloud) behind an Authentication Proxy server

  If you are like me and work in a fairly secure office where all Internet access is routed through an authenticate proxy server (you have to use an ID and password to get to the Internet) you might have noticed that installing CS6 products can be difficult.
  The installer told me to go to http://www.adobe.com/go/getactivated for an offline activation.
  It is not practical to "Disable the firewall" or"Disable the proxy" as most of us worker bees have neither the authority or ability to do such a thing.
  So back to that last bit: "Disable the proxy server." Well I could not do that, but I could disable my PC's ability to connect to the proxy and therefore make it seem like I had no Internet whatsoever. And lo and behold all the right prompts appeared and offline activation sailed along smoothly!
  This is a little long, but I wanted to include lots of screen shots so you'll know what to expect.
  Here's how I did it:
  1. Right-click the Internet Explorer Icon on your desktop (or select Tools > Internet Options in IE)
  2. Click Properties.
  3. Select the Connections card.
  4. Click LAN Settings.
  5. Uncheck any boxes (you might want to write down what was in the boxes or grab a screen shot as you'll have to put this back to how you found it later to restore your Internet access). Click OK and OK again. You've now shut off IE's ability to hit your proxy server and therefore the Internet.
  6. Click Install I have a serial number
  7. Accept the license agreement.
  8. Enter your license key.
  9. Click Next. At this point the installer will attempt to validate your license, but since you haven't got Internet access, it will give you an error. This is where the process broke down on me, when the installer could detect the Internet but not navigate my proxy.
  10. But, now beacuse you do not have Internet Access, you'll get this error. Click Connect Later.
  11. Select your customizations (if any) and click Install.
  12. When installation is complete, click Launch Now.
  13. You'll get an error since you don't have Internet, click "Having Trouble Connecting to the internet?"
  14. Click Offline Activation.
  15. Click Generate Request Code.
  16. Go to http://www.adobe.com/go/getactivated, sign in, put in your request code and serial number and generate the response code.*
  17. Enter the response code.
  18. Click Activate.
  19. Click Launch when you get the Offline Activation Complete dialog.
  * if you are installing more than one product, generate the response codes for each at the same time. I ran into an issue where once I created a response code, no other response codes I created for subsequent installs were accepted. I had to wait 24 hours for a newly generated code to work.
  You are done! Enjoy your software!
  Cheers!
  -Greg

  Just want to point out--after many hours of attempting to activate CS6 software (stumping two Adobe techs in the process)--that there is one important bit of information left out of the directions given above (and it's not in the video either):
  These instructions work only if you are starting the installation from scratch.  If you (mistakenly) think that your inability to connect to Adobe's activation server is temporary and go ahead and install the software, you will not be able to get back to the screen to generate a request code (which you need to be able to activate the application).  This is in spite of Adobe's assurance to the contrary that if you don't activate during installation, you can do it later when the application starts.  If you try to activate later, you are taken to an online screen that asks for the "request code"--but you have not been given an opportunity to get that request code.
  The only solution I could find:  I had to uninstall Photoshop CS6, then unplug my internet connection, then reinstall the software, watching carefully for the screen that provides the button to generate a request code.  If Adobe is going to require the activation/validation procedure, then it really needs to make it work and correct the error in the software, namely, the failure to provide for offline activation once the software has been installed.

• How to configure SharePoint HNSC with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.

  Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
  In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with  Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
  to Public URL = "proxy URL".
  In Host Named Site Collections,  alternate access mappings  are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
  URL is associated.  This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
  point HNSC to respond  to a different URL(proxy URL). Consequently, Share Point URLs are exposed to  external users.
  Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If  hiding the internal Share Point URLS is a requirement,
  it suggests to use a web application instead of host named site collections.
  Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
  http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
  Excerpt from above article-
  "Host Named Site Collections Only Use One Host Name
  Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
  are always considered to be in the Default zone.  This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
  as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
  calls to the same URL.  If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>

  Hi Satish,
  You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
  It is by design that each host-name site collection only support one URL for each zone.
  The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
  https://support.microsoft.com/en-us/kb/2826457
  So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
  Best regards.
  Thanks
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Mobile me/icloud find my iphone through a proxy server?

  Hi All,
  I'm not sure if this is the right place to post this so if it's not please let me know where is best.
  I have a fleet of 600 ipads who are forced to run through a proxy server via a 3g connection. Up untill last week I could trace all these iPads via mobile me or icloud and use the find my iPhone feature. In this last week I seem to have lost this ability. All iPads are coming up with "no location". Mixture of iOS5 and variations of iOS4
  If I turn off the proxy on the iPad I can trace the iPad.
  me.com, apple.com amd icloud.com are all allowed through the proxy.
  I cannot see anoy other banned traffic with a web address I can unblock.
  I really just need to know what else I need to allow out via the proxy to get this working again? I'm guessing something has changed in Apple world as the proxy hasn't changed.
  Thanks

  Hi - did you have any luck with this? I have a similar problem, but only on a private APN through our proxy. I've managed to allow all the URLs to get the iCloud account registered for each device via the APN/proxy, but they do not appear on my icloud.com device view. If I remove the APN, therefore our network proxy is not used, it works fine.
  Thanks

• I am using a work laptop and have the same problem. When I try to change the "configure proxy", they only available option is "use this proxy server for all protocols". Could it be that my system administrator blocked me from changing it since they don'

  I am using a work laptop and have the same problem. When I try to change the "configure proxy", they only available option is "use this proxy server for all protocols". Could it be that my system administrator blocked me from changing it since they don't want us to use Firefox.
  == User Agent ==
  Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; FNGP_SYS)

  Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
  See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]
  If it does work in Safe-mode then disable all your extensions and then try to find which is causing it by enabling one at a time until the problem reappears.
  You can use "Disable all add-ons" on the ''Safe mode'' start window.
  You have to close and restart Firefox after each change via "File > Exit" (on Mac: "Firefox > Quit")

• Firewall/Proxy Server Issue

  I'm testing a new Flex/CF app. From my location it runs well
  on the production server. But from another location that is behind
  a Symantec firewall/proxy server, it runs unusably slowly. I'm
  using Flex remote object calls (Flash remoting) to communicate with
  CF. I don't know if the problem is related to that or simply
  something to do with Flash Player. Has anyone experienced this
  problem? I'm not a network administrator and am not familiar with
  Symantec firewalls so I'm not sure what to ask their network admin
  to try. Any advice would be greatly appreciated. Thanks.

  Did you add a new library in the project to include weblogic.jar from the WebLogic 6.1?
  What kind of a client is it?
  You can also try using the setting in the menu
  Tools | Preferences | Web Browser/Proxy
  to enable disable the proxy.

• Problem with socket connections through a proxy server.

  People,
  I set the system properties to use a proxy server so my application can fetch data from servers located outside my local network:
  System.setProperty("socksProxyPort", port);
  System.setProperty("socksProxyHost", proxy_addy);Then, when I attempt to stabilish a connection:
  s = new Socket(this.getHost(), port);It hangs.
  I appreciate any help since my available Java documentation is quite obscure regarding proxy servers.

  Is the proxy on another machine? Try it's IP. If
  not, replace 'proxy' with 'localhost'.
  - SaishYes, it is another machine.
              byte x[] = {(byte)aaa,(byte)bbb,(byte)ccc,(byte)ddd};
              s = new Socket(new Proxy(Proxy.Type.SOCKS, new InetSocketAddress(InetAddress.getByAddress(x), 8080)));
              s.connect(new InetSocketAddress(this.getHost(), port));Again, it hung.

• A new version of Firefox, which downloaded automatically, says Firefox is configured to use a proxy server that's refusing connections, even though I had access before the download.

  I was using Firefox earlier in the day with no problem. About half an hour ago I tried to get on the Internet using Firefox (as always). When I did, I was greeted with a little dialog box showing that something was downloading. That's happened before.
  This time, though, I was greeted by an error page that said Firefox was configured to use a proxy server that's refusing connections.
  I'm not on a network. I have a desktop computer that connedts to a wireless modem that I share only with my wife. I didn't change my settings on either. Neither did my wife.
  My "Connection Settings" box still says "use system proxy settings." There are no entries in the manual settings boxes.
  I want to emphasize that I changed *nothing.*
  I need to know, please, how I can set my computer to get back onto the Internet or, failing that, how I can go back to the previous version of Firefox.
  Thank you very much.
  Bob Murdich

  You can find the connection settings in Tools > Options > Advanced : Network : Connection
  If you do not need to use a proxy to connect to internet then select "No Proxy"
  See "Firefox connection settings":
  * [[Firefox cannot load websites but other programs can]]

• Adobe Reader 9.0 has delay when downloading PDF file through proxy server

  There is an issue with the Adobe Reader (and Acrobat) 9.0 PDF Link Helper ActiveX control for Internet Explorer (6 or 7) on Windows computers with respect to proxy servers. Due to this issue, there is a 2 minute delay for any Internet Explorer web browser on the Deere network before any PDF file will open from the Internet within the IE web browser if In-Place activation (Display PDF in Browser) is enabled in Adobe Reader 9. This problem does not affect Adobe Reader 8.
  What we are seeing is that when someone on the Deere network clicks on a links to a PDF file in the Internet, the PDF file downloads immediately. But then, after the PDF file is downloaded, the Adobe Reader 9 PDF Link Helper ActiveX control tries to talk directly to the Internet web site. The Adobe Reader 9 PDF Link Helper ActiveX control does not know how to negotiate our proxy server. So after a minute or two, the Adobe Reader 9 PDF Link Helper ActiveX control times out (gives up) and allows the IE browser to display the downloaded PDF file in the IE browser.
  We work around this issue by disabling In Place Activation for PDF files in IE (uncheck Display PDF in Browser). But we would like a fix for the PDF Link Helper ActiveX control.
  [HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Originals]
  "bBrowserIntegration"=dword:00000000
  [HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Originals]
  "bBrowserIntegration"=dword:00000000
  Here's what our proxy people see when they do a trace of a PDF file download through their proxy server with IE 7 and Adobe Reader 9 with Display PDF in Browser checked.
  The browser tells the proxy to download the pdf, it does and sends it to the browser. Before the browser opens it something in Acrobat ( or I.E. ? ) tries to make a connection back to the content server that hosted the pdf. Unfortunately this agent does not ask the proxy to make the request for it, but rather asks local DNS to resolve the Internet server name. This request dies because our internal private network does not know anything about the Internet. Only the DNS used by the proxy can resolve Interent names. After two unsuccessful DNS queries into the private network, the agent tries to resolve the same Internet name with NBNS ( netbios name service) queries again into the private network, with the same results. These requests persists for more than two minutes ( over 200 unresolved queries ). Then for whatever reason the agent gives up and the already downloaded pdf file loads into the browser.
  I have a TCP capture file if you want it.

  Hi,
  I have the same problem with some specific PDF files. For more than 90% it hangs when opening the file, but sometimes it works (with the same file).
  The workflows where it sometimes worked:
  a) Loading the PDF, the reader is started the first time and displays license dialog.
  b) The reader was already runing and file is loaded with Drag&Drop or File/Open in the Reader
  But most times it does not load.
  I could not find out which file is missing or trying to be opened. So I tried with the CP949.TXT.
  I found no CP949.TXT in Reader 8 installation, so I took it from the link, pasted into notepad and stored in the respective directory
  C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\
  Now it seems to work fine, opening PDFs with double click from exporer.
  But why did Adobe Reader 8 not have the TypeSupport directory at all?
  Even when having found a fix (hack?), I think I did not understand the cause of this problem.
  Regards,
  TheLastReader

• Firfox will not open. then it gives a message of proxy server not allowing connection

  Firefox will not allow me to open it. When I could open it, it tells me a proxy server is not allowing a connection.

  In Firefox 3.6.4 and later the default connection settings have been changed to "Use the system proxy settings".<br />
  See "Firefox connection settings" in [[Server not found]]
  You can find the connection settings in "Tools > Options > Advanced : Network : Connection"<br />
  If you do not need to use a proxy to connect to internet then select No Proxy

• There is a problem with the security certificate of the proxy server. Error code 18 and 38.

  Hi All,
  After several hours and a short night of sleep I'm out of ideas and hopefully someone here can help me trying to solve this one. First of all the situation:
  Exchange 2013 on a remote location with a CA-certificate.
  Outlook 2010 and 2013 on different locations, locally installed and on RDS.
  When I open Outlook on my laptop all is fine, no errors, good sync, no problem. But when I open Outlook on our Remote Desktop Servers with Outlook 2013 I'm getting errors like "There is a problem with the security certificate of the proxy server. The
  name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (Error code 18)". Opening Outlook 2010 the message is the same, but the error code now is 38.
  After this Outlook opens and is working, there's one more error though. After a while an security warning pops up with the message: "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the
  site's security certificate. * The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. * The security certificate is valid. * The name on the security
  certificate is invalid or does not match the name of the site."
  Strangest thing is, it is the certificate of my RDS! It isn't my valid en officially bought certificate from my mailserver. What's going on? I'm out of options, what I've tried so far (in random order):
  - restarting mailserver and AD;
  - restarting switches;
  - restarting routers;
  - restarting RDS, AD and all other servers;
  - bypassed proxyserver for RDS;
  - created a new profile;
  - checked recently installed updates;
  - checked certificate on mailserver;
  - checked RDS on a different location, working fine.
  Nothing helped, what can I do next? Please advice.
  Regards.

  Found a thread that solves half my problem (https://social.technet.microsoft.com/Forums/office/en-US/70d18244-889a-4d95-ac3f-e234672a82b2/there-is-a-problem-with-the-proxy-servers-security-certificate-error-when-starting-outlook?forum=exchangesvrclients).
  The first message can be suppressed by adding this to the Exchange config:
  set-outlookprovider -Identity EXCH -CertprincipalName msstd:webmail.domain.tld
  set-outlookprovider -Identity EXPR -CertprincipalName msstd:webmail.domain.tld
  Giving the command get-outlookprovider, gives me empty information regarding the certprinipalname. Filled
  this and after recreating the profile or deleting the ost-file I still have the second alert with the local certificate of my RDS.
  Not completely where I want to be, any help regarding the second alert is greatly appreciated!

• ITunes 10.6 and proxy server connection

  Hello,
  I was using iTunes, in a network enviroment with a proxy server, since yesterday when I updated it to 10.6 version.
  Troubles began...
  My IE settings about proxy server are correct, and my network admin did not change anything in out proxy configuration. Thus, I checked IE proxy settings, and they are ok (http://support.apple.com/kb/TS1470). Restared my PC, but iTunes after the login to my proxy server (NOT with appleid of course but with my network account - and it's works, I'm sure about it) cannot go on, with a 12002 error.
  So, IMHO iTunes 10.6 proxy support is broken...

  Ok...here's a workaround for Windows based computers.  Not an ideal solution but it works. For those of you on a corporate network, I highly suggest you get this approved before you implement it.
  You will need to download and install Cntlm Authentication Proxy. The link is...
  http://sourceforge.net/projects/cntlm/files/
  Once installed...find the cntlm.ini file located in the c:\Program Files or c:\Program Files(x86) folder and open it with notepad. Modify the following lines to match your network/proxy configuration...
  Username    
  Domain        
  Password
  Proxy
  Once you save the cntlm.ini file go to Services and start the Cntlm Authentication Proxy service...or you could simply restart the computer.
  The last step is to configure your browser to use the following address as a proxy server...
  127.0.0.1 port 3128 (3128 is the default listening port used by cntlm and can be changed in the cntlm.ini file)
  As I said, this is not an ideal solution as your network username and password are stored in the cntlm.ini file as clear text and if you ever change your network password you will need to change the cntlm.ini file as well. This is also why I suggest that those of you on corporate networks get approval for this before you install since this is a potential security risk. But this does resolve the proxy authentication pop up issue with iTunes and for anyone attempting to use Dropbox and having similar proxy issues this solution works for Dropbox as well.

• Using a Mac on windows network with a proxy server

  Hi I’m very new to Macs to apologies if this is a really silly question. I’m
  trying to setup a Mac on our network and I’m having an issue getting it to work
  properly with our proxy server. I have connected the Mac to the network and
  selected automatic proxy configuration in the network settings using the URL of
  our Pac file. I am asked for a proxy username and password when I initially try and
  access a website but once I have entered my credentials they are saved in
  keychain and anyone coming after me can browse using my account. I work in a
  hospital so there are many different people accessing different devices. We
  monitor and trace all users internet browsing so my question is can I configure
  the Mac to ask for proxy credentials for different users? On our windows devices
  a login box will appear if the browser has been closed and reopened. Can I do
  this with the Mac?????
  Any help you can offer will be very much appreciated.
  Thanks

  The short answer is that the IT department is a strict Microsoft shop and also incompetent. Almost everything in that message is patently false. Unfortunately, when accessing Microsoft Server services like this, you will need the support of the IT staff to tell you various settings to use. I think it is pretty clear that they have no intention of doing that.
  There is nothing "special" about bootcamp. It is just a boot loader. A Mac running Windows via bootcamp is a Windows PC, not a Mac. As such, it will work perfectly fine in the network. You could also try running Parallels. I believe Parallels can be configured to use a bootcamp partition so you could run Windows via either bootcamp or Parallels.
  One of the few things that is correct is that Apple does have to provide driver support for bootcamp and there is the possibility of random incompatibilities - but no more so than any other PC manufacturer. Parallels/VMWare may work around that with a different set of incompatibilities. Don't be too worried about this part. These "incompatibilities" are minor and almost always with funky hardware devices. What you want to do should work perfectly with either Parallels/VMWare or Bootcamp.