Credential rules stopped working
Mar 12 14 7:13 am
After the recent update to Wingate 8.1.0.4655 all of my credential rules seem to have stopped working.
The majority of my rules are setup with MAC address mapping to a particular user and assuming authentication.
I use my credential rules for clients like tablets.
My access rules are setup to force authentication for everyone except those users in my AD "Proxy Users" group.
I have attempted to delete and recreate the rules with no effect, I am still prompted to log in to the proxy.
Though the client is pointing to the proxy server both via the Default Gateway and proxy settings this still occurs on non-domain clients.
These clients automatically authenticated with no issues prior to the update.
I have attached masked screenshots of both my access rules and credential rules.
Please advise.
The majority of my rules are setup with MAC address mapping to a particular user and assuming authentication.
I use my credential rules for clients like tablets.
My access rules are setup to force authentication for everyone except those users in my AD "Proxy Users" group.
I have attempted to delete and recreate the rules with no effect, I am still prompted to log in to the proxy.
Though the client is pointing to the proxy server both via the Default Gateway and proxy settings this still occurs on non-domain clients.
These clients automatically authenticated with no issues prior to the update.
I have attached masked screenshots of both my access rules and credential rules.
Please advise.
- Attachments
-
- CredentialRules.JPG (62.05 KiB) Viewed 6664 times
-
- AccessRules.JPG (65.53 KiB) Viewed 6664 times
Re: Credential rules stopped working
Mar 12 14 10:14 am
Hi
which version did you upgrade from? Also, did you do anything like disable the DHCP service in WinGate?
Adrien
which version did you upgrade from? Also, did you do anything like disable the DHCP service in WinGate?
Adrien
Re: Credential rules stopped working
Mar 12 14 10:23 am
We updated from 8.0.5.4634 and have never used the DHCP server in WinGate as we have our own on the domain.
The only change to WinGate was the upgrade.
Additionally I forgot to mention that I am able to manually authenticate from these devices.
The only change to WinGate was the upgrade.
Additionally I forgot to mention that I am able to manually authenticate from these devices.
Re: Credential rules stopped working
Mar 13 14 12:15 pm
Hi
I checked the code, and there were no changes to anything related to Credential rules between 8.0.5 and 8.1.0
Normally making rules that match on computer name does not work unless WinGate is the DHCP server for that client - that's the only way WinGate learns that computer name (even if it seems to display the computer name in the activity screen, this is actually the reverse DNS lookup on the client IP which is not considered to be the computer name).
MAC address matching is normally based on either learned MAC from DHCP, or from querying the system ARP table when something connects to WinGate.
That's why I asked about DHCP.
You're certain these rules worked in 8.0.5?
Regards
Adrien
I checked the code, and there were no changes to anything related to Credential rules between 8.0.5 and 8.1.0
Normally making rules that match on computer name does not work unless WinGate is the DHCP server for that client - that's the only way WinGate learns that computer name (even if it seems to display the computer name in the activity screen, this is actually the reverse DNS lookup on the client IP which is not considered to be the computer name).
MAC address matching is normally based on either learned MAC from DHCP, or from querying the system ARP table when something connects to WinGate.
That's why I asked about DHCP.
You're certain these rules worked in 8.0.5?
Regards
Adrien
Re: Credential rules stopped working
Mar 14 14 4:19 am
Totally positive they worked, at least on the MAC rules.
Strangely enough the ones based on computer name seem to be passing at least ICMP traffic through the proxy.
I can't verify HTTP traffic on those because they are UNIX based NAS.
We are using the WinGate network driver to intercept traffic that cannot be programmed at the client (e.g. ICMP, FTP via Windows Explorer, etc.).
Otherwise I cannot think of anything else that could be causing this issue.
Strangely enough the ones based on computer name seem to be passing at least ICMP traffic through the proxy.
I can't verify HTTP traffic on those because they are UNIX based NAS.
We are using the WinGate network driver to intercept traffic that cannot be programmed at the client (e.g. ICMP, FTP via Windows Explorer, etc.).
Otherwise I cannot think of anything else that could be causing this issue.
Re: Credential rules stopped working
Mar 20 14 10:06 am
Hi
there were 2 ways WinGate used to get MAC address from a connecting client. It learns it when a client uses DHCP, but without that, it can consult the system ARP cache. When a computer connects to another computer, they must have resolved IP addresses to ethernet (MAC) addresses, and this is stored in the arp cache.
We have seen some cases where this doesn't seem to be accessible to WinGate however. Did anything change on that server, such as
* windows updates
* enabling of Routing and Remote Access service
* installation of any other network service?
Regards
Adrien
there were 2 ways WinGate used to get MAC address from a connecting client. It learns it when a client uses DHCP, but without that, it can consult the system ARP cache. When a computer connects to another computer, they must have resolved IP addresses to ethernet (MAC) addresses, and this is stored in the arp cache.
We have seen some cases where this doesn't seem to be accessible to WinGate however. Did anything change on that server, such as
* windows updates
* enabling of Routing and Remote Access service
* installation of any other network service?
Regards
Adrien
Re: Credential rules stopped working
Mar 26 14 5:43 am
Sorry, forgot to subscribe to this topic.
We do run Windows updates on a regular basis on this server, but nothing else has changed.
The system ARP cache shows the correct IP addresses for the devices that are giving us trouble and this mac address corresponds to the credential rule.
Those devices to seem to stay credentialed once I authenticate until I either hop to another access point or take the device home, and I have to authenticate again the next day.
I have tried overriding the credential adjustment to leave credentials intact but it only works intermittently.
As a test I have also overridden the credential timeout for those devices to the absolute max to see if that helps, but I won't know for a couple of days on that one.
Is this something that could possibly be related to a bad install and a reinstall may help?
We do run Windows updates on a regular basis on this server, but nothing else has changed.
The system ARP cache shows the correct IP addresses for the devices that are giving us trouble and this mac address corresponds to the credential rule.
Those devices to seem to stay credentialed once I authenticate until I either hop to another access point or take the device home, and I have to authenticate again the next day.
I have tried overriding the credential adjustment to leave credentials intact but it only works intermittently.
As a test I have also overridden the credential timeout for those devices to the absolute max to see if that helps, but I won't know for a couple of days on that one.
Is this something that could possibly be related to a bad install and a reinstall may help?
Re: Credential rules stopped working
Mar 27 14 4:21 am
The timeout override seems to be working for the time being.
I'll be happy to call that a solution seeing as how the probability of a device being off network for 4294967295 minutes is slim.
If anyone else comes up with a more permanent solution please advise, but thanks for the input.
I'll be happy to call that a solution seeing as how the probability of a device being off network for 4294967295 minutes is slim.
If anyone else comes up with a more permanent solution please advise, but thanks for the input.
Re: Credential rules stopped working
Apr 02 14 3:50 pm
Hi
sorry, and thanks for the update. I don't think reinstalling will make any difference.
Regards
Adrien
sorry, and thanks for the update. I don't think reinstalling will make any difference.
Regards
Adrien