Multiple wingate 7 issues
Apr 13 12 5:57 am
Hello,
We are trying to migrate from a linux based proxy to a wingate based one for better and efficient AD based control.
As a proof of concept we had wingate 6 running for quite some time with a few issues, but now that we upgraded to wingate7 and went live with it, several pressing issues are emerging.
1: The AD integration is not working properly, sometimes in the session viewer we only see the computers and not the clients themselves.(can be seen on image 1)
2:In the default dashboard , on the licenses /session gauges, there are 2 markers one indicating the number of licenses in use, another one with a red tip that is often trough the roof, what does that one mean?
3: When there are between 300 and 500 sessions (while the number of licenses is still way below our limit) , the proxy starts to act very strange, it either blocks access to all websites, or times out after a very long time (from the client computer pov).When that happens, i checked the usage, and the computer was nowhere near full load , also all cache options have been disabled. A screenshot of the activity panel (Image1) might help give you a hint on the problem
The computer running wingate is a physical quad core xeon computer with 4GB ram running windows 2008R2.
4: We often have a strange DNS error , users see this message :Host not found : name lookup for http://www.*** failed, while that same website is perfectly working if i use the server running wingate , and the strangest thing is that it is completely random, some sites might work, others don't.
5:Some secure websites doesnt seem to like the https passing trough wingate, the current most representative example is hotmail.
While gmail access is operational (for example) , hotmail loads and then gives an error message (see image2), if i remove the proxy, hotmail loads perfectly, so it is not a IE settings issue.
Image1:
Image2
Any help on these matters would be appreciated,
Kind regards,
Mike
We are trying to migrate from a linux based proxy to a wingate based one for better and efficient AD based control.
As a proof of concept we had wingate 6 running for quite some time with a few issues, but now that we upgraded to wingate7 and went live with it, several pressing issues are emerging.
1: The AD integration is not working properly, sometimes in the session viewer we only see the computers and not the clients themselves.(can be seen on image 1)
2:In the default dashboard , on the licenses /session gauges, there are 2 markers one indicating the number of licenses in use, another one with a red tip that is often trough the roof, what does that one mean?
3: When there are between 300 and 500 sessions (while the number of licenses is still way below our limit) , the proxy starts to act very strange, it either blocks access to all websites, or times out after a very long time (from the client computer pov).When that happens, i checked the usage, and the computer was nowhere near full load , also all cache options have been disabled. A screenshot of the activity panel (Image1) might help give you a hint on the problem
The computer running wingate is a physical quad core xeon computer with 4GB ram running windows 2008R2.
4: We often have a strange DNS error , users see this message :Host not found : name lookup for http://www.*** failed, while that same website is perfectly working if i use the server running wingate , and the strangest thing is that it is completely random, some sites might work, others don't.
5:Some secure websites doesnt seem to like the https passing trough wingate, the current most representative example is hotmail.
While gmail access is operational (for example) , hotmail loads and then gives an error message (see image2), if i remove the proxy, hotmail loads perfectly, so it is not a IE settings issue.
Image1:
Image2
Any help on these matters would be appreciated,
Kind regards,
Mike
Re: Multiple wingate 7 issues
Apr 14 12 11:17 am
Hi Mike
1. Showing usernames. For WinGate to show usernames, the users need to authenticate. this isn't on by default, since for various reasons, auth needs to be optional (since some clients don't handle it well, such as windows updates). So, policy / web access control is used to require authentication for sites requiring it (e.g. normally all those other than windows update and other update / certificate checking sites).
2. the red tip is the peak hold - shows the max value ever reached. If it's of the scale, you can adjust the scale of the gauge.
3. 300 - 500 sessions should be no trouble, I note there weren't any requests made though, since the description of the sessions is just http://. Are your clients doing anything out of the ordinary?
4. May be related to 3. WinGate uses its own internal DNS client for lookups. This client uses the same settings as your OS, so if your DNS settings for your LAN adapter use a DNS server, then so will WinGate. It's not uncommon if you have multiple DNS servers configured, that one or more may not actually be operational/usable. Can you check there aren't any DNS servers defined in your LAN adapters that aren't working? Note that for AD to work, the AD DNS server needs to be primary DNS. Does your AD DNS server support forwarding for internet name lookups?
5. https. We haven't had any issues with these sites, but do you have any policy blocking anything? It's possible some part of the site, or some site it redirects to is blocked.
You have your LAN browsers set to use the proxy correct?
Adrien
1. Showing usernames. For WinGate to show usernames, the users need to authenticate. this isn't on by default, since for various reasons, auth needs to be optional (since some clients don't handle it well, such as windows updates). So, policy / web access control is used to require authentication for sites requiring it (e.g. normally all those other than windows update and other update / certificate checking sites).
2. the red tip is the peak hold - shows the max value ever reached. If it's of the scale, you can adjust the scale of the gauge.
3. 300 - 500 sessions should be no trouble, I note there weren't any requests made though, since the description of the sessions is just http://. Are your clients doing anything out of the ordinary?
4. May be related to 3. WinGate uses its own internal DNS client for lookups. This client uses the same settings as your OS, so if your DNS settings for your LAN adapter use a DNS server, then so will WinGate. It's not uncommon if you have multiple DNS servers configured, that one or more may not actually be operational/usable. Can you check there aren't any DNS servers defined in your LAN adapters that aren't working? Note that for AD to work, the AD DNS server needs to be primary DNS. Does your AD DNS server support forwarding for internet name lookups?
5. https. We haven't had any issues with these sites, but do you have any policy blocking anything? It's possible some part of the site, or some site it redirects to is blocked.
You have your LAN browsers set to use the proxy correct?
Adrien