WinGate Forums

[kiwi007]

Hi,
I am having this particular problem on two installations of my Wingate.I have a medium sized network with 400 comps spanning three different locations.

I have tried solving the problem by going through some of the procedures that are been described in the forums but doesnt seem to solve the problem.

I can login to yahoo and hotmail,read emails delete emails etc..But when i try to create a new email it starts playing up.

Click on new email enter the details and click send sometimes it sends other times comes up with "Page cannot be displayed". Similar... when i try to attach something to hotmail initailly the page will half load and come up with a script error and stop. If i refresh it it loads up and allows me to attach(sometimes) .After all these hassles when i click send It wont go -again comes up with "Page cannot be displayed" .

Almost same with Yahoo webmail as well.Some of the users have reported problems with some forums as well.

The interesting fact is when i use a direct connection from the proxy server it works perfectly fine.I put on the proxy server back to square one.

I have tested it on a machine on DMZ directly connected to Internet (same connection as my two proxies) no problems...

I have been advising my users to use the company provided email for their purposes but seems to be not so effective.

I run a windows 2003 SP1,Wingate version 6.0.4 Build 1025- both the machines

Hope somebody might have come across the same situation.I am not even sure where to look for? I have disabled cahcing, increased timeouts etc etc ... no use... let me know where to move next....

[jamesc]

Two suggestions and a comment:


1. (Windows) Start menu --> Programs --> WinGate --> Advanced Options.

Please Uncheck "Use MSS checks and reductions" and "Analyse MSS"




2. Sounds like you may have a spare computer; can you install WinGate 6.1.1 and put a few users through it for testing purposes? If that is an option, please see section 2 of this knowledge base article to make sure your network adapters are correctly marked Internal / External.

http://support.qbik.com/index.php?_a=kn ... ils&_i=123





** This is not relevant to a solution for SSL problems, but I noticed you mentioned that it’s challenging to get the users to use the company email system. With WinGate 6.1.x+ you can combat that with the new PureSight 2 plugin; there are options to restrict web mail web site etc... I have added an image below of the different filtered categories.

[Pascal]

There is a known bug with HTTP POST request which could show up if you are using HTTP (NTLM or Basic) authentication. Do you require auth through the proxy?

[kiwi007]

James Thanks for the suggestions.I had already done that particular settings change which you asked me to do(Analyse MSS) .I found it on some of the other posts.It doesnt seem to work.

I am not using Puresight as of now.My subscribtion has expired.We may subscribe again after managerial decisions.

I am not sure I may be able to use my spare machine to install wingate .I may be able to build up a new one with windows as the spare one on DMZ is a Linux one.I may try this later.

Still the problem persists

[kiwi007]

Thanks Pascal.
Yes I am using NTLM authentication .So I guess I am in a fix now? Do you have any solution or patch for this?


Oh btw I just need to confirm where do I check for NTLM authentication? Is it in wwwproxy server -> Properties -> Policies-> Group-> Receipient ???

My users are from Active directory which is linked in users -> database options..

Thanks in advance

[Pascal]

No workarounds, although we do have a possible solution. James is the one regulating that at the moment :)

[kiwi007]

Thanks Pascal.Will wait for James to comment

[ekkas2]

I had similar problem behind Wingate on a multi-subnetted Wifi network. I set all WiFi routers' MTU from 1500(default) to 1460 (ISP DSL router setting) and that solved all webmail problems...

I hope this helps a bit.

[kiwi007]

James as per your advice on email I have tried the Wingate 6.1 and was working well.I tried upgrading the production server to the current version .Installation was succesful.But when i tried starting the wingate engine it was not responding.Tried everything no use.Since i had to brig back my production server up I uninstalled the wingate and re-installed.

This time Wingate started and allowed me to change the settings and configure it.As sson as i finished it and tried again the system again hung.

I am sitting in front of the test server now and trying to re isntal the whole system again.Any advices???

[kiwi007]

I have uninstalled the Wingate and reinstalled it again.(3rd time today)This time i did remove the registry settings completely using regedit.After reinstall the system started working .I started puting the configurations one by one.

I left it for a break for sometime came back again and tried logging in.Wingate is frozen again.I can put in password but after that wingate gives me a blank screen without any icons.

I am tired for the day.... Am i doing something wrong ?.The only configuration i did put before i went for a break was active directory authentication.

I am using a windows 2003 server.

Give me some idea to work forward....
Sujith

[Pascal]

Sorry, I'm a bit confused at the moment as to what the exact state of the system is. It sounds as if you've got WinGate installed and operational, but when you login with GateKeeper you get nothing displayed?

This sounds as if the user you have logged in with is not considered to be a member of the Administrator group (According to the AD, at least). (I.E. with insufficient permissions in WinGate to see activity / monitor / change settings, etc.)

Are you sure everything is synched properly?

[kiwi007]

I didnt know that the problem was caused because of access privilages.. Heres exactly what happens.I am using my own user name to log in to wingate.

I am a domain admin on active directory.After i saw your message i asked my manager who is having domain admin(Administrator username in AD) to log in to wingate using that password.It worked.

So I removed all the settings and started putting one by one again.(Active directory authentication) was the first one i put in.As soon as I put in the active directory authentiaction and the usernames comes on the user list my privilages in active directory or indirectly group memberships are not there.I checked the group user properties in wingate and found that I am not a member of any groups.Same goes with the other administrators on my network.Only domain admin remains.(Administrator user name in domain)

I tried adding my username to admininstrator user group through wingate not possible as well.

I am just wondering whats going on... ? Do i need to reinstall wingate again? That will be the fourth time on this machine.

Thank you
Sujith

[Pascal]

Refer to this, this, and this article. Double check that you've set the service to login to the domain with an account that has proper rights to synch.

I'll double check with Erwin on other issues with AD integration. A search for "active directory group" on the forum search throws up a few helpful results, but they all seem to revolve around the "WinGate engine needs to be logged in with an account that has Domain Administrator privilage" idea.

[kiwi007]

Hi its me again,
I didnt have any problems with installations of older versions so far.I never had to change any settings on any other server as well.My production server is just a proxy server .Nothing else inside it.No DHCP/NO DNS .Everything is pointing to a different server.

I did install this version to test on a win2k machine which is my mail server as well.It didnt give any problems at all .It is still working fine.

My production server is running 2003 with service packs.

I have checked the settings again .I have read through the three articles and didnt come across anything good.None of them solved the problem.Infact i did thought of changing the service account and did it to some account which we use on our network for backups.Now the wingate service is not starting up at all.I have to reinstall it now.

Is this particular version of wingate alright with 2003 ? I am wondering....I will go through the other docs in mean time.

Sujith

[Pascal]

I tried adding my username to admininstrator user group through wingate not possible as well

Just side thought on this; you cannot add the user to a different group using WinGate. You need to use the OS / AD user/group manager for that.

Effectively what seems to be happening is that your default account does not have sufficient rights to see anything in GateKeeper. So one of two things need to happen - you either need to give that user sufficient rights so it works with default policies. (Be a member of "Administrators") OR you need to login as a user with those rights and grant the additional policies to your administrative account as well.

[kiwi007]

Oh sorry thats not what i Meant.My user name is a already a domain administrator in AD .But in wingate i was not able to see that membership.(on the user properties-> groups).Well when i saw it- that was news for me.So went back and checked in AD and found that I had all the necessarry memberships just its not being shown in Wingate user panel.Similarly my other domain admins as well.None of their group membership was there in wingate but it was actually present in Active directory.
I just tried adding it using the wingate GUI .Nothing else .Just for checking .

Anyways I am re-installing this version again.

Let me see...

[Pascal]

Re-installing should not make a difference. Is the group you belong to Global?

[kiwi007]

Yes,Its a global group

[kiwi007]

I have just re - installed the wingate again.This time i didnt install ENS.I have put AD authentication and acess to services.I created a local user in my log in name with the same password (N/w Domain admin) before i did the settings change.I tried logging off and logging on.IT WORKED... Now wingate seems to be alright.( I think) atleast Its allowing me to log in .

I tried the Internet - doesnt seem to work.I have restarted wingate as well Still nothing.Its just giving me page cannot be displayed.

I have marked the adpaters properly (External/Internal) as well.But when i request a page the external adpater doesnt light up.Have to check now..

[adrien]

Hi

So without ENS it works?

Sounds then like WinGate ENS may be blocking something that the AD is relying on? Did you remember seeing any hits in the firewall tab in GateKeeper? I guess you can't even get that far....

Can you try logging in again as the Administrator username, and try turning the WinGate firewall off, then try logging back in with your own username (as long as you are a member of the group named "Administrators" - else default WinGate policies don't grant you much access).

Adrien

[kiwi007]

Adrien,
Sorry I was away yesterday.Just came back.

Yes without ENS the system works.I did try what you have told before.I was so desperate to make the system up.I was just guessing it may be firewall.There was no hits on firewall.So didnt do anything with it.

I can work on it for some time as i am having a second connection which my users are using.I havent touched the wingate on that.

I checked the wingate just now.. I can log in and view everything but no Internet yet.

Quick Question .. Why Wingate is not checking my external connection when i request for an Internet page.The external connection doesnt light up.

My Connection settings are as follows.

Internal

IP 192.168.0.116
Gateway 192.168.0.11
DNS - Nothing

External (To router)

IP 192.168.10.45
gateway 192.168.10.254
DNS 192.168.10.254

Both are fixed.Internal is reserved on DHCP.

What my guess is Wingate still cannot find out where Internet is ? I have marked both internal and external connections ..

[Pascal]

Try removing the gateway from the internal adapter ...

[kiwi007]

Try removing the gateway from the internal adapter ...Tried .. Didnt work..

But Made it work.. as I thought wingate is confused where Internet is .What i did was very simple .Logged on to the proxy and disabled the internal adapter.Tried connecting to Internet (without proxy first).IT WORKED... Then changed the proxy on IE to localhost and tried again
Wingate started sending the requests to my router and got connected to Internet.

After that I enabled the Internal adapter and changed my proxy in IE to the internal IP address.Works fine....I guess this is a routing problem.I wont have any idea where to check for..? Do i need to modify anything in the wingate?I guess I will have to do this excercise each time I restart my proxy.


Right now my collegues are checking the stability of this verison.Will let you know the progress..

[kiwi007]

CORRECTION.... wingate is working but the routes have turned back again.It seems like wingate is checking for Internet again in the internal adapter.....NO INTERNET.... wondering whats happening? Checked my routes cannot find any problem???

[MattP]

Hi Sujith,

It seems that things have become a little confused with your system. Would you like us to remote in and check your settings with you? Do you have skype? It's a free install if you don't already have it, and you can set up an account for free, just download it here, http://www.skype.com.

You say that you were not able to log in as a Domain Admin, did you select the Operating System user database when you reinstalled? If not, then you would have to log in to GateKeeper as Administrator with a blank password. If you did select the OS database then you'll need to log in as the machine administrator, then set the user database settings to connect to a remote user database. After you synchronise the user database you should be able to log in as your AD user.

You should not have a default gateway set on your internal adapter, just the IP address and the subnet mask.

Your external adapter should have an IP address, subnet mask, default gateway and DNS server set.

On the network tab in GateKeeper you must set your LAN adapter to internal and your internet adapter to external.

Please check your binding policies in the WWW proxy, make sure that you have a binding policy to bind to the internal adapter and the localhost adapter, you should not bind to the external adapter.

I see that your LAN adapter and your internet adapter are both on the same subnet, this will cause problems for NATing. Is the WinGate server in a gateway situation on your network? If you look at the installation guide does your network fit scenario 1/2 or 3?

Thanks,

[MattP]

Sorry, Paz just pointed out that your internal and external subnets are different, sorry about that.

[kiwi007]

Matt Its Scenario 2 ...
Do you really think having same subnets will haev a problem.Because I have a second installation of wingate(old version) running on a different server with same subnets on both the Internal/external adapters.Seems to be working perfectly fine.That one also works on Scenario 2.I will set up skype on my computer and pass the name to you soon.


Sujith

[Pascal]

Matt Its Scenario 2 ...
Do you really think having same subnets will haev a problem.Because I have a second installation of wingate(old version) running on a different server with same subnets on both the Internal/external adapters.Seems to be working perfectly fine.That one also works on Scenario 2.I will set up skype on my computer and pass the name to you soon.

If, like in your example setup above, you have a default gateway on both adapters most assuredly. How will the system know where to send traffic to?

"Is 192.168.0.10 through this interface or that one? Both are telling me it goes through them ... "

Our routing primer which you can find here is good reading. Adrien wrote it some time ago but it's an excellent resource .

[kiwi007]

Pascal ,I didnt quite get you..If i have... I am ready change the subnets if it is required.But I may need to get someone to change the subnet in my router as well.But why was it working before???

Well anyways I have downloaded the routing primer will read through it now.. But anyways heres my skype id .. sujithjp and I am online

Regards
Sujith

[kiwi007]

Pascal,
I did go through the Network Primer.. it was informative.I deleted some of the routes and added some new and it seems to be alright now.I guess some of the routes that i found was learned routes when the proxy was down.
I have found only one problem now.The Internet seems to be a bit slow rather than when i connect directly.I am not sure whether its my service provider.
Will keep in touch..