Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Aug 31 04 7:31 pm
Hi,
Ever since we installed version 6.0.1 of WinGate on our server that was also running MDaemon mail server, the machine has become highly unstable (it has already crashed twice in the last hour or so) and wingate is behaving strangely, often not working at all. One of our networking consultants told us that the problem was due to a conflict between MDaemon and WinGate and we should ideally be running the two on separate servers.
Is this true? Is there no way to make the two apps work harmoniously? Because investing in another server just to make the proxy work seems to be pretty ridiculous.
Any ideas would be more than welcome.
Regards,
Ani.
Sep 01 04 1:08 am
What type of conflict did the networking consultant indicate it was?
At the simplest level, it could be a port conflict - but then you'd see no bindings, etc. in WinGate (Or MDaemon). A simple netstat -ano should indicate which process is using which port.
Sep 01 04 1:28 am
Pascal wrote:What type of conflict did the networking consultant indicate it was?
At the simplest level, it could be a port conflict - but then you'd see no bindings, etc. in WinGate (Or MDaemon). A simple netstat -ano should indicate which process is using which port.
When we removed the MDaemon system service, then WinGate worked fine, but the moment we start MDaemon, the machine simply dumped. So now we have installed the two apps on 2 separate servers.
Ani.
Sep 01 04 11:01 am
Hi Ani,
Was it an actual blue-screen? If it was and you can remember the name of the module that caused the problem, that would be appreciated. Then we can investigate and see what we can do to resolve this.
Thank you,
Sep 01 04 4:14 pm
Pascal wrote:Hi Ani,
Was it an actual blue-screen? If it was and you can remember the name of the module that caused the problem, that would be appreciated. Then we can investigate and see what we can do to resolve this.
Thank you,
Hi Pascal,
Yes the blue screen did appear but for just a second or so and the machine rebooted. So It was not possible for us to identify the problematic module.
Now we have moved the Wingate server to a different machine, but we see that it is using a huge amount of system resources. The machine has a Pentium 4 3.06 Ghtz processor with 1 GB memory and it's running Windows 2000 Server. Whenever the number of connections to wingate reach the 25 or 30 mark, the system slows down to a crawl. In fact, I just came to know that the machine rebooted on its own once last night! This was the first time that something like this has happened, so I am quite sure that the cause is WinGate. What is the recommended system configuration for a machine that is handling around 30 to 35 users on wingate?
Regards,
Ani.
Sep 01 04 4:25 pm
Are you using any datascanning plugins or other firewalls / NAT solutions, etc. on that server? What type of external connection do you have ?
I've just had a quick look through the other posts, and notice you had serious problems getting ENS to start before. Was that the case on this new machine too, or did that work straight off the bat?
I think there is a list of recommended hardware specifications in the helpfile, have a look in there. However, 25 to 30 users should run easily on that machine. If I'm not horribly mistaken, our primary gateway is only a PIII 1ghz with 256MB of RAM and that serves our entire network along with a few VPN nodes.
Sep 01 04 4:32 pm
Were any resources out of the ordinary? (Handles, threads, phys. memory or virtual memory)
Sep 01 04 4:43 pm
Another point that Adrien just made. It could potentially be a loop between configured servers. Check the traffic when your users are connecting, etc. and see if anything appears to be excessive. (Like for example a thousand DNS requests at once from one host).
Sep 01 04 4:50 pm
Pascal wrote:Are you using any datascanning plugins or other firewalls / NAT solutions, etc. on that server? What type of external connection do you have ?
No plugins installed.
No firewall/NAT solution.
We use a wireless internet connection provided by our ISP. The structure is like this==>
ISP --- wireless connection ---> ISP provided modem at our office ------> Router ------> DLink Switches ------> Proxy Server + Mail Server ------> LAN.
I've just had a quick look through the other posts, and notice you had serious problems getting ENS to start before. Was that the case on this new machine too, or did that work straight off the bat?
Yes you are right. When we installed WinGate on the previous server, we had major problems in the beginning. Nothing was working in fact. Then things started to fall in place one by one. By the time we got everything online, the server crashed and we decided to move WinGate to a different server. This time round, we were wiser (:-)) so the installation went fine.
I think there is a list of recommended hardware specifications in the helpfile, have a look in there. However, 25 to 30 users should run easily on that machine. If I'm not horribly mistaken, our primary gateway is only a PIII 1ghz with 256MB of RAM and that serves our entire network along with a few VPN nodes.
Yeah, that's what we think too, so we were really concerned when the server became unstable after the WinGate installation. We have got in our hardware specialist also to check if there is anything wrong with the machine, but since the server is quite new, there shouldn't be a problem there. Let's see.
Regards,
Ani.
Sep 01 04 4:58 pm
Pascal wrote:Another point that Adrien just made. It could potentially be a loop between configured servers. Check the traffic when your users are connecting, etc. and see if anything appears to be excessive. (Like for example a thousand DNS requests at once from one host).
We have not noticed anything excessive as yet, but the only thing that we can see is that when the connections reach the 25 or 30 mark, the CPU usage shoots up to 100% for a couple of seconds and then returns to normal... Even after that, there is tremendous fluctuation in CPU usage, especially when the Activity tab in Gatekeeper is on. The server has been working fine since the time most of our staff members left for the day yesterday (and there were almost no active connections to wingate). This morning, now that people are beginning to return to work, let's see how it goes.
Regards,
Ani.
Sep 01 04 7:28 pm
Hi
Are you also running any other AV products on that machine?
WinGate makes many disk accesses, and an AV product that scans a file on change can cause major problems if it is scanning the files in the WinGate directory.
Are you using Kaspersky AV for WinGate?
Sep 01 04 7:37 pm
adrien wrote:Hi
Are you also running any other AV products on that machine?
WinGate makes many disk accesses, and an AV product that scans a file on change can cause major problems if it is scanning the files in the WinGate directory.
Are you using Kaspersky AV for WinGate?
We are using Symantec Anti-Virus Corporate Edition 8.
Regards,
Ani.
Sep 01 04 9:18 pm
OK
It would be a good idea to configure the Symantec AV not to scan the WinGate directory and subdirectories then.
Otherwise, especially when log files get bigger, each time a log entry is made to a log file, the AV will scan the file. This can happen hundreds of times per second, so the overhead of AV scanning log files each time they are updated becomes crippling. Same with the WinGate history files and cache directory.
Adrien
Sep 01 04 9:32 pm
adrien wrote:OK
It would be a good idea to configure the Symantec AV not to scan the WinGate directory and subdirectories then.
Otherwise, especially when log files get bigger, each time a log entry is made to a log file, the AV will scan the file. This can happen hundreds of times per second, so the overhead of AV scanning log files each time they are updated becomes crippling. Same with the WinGate history files and cache directory.
Adrien
Okay, but I hope this won't have a negative effect on the level of virus protection of the server.
Regards,
Ani.
Sep 01 04 9:41 pm
If you want to take a more cautious approach, start by excluding the logs directory, and the history.dbf and history.cdx files in the WinGate directory.
This should have a huge positive impact on performance, and these are basically data only files which can't really be infected by viruses.
It could feasibly be useful to scan the cache directory for viruses, but by this time, the client browsers have already downloaded the files, if you want to scan web traffic, you are better off installing the Kaspersky AV for WinGate plugin. There is a free 30 day trial available for this if you wish to test.
Adrien
Sep 01 04 10:09 pm
adrien wrote:If you want to take a more cautious approach, start by excluding the logs directory, and the history.dbf and history.cdx files in the WinGate directory.
Okay.
This should have a huge positive impact on performance, and these are basically data only files which can't really be infected by viruses.
It could feasibly be useful to scan the cache directory for viruses, but by this time, the client browsers have already downloaded the files, if you want to scan web traffic, you are better off installing the Kaspersky AV for WinGate plugin. There is a free 30 day trial available for this if you wish to test.
Adrien
There you go again... buy something to make something I have already bought work better! hehe! Thanks for the suggestions! I'll surely consider it if nothing else works.
Regards,
Ani.
Sep 01 04 10:27 pm
of course :)
Actually if the Symantec AV intercepts HTTP connections (not sure how this one works), then it may be scanning web traffic on the way into WinGate anyway if WinGate's WWW proxy is coming into play (i.e. by clients using proxy directly, or by transparent proxy interception of web traffic).
Adrien
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.