Authentication, Stability problems

[midnightbomber]

I have been experiencing serious stability problems with wingate for the last two years from version 4.2 all the way up to version 6.03.1005 which i currently have installed. I have a 5.0 licence for unlimited users (Enterprise licence for version 5.0) I use the WGIC to control client access based on NTLM authentication. The wingate server is set to synchronise accounts with the domain. I have had wingate (all versions used) installed on a windows 2000 domain controller (now with SP4) using 512MB ram on a P4 1.8Ghz system. The wingate service normally locks up after a few hours of use. After reading your forums, I tried deleting the history files, changing the cache setting to prevent purging, adding faster hard drive for cache and log files, reconfiguring symantec antivirus corporate to avoid scanning any wingate directories and even uninstalling symantec AV corp. I have been able to keep the wingate server running consistently for a maximum of 5 days. Now with version 6.03 I decided to demote the wingate server to a member server and use another server for account synchronisation. This setting was present prior to the upgrade to 6.03. I was hoping that removing any other responsibility from this server would assist in getting a stable wingate solution.After demoting the server, I was initially locked out of gatekeeper. After changing the administrator password in the registry and adding the administrator account back to the administrators group I was able to log in as administrator only to find that all the users and groups which were previously synchronised no longer existed in wingate. I then checked the user database settings in gatekeeper only to find the option for "Use remote database" is for "Enterprise only" versions of wingate and is grayed out. Considering that paid for an enterprise licence and used that to upgrade to version 6.03 in the hopes of getting a reliable, working proxy server I am now wondering what is going on?
I am very close to uninstalling wingate and switching to another product. The only reaason i have kept it thus far is the integrated NTLM login feature which allows me to restrict access without required my users to login twice. However, this feature alone cannot justify the problems I have experienced with this product.
To summarise, I need:
1. a working internet sharing server which will allow users on my WAN to access internet.
2. a solution which will not require multiple logons by my users (single sign on is a network goal)
3. a solution which will not require restarts 2-3 times a day. A reliable server should not crash or lockup and definitely not as often as it does now.
If you can assist please do as this is critical to my company's operations at this point.

[Pascal]

I've looked through your previous posts. Most seem to detail particular setup questions, but nobody's actually asked the right questions about what you are seeing with the crashes, etc.

This could quite potentially be something very easy to sort out, as I know on our network we're using WinGate for all our gateways and servers and they run unattended for months on end without reboots or any of that.

So, what form does the crash take:

Is it a blue-screen? If so, do you have the crash-dumps available or the BSOD text that was on-screen?

Is it a crash of the service? If so, are there any error messages displayed on-screen or do you have anything in the System Event log that would give us some more clues?

Is it a lock-up of the application itself? This would be visible in a loss of Internet connectivity. If that occurs, you would also be unable to log in with GateKeeper. If this is the case, have you enabled Deadlock Detection? There are instructions for that on the forum, but you can use the "Advanced Options" tool on the Start Menu to configure that as well.

Additionally:

Do you see any abnormal resource utilisation at the time? For example, high memory / virtual memory use or even insufficient free space on the disk itself. (Kalvos has a problem where when his swap file has grown to the point where it consumes the entire harddrive, he has a crash)

That should get things started at least; let's get this problem resolved for you asap.

[midnightbomber]

I have not noticed any unusual CPU or memory activity associated with the wingate lockups. There are times when wingate memory usage goes above 400Mb and the system continues to run. CPU usage sometimes spikes above 80% for wingate but this does not always cause wingate to hang. When it does hang we lose internet connectivity for web sites first. SOCKS usually continues to run. At this point attempting to log into gatekeeper give an "incorrect username or password" error and I have to restart the wingate service. I have tried deleting the history files and restarting the service without success. I also relocated the log files and cache to my data hard drive for added access speed but I have not noticed any difference. After upgrading to ver 6.03.1005, I read the forum post about the deadlock detection setting. This seemed to help for a few days (the server did not lock for 3 days) but things have gone back to normal. I decided to start fresh. I wiped the boot partition, reinstalled windows 2000 server w/sp4 and all required updates and reinstalled wingate this morning. I now have two issues which I never had before

1. I have not been able to get the SMTP Server to receive mail and forward it to my Exchange server which is on another machine.

2. I use Active Directory/Domain Accounts in wingate with the WGIC on client machines. I have a user group called internet which has access rights to the WWW and SOCKS proxies. This has allowed me to control usage in the past. However, after the reinstall, my users are being refused authentication. I checked the history and although the user name is correct in all cases the wingate username is showing as guest for all.

I can send my configuration/registry settings if you give me an email address.

[midnightbomber]

I have a fixed 768Mb swap file on my boot partition and a second 1024Mb swap file on my data drive. The usage has rarely gone past 1024Mb total swap file usage.

[Pascal]

cause wingate to hang. When it does hang we lose internet connectivity for web sites first. SOCKS usually continues to run. At this point attempting to log into gatekeeper give an "incorrect username or password" error and I have to restart the wingate service. I

That definately sounds like a software lockup. Those are very rare these days, as WinGate has code built-in to detect deadlocks and we've been fairly dilligent in removing any we find. Can you enable deadlock detection using Advanced Options please. Then just run WinGate as per normal until such a time as it locks up again. At that point, it should have created a log file in the WinGate folder which you'll need to email to me.

1. I have not been able to get the SMTP Server to receive mail and forward it to my Exchange server which is on another machine.

Do you get any particular error messages? Are your network cards marked as internal/external correctly, etc.?

The first thing to check would be that the server is started and listening on the correct port. (Double check that there are no port conflicts, etc.) You can use "netstat -an" to check if the WinGate machine is listening on the appropriate ports, etc.

2. I use Active Directory/Domain Accounts in wingate with the WGIC on client machines. I have a user group called internet which has access rights to the WWW and SOCKS proxies. This has

Make sure that the WinGate Service (OS-Level) is logged in with sufficient rights to be able to authenticate against the domain users. After a re-install, that's the most common thing people miss.

I can send my configuration/registry settings if you give me an email address.

Email address is in my profile. It's pascalv-at-qbik-dot-com.

[saubrey]

I had most of the same stability issues as you from 4.x thru 6.x. Prior to 6.03, WG would run for only 3 – 10 days before it stopped working and required reboot of my Win2k server. With 6.03 I had the same problems until I scheduled Kaspersky antivirus updates to run only once a day at a time when there was no WWW activity. It seems that if Kaspersky update runs when there is WWW activity, then the WG WWW proxy will fail (other WG services continue to run, but WWW proxy fails). Qbik confirmed that this is a bug in WG 6.03 (and probably prior versions).

Now that said, I still get random crashes of WG or WG WWW proxy refuses connections, although much less frequently than before. In the past three months, after re-scheduling Kaspersky updates to a non-active time, WG has crashed two times and the WWWproxy has refused connections once. The event log had the following entry with the most recent crash:

The Qbik WinGate Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action.

I do not know why this happened, other than client computers were using the WWW proxy and NAT at the time.

Over the past three months my usage has been:
9 days – WG crashed...Win2k continued to run. Voluntarily restarted WG
11 days - WG WWW proxy refused connections. Stop/Restared WG
40 days – Voluntarily rebooted computer to apply Critical OS patches
12 days – WG crashed…Win2k continued to run. Voluntarily rebooted Win2k
20 days - Voluntarily rebooted computer to apply Critical OS patches

I know that my post isn’t really helpful other than to corroborate your problems