WinGate Forums

[Dominik]

I have new installation of WinGate 6.03 on Windows 2000 pro and annoying problem because after few hours when computer had started Wingate always stop and freezing. Then I restart service (qubik wingate engine) and for a one or few hours Wingate is stoped. System Windows work properly but every computer is unable to connect internet.
I notice that the problem occur when roughly more then 8 people are trying to connect to internet.

Best regards
Dominik

[adrien]

Hi Dominik

Do you have any other firewall software installed on this machine as well?

Also, do you have any antivirus software installed on this machine. If so, make sure it is not scanning the WinGate log directories, or history files.

Adrien

[Dominik]

Yes, I have antivirus but the problem occur before I have install antivirus. I haven't got other firewall. Anyway I will do what you suggest and write about result.


Dominik

[Dominik]

hi

I did all what you suggested but it nothing changed. Wingate are stoping and freezing 3 or more times a day.

Dominik

[Pascal]

What can you still do at that time? Does the WinGate machine have access to the internet?

Can your clients resolve DNS?

How are your clients configured to use WinGate? (NAT/Proxy/Intercepted NAT/WGIC)

[garrettogorman]

I have the same problem but I am baffled. I have a Wingate server setup on a Windows 2000 Pro workstation with a connection to an ISP through a Netgear firewall. I have the connection coming into the Wingate machine onto a NIC of address 10.0.0.1 and a second NIC going to the LAN on 192.168.0.1 going to the LAN. Everything appears to work fine initially but after about an hour internet access stops working on the client machines.

This issue sound similar to what you were experiencing and a solution would be well appreciated.

Regards,

Garrett

[Pascal]

From the sound of all the cases here it seems as if it is not a deadlock. (If you can still stop and start the Engine and login with GateKeeper it's unlikely to be a deadlock)

One thing we have seen a few times is that when a DNS Server fails to respond for a while / sends bad responses it gets pushed back to the queue of available DNS Servers. (Rough explanation) Generally, we have seen better behavior when you have a manually entered DNS server.

That's why it's important, when you experience a problem like this, to test to see which bits of connectivity is lost. For example, if you can still resolve DNS from the clients that is likely to not be the problem and you don't need that. If you can still check email / telnet / ftp then generally WinGate is still running, not deadlocked, etc. That might indicate that the problem is only WWW related; in which case that would be the area to investigate.

So,

* Can you resolve DNS at all from the clients?

* Can you ping a machine outside of the network? (Only if you're using NAT / Intercepted NAT)

* How do your clients connect to the WinGate Server? (Direct Proxy / WGIC / NAT / Intercepted NAT)

* Do you still have internet access from the server at the time? (Sounds like you do, but want to confirm that)

[garrettogorman]

The LAN setup I am using is Windows 2000 Server with DNS in active directory, I then have a dedicated machine with a connection to the internet on a different subnet using a firewall router using the DNS of the ISP etc.

I have a second network card in the machine with all the internal LAN settings and Wingate installed between to connect the 2 networks.

The clients are using a Proxy setting in their browser pointing to the Wingate machine and they seem to work fine for about an hour. All activity is registering in wingate and all appears to be well for about an hour.

Garrett

[Pascal]

Two things to try - as in other posts; can you still resolve DNS from the clients? If you set a client's DNS Server to the WinGate machine; can that resolve? (For example, run nslookup, set the server and run a lookup -

C:\Documents and Settings\Pascal>nslookup
*** Can't find server name for address 192.168.13.1: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.13.1

> server 192.168.13.1
Default Server: [192.168.13.1]
Address: 192.168.13.1

> bob.com
Server: [192.168.13.1]
Address: 192.168.13.1

Name: bob.com
Address: 66.151.148.168

Secondly, can you enable full logging for the WWW Proxy Service and the DNS Service, please? Note the time when the problem occurs and either email (Or post here) with details from the log files. I suspect that will give us a socket error / a good indication of what might be causing this.

[Pascal]

When the issue occurs Internal DNS can be resolved as normal but nothing beyond the wingate machine. I can ping the LAN adapter on the Wingate machine but not the External adapter or anything beyond it.

The Wingate machine itself can work away and connect to the internet without any issues.

Just trying to wrap my head around this. Your clients are running AD. That server will forward any unknown records to WinGate. WinGate will pass any other requests on to the machine with the dedicated internet connection.

Is that roughly correct? I'm going to have to chat to the rest of the dev team but having those logs will be useful.

[garrettogorman]

The server doesn't enter into the equation at all, the clients have a setting in their browser that points to the Wingate machine as their proxy server on port 8080. All internet requests go to the proxy, all network requests go to the LAN server oblivious to the outside world.

Summary

Server IP
192.168.0.200
255.255.255.0
no gateway

This server is the Domain controller and the DNS server for an active directory LAN

Firewall Router
10.0.0.1
DNS etc is got from ISP



Wingate Machine

External Adapter
10.0.0.2
255.0.0.0
10.0.0.1

Internal Adapter
192.168.0.2
255.255.255.0
192.168.0.200

All machines except the wingate machine have a proxy address in their browser for the Wingate machine on 192.168.0.2:8080

[garrettogorman]

I have enabled logging.

It appears that there is still access to a couple of sites while everything else is blocked. Restarting the engine fixes it straight away but it stops working again about an hour later.

Garrett

[Pascal]

From what the logs tell me (Do you have full debug logging on for the DNS / WINS Resolver?) the problem comes in resolving DNS.

It seems to run fine for a while, but then stops. (Which is why I've been bugging you so much about DNS). This normally happens in an AD environment - and usually when there is a form of DNS loop.

I can't see from your list of IP's etc. which machines are DNS Servers for which (Except knowing that 192.168.0.200 is the DNS Server - but does that include the WinGate Server? Does it point back to the WinGate Server for external lookups? Etc.)

However, that would be the thing to look into. If you go into the start menu, you will find a program called "Advanced Options" in the WinGate Folder. It has a tab for DNS Servers. These are Servers which are ignored by WinGate when making lookups. If you add your AD Server there, WinGate will not use it when looking up names. (It's ignored).

That is specifically to cut out DNS loops.

[garrettogorman]

From looking at the logs I noticed that there is a DNS resolution problem in the reverse lookup zones for the AD domain controller, this seems to be what is causing the issue. I also noticed that it is when this server is queried that Wingate stops responding.

The information you have given me for excluding that server from the DNS lookup in wingate should sort the problem.

Thanks

Garrett

[angminglee]

From the sound of all the cases here it seems as if it is not a deadlock. (If you can still stop and start the Engine and login with GateKeeper it's unlikely to be a deadlock)

One thing we have seen a few times is that when a DNS Server fails to respond for a while / sends bad responses it gets pushed back to the queue of available DNS Servers. (Rough explanation) Generally, we have seen better behavior when you have a manually entered DNS server.

That's why it's important, when you experience a problem like this, to test to see which bits of connectivity is lost. For example, if you can still resolve DNS from the clients that is likely to not be the problem and you don't need that. If you can still check email / telnet / ftp then generally WinGate is still running, not deadlocked, etc. That might indicate that the problem is only WWW related; in which case that would be the area to investigate.

So,

* Can you resolve DNS at all from the clients?

* Can you ping a machine outside of the network? (Only if you're using NAT / Intercepted NAT)

* How do your clients connect to the WinGate Server? (Direct Proxy / WGIC / NAT / Intercepted NAT)

* Do you still have internet access from the server at the time? (Sounds like you do, but want to confirm that)

hi,

i am actually a newbie in proxy server...recently my client has encountered some problem with their wingate 5.23. Once every few hours all the computers in the network will not be able to surf like what you mentioned in your post. However other services like e-Mails are still running. I never tried pinging other computers externally though.


when this happens i also could not login to wingate. Everytime i login i will just get the message that i could not login and "Socket Error : Out of Buffer". I also found that some NICs that has flow control will cause this. My adapter is a CNET Pro 2000 for LAN and D-LINK DFE 530TX for WAN which doesn't have the mentioned options. I am running Windows 2000 SP4 patched.

is there any resolutions to this problem?

thanks

[Pascal]

Try upgrading to the latest version. You can use any purchased 5.2.3 license with the latest versions of WinGate.

[angminglee]

Try upgrading to the latest version. You can use any purchased 5.2.3 license with the latest versions of WinGate.

is that the only way??? if i could consider an upgrade then is it possible to backup the settings in my current 5.2.3 cos i am not that familliar with Wingate as i am new to it.

other than this could that be any other ways to solve my problem??? truth it was running fine since yesterday before i tried to meddle with Wingates port redirectory service under the plug-ins -> extended networking. i only added a rule to redirect port 21 to another FTP server on my network. It never worked and i gave up. Then this problem occured. Any ideas wat went wrong? i never touched anything else but i did browse through some options though.

Thanks for the prompt reply anyways Pascal.

Thanks again.

[Pascal]

The problem could be related to a bug in 5.2.3. It is quite an old version and we've updated it a lot since then; including fixing problems like the one you are describing.

If you are new to the software, it might be the best idea to work with the latest version, rather than with an old edition.

[angminglee]

The problem could be related to a bug in 5.2.3. It is quite an old version and we've updated it a lot since then; including fixing problems like the one you are describing.

If you are new to the software, it might be the best idea to work with the latest version, rather than with an old edition.

ok Pascal, let's say i am going to upgrade...is there anyways i could back up my 5.2.3 settings?? if not what settings is important for me to record down...there are currently nothing special on the server except for an FTP and e-Mail server... which runs on the default ports...

thanks

[Nev]

ok Pascal, let's say i am going to upgrade...is there anyways i could back up my 5.2.3 settings??

Hi,

You can save Wingate's registry in that version:

Options --> Advanced --> Save Registry Settings

That way later, should you have difficulty, just import the previous registry for Wingate and start the Wingate engine to return to the prior state.