hi,
i having a problem which is i cant access to the https website like hotmail account,bank account site.
i already open the port 443 to accept the connection but still unable to solve this problem. for your information, i;m now using wingate version 6.
10q
cannot connect to https page!!!!
Moderator: Qbik Staff
31 posts
• Page 1 of 2 • 1, 2
by Pascal » Aug 04 04 8:20 pm
Are you connecting through a proxy, using NAT or using WGIC ? If you are using a proxy, try specifying the port in the WWW Proxy Service on the HTTPs tab. (Not 100% sure if that's what you've done)
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by nick_mcruk » Aug 05 04 11:16 am
HI,
I have the same problem, using wingate 6, no user can connect to any https site. I am using WGIC and the traffic routes through the www proxy.
I havent yet tried specifiying a port in the WWW Proxy Service https tab, which port number(s) do I need to specify?
I have the same problem, using wingate 6, no user can connect to any https site. I am using WGIC and the traffic routes through the www proxy.
I havent yet tried specifiying a port in the WWW Proxy Service https tab, which port number(s) do I need to specify?
- nick_mcruk
- Posts: 16
- Joined: Feb 26 04 1:05 pm
by nick_mcruk » Aug 06 04 12:56 am
I have tried specifying port 443 but this had no effect. Also tried the 'allow any port to be connected' option but it is still not allowing access to https pages.
Nick
Nick
- nick_mcruk
- Posts: 16
- Joined: Feb 26 04 1:05 pm
by nick_mcruk » Aug 06 04 10:31 pm
At the moment, all clients using WGIC and web traffic routes through the www proxy. I have a seperate problem which has been unresolved for some time with enabling the ENS and using the NAT, which prevents all connections so I have kept this disabled.
Thanks
Nick
Thanks
Nick
- nick_mcruk
- Posts: 16
- Joined: Feb 26 04 1:05 pm
by semihbattal » Aug 07 04 3:58 pm
Hi, We use NAT and had the same problem with https pages after switching to Version 6. Checking the "Automatically Detect Settings" box on the "Internet Explorer connection settings page" on all clients solved our problem...
- semihbattal
- Posts: 4
- Joined: Oct 19 03 3:26 pm
- Location: TURKEY
by adrien » Aug 07 04 8:36 pm
Make sure also, that you don't try and get the WWW Proxy to intercept port 443.
This would break all SSL connectivity.
SSL through proxies works a different way - the client connects to the proxy still on port 80, then sends a CONNECT command to connect through to the end server on port 443. Once WinGate creates the basic connection, the client then negotiates an SSL connection over it.
Adrien
This would break all SSL connectivity.
SSL through proxies works a different way - the client connects to the proxy still on port 80, then sends a CONNECT command to connect through to the end server on port 443. Once WinGate creates the basic connection, the client then negotiates an SSL connection over it.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by nick_mcruk » Aug 10 04 2:48 am
Hi,
I tried checking the "Automatically Detect Settings" box on the "Internet Explorer connection settings page"on the client but this did not work, but when I manually it to use a proxy server, ie set the servers IP and port 80 for all, this worked and now allows https access.
I tried checking the "Automatically Detect Settings" box on the "Internet Explorer connection settings page"on the client but this did not work, but when I manually it to use a proxy server, ie set the servers IP and port 80 for all, this worked and now allows https access.
- nick_mcruk
- Posts: 16
- Joined: Feb 26 04 1:05 pm
by nick_mcruk » Aug 10 04 2:49 am
Hi,
I tried checking the "Automatically Detect Settings" box on the "Internet Explorer connection settings page"on the client but this did not work, but when I manually it to use a proxy server, ie set the servers IP and port 80 for all, this worked and now allows https access.
I tried checking the "Automatically Detect Settings" box on the "Internet Explorer connection settings page"on the client but this did not work, but when I manually it to use a proxy server, ie set the servers IP and port 80 for all, this worked and now allows https access.
- nick_mcruk
- Posts: 16
- Joined: Feb 26 04 1:05 pm
by adrien » Aug 10 04 5:17 am
"Automatically detect settings" only works if you are using WinGate as your DNS server, since this relies on a special DNS lookup.
When you select this option in IE, it makes a DNS lookup for the name "WPAD". WinGate's DNS server recognises this, and returns its own IP address. This means if you are using a different DNS server (e.g. Win 2000 AD server or something), then you could actually get auto detect working by putting a DNS record in that server, pointing lookups for the name "WPAD" through to wingate's IP address.
In the end however, Proxy Auto Detect (PAD) only has the effect of setting your browser up to use proxies. If you were wanting to use NAT or WGIC, it kinda defeats the purpose (although it will work).
Adrien
When you select this option in IE, it makes a DNS lookup for the name "WPAD". WinGate's DNS server recognises this, and returns its own IP address. This means if you are using a different DNS server (e.g. Win 2000 AD server or something), then you could actually get auto detect working by putting a DNS record in that server, pointing lookups for the name "WPAD" through to wingate's IP address.
In the end however, Proxy Auto Detect (PAD) only has the effect of setting your browser up to use proxies. If you were wanting to use NAT or WGIC, it kinda defeats the purpose (although it will work).
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by krhoades » Oct 28 04 6:27 pm
Was this issue ever resolved? I am also having the same problem. I am using Wingate 6.0.3 with ENS enabled on a Windows Server 2003 machine. The "Allow ANY port to be connected" setting is enabled in the https section of the WWW proxy server settings. Your help would be greatly appreciated in this issue.
- krhoades
- Posts: 1
- Joined: Oct 28 04 3:28 pm
by Pascal » Nov 04 04 10:41 am
I'm running through 6.0.3 and have no difficulties connecting to bank sites (https), etc.
I suspect it'll be something configuration related. How do you have your WinGate clients setup? Are they connecting using NAT, direct proxy connections or WGIC?
If you are using NAT, are you redirecting (Intercepting) from the WWW Proxy Service?
I suspect it'll be something configuration related. How do you have your WinGate clients setup? Are they connecting using NAT, direct proxy connections or WGIC?
If you are using NAT, are you redirecting (Intercepting) from the WWW Proxy Service?
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by mykalel » Nov 04 04 6:09 pm
I, too, have this problem in v6.0.3 (build 1005). I'm using WGIC authentication and all ports are allowed in SSL connections in the WWW Proxy Server (running on port 85).
Any user attempting to connect to a site using SSL gets a blank page, and the proxy server displays a system message as follows:
Authentication failed - user [logged on username] on [IP address of client] requested [web page address]
The ID code on the system message is 0301.
Incidentally, I think the problem might be related to sites using Active Server, as some https sites work fine. The ones I'm having trouble with all seem to use ActiveX components.
Any user attempting to connect to a site using SSL gets a blank page, and the proxy server displays a system message as follows:
Authentication failed - user [logged on username] on [IP address of client] requested [web page address]
The ID code on the system message is 0301.
Incidentally, I think the problem might be related to sites using Active Server, as some https sites work fine. The ones I'm having trouble with all seem to use ActiveX components.
Michael Lee
- mykalel
- Posts: 9
- Joined: Nov 04 04 5:58 pm
- Location: Gosford, NSW
by Nev » Nov 05 04 5:35 pm
mykalel wrote:I, too, have this problem in v6.0.3 (build 1005). I'm using WGIC authentication and all ports are allowed in SSL connections in the WWW Proxy Server (running on port 85).
Any user attempting to connect to a site using SSL gets a blank page, and the proxy server displays a system message as follows:
Authentication failed - user [logged on username] on [IP address of client] requested [web page address]
The ID code on the system message is 0301.
Incidentally, I think the problem might be related to sites using Active Server, as some https sites work fine. The ones I'm having trouble with all seem to use ActiveX components.
G'day Michael,
Post a link here to the SSL login in difficulty, others can try to track this down as well!
Cheers from wet and rainy Mudgee > YES!
Nev.
- Nev
- WinGate Guru
- Posts: 861
- Joined: Sep 22 03 11:35 pm
- Location: Mudgee ~ NSW ~ Australia
by mykalel » Nov 09 04 6:27 pm
We're a bit soggy on the Central Coast too (not that there's anything wrong with that!).
Some sites that I know we're having problems with are:
http://www.ecommcorporate.com.au/ecomm/
(select Foreign Exchange from the dropdown at the top, then press Go)
System message in wingate reads "authentication failed - user michaell on 192.168.2.192 requested http://www.ecommcorporate.com.au/ecomm/ ... plet.class"
Authentication failed errors are also being reported for:
http://crl.verisign.com/Calss3CodeSigning2001.crl
http://rms.adobe.com/read/0600/win_/ENU ... be0000.xml
http://www.microsoft.com
and many others...
We also run an internal Windows Update server. The proxy is reporting authentication failed for any computer that tries to connect to the server looking for updates.
All clients on my network run Win XP SP2. The proxy runs on a W2K Server with SP4.
Some sites that I know we're having problems with are:
http://www.ecommcorporate.com.au/ecomm/
(select Foreign Exchange from the dropdown at the top, then press Go)
System message in wingate reads "authentication failed - user michaell on 192.168.2.192 requested http://www.ecommcorporate.com.au/ecomm/ ... plet.class"
Authentication failed errors are also being reported for:
http://crl.verisign.com/Calss3CodeSigning2001.crl
http://rms.adobe.com/read/0600/win_/ENU ... be0000.xml
http://www.microsoft.com
and many others...
We also run an internal Windows Update server. The proxy is reporting authentication failed for any computer that tries to connect to the server looking for updates.
All clients on my network run Win XP SP2. The proxy runs on a W2K Server with SP4.
Michael Lee
- mykalel
- Posts: 9
- Joined: Nov 04 04 5:58 pm
- Location: Gosford, NSW
by Pascal » Nov 10 04 12:09 pm
If the connections are not being intercepted then you should not be affected by the WWW Proxy Policies.
The policy that would be affecting it will be the one for the WRP Service (And potentially the System Policies; depending on how they are set to be included)
This issue is currently with our QA team.
The policy that would be affecting it will be the one for the WRP Service (And potentially the System Policies; depending on how they are set to be included)
This issue is currently with our QA team.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by Pascal » Nov 11 04 10:12 am
Okay, QA has gone through it. We could not replicate the same behavior at all. (Same Client+Server OS, etc.)
So:
1. Which userdatabase are you using?
2. Which policies do you have setup for the WRP Service?
Do you have Java installed on your clients? We ran into problems until we did that. Thereafter, everything worked smoothly. If that does not help; can you export and send me your WinGate registry, please?
So:
1. Which userdatabase are you using?
2. Which policies do you have setup for the WRP Service?
Do you have Java installed on your clients? We ran into problems until we did that. Thereafter, everything worked smoothly. If that does not help; can you export and send me your WinGate registry, please?
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by mykalel » Nov 11 04 11:18 am
We're using the Windows user database.
The WRP service policy is set to "Users can access this service", the "granted to" box is empty, and "Default rights (System policies) may be used instead."
All clients have Sun Java Runtime environment 1.4.2 installed, and most of them use this as their default Java programme for Internet Explorer. Changing the default to Microsoft's Java Virtual Machine does not solve the problem.
The WRP service policy is set to "Users can access this service", the "granted to" box is empty, and "Default rights (System policies) may be used instead."
All clients have Sun Java Runtime environment 1.4.2 installed, and most of them use this as their default Java programme for Internet Explorer. Changing the default to Microsoft's Java Virtual Machine does not solve the problem.
Michael Lee
- mykalel
- Posts: 9
- Joined: Nov 04 04 5:58 pm
- Location: Gosford, NSW
by mykalel » Nov 19 04 10:53 pm
The problem is still occurring. The most obvious example I can give you is www.ecommcorporate.com.au. With the proxy off we can access the login screen. with the proxy on we can't.
I've emailed you the configuration & registry files.
I've emailed you the configuration & registry files.
Michael Lee
- mykalel
- Posts: 9
- Joined: Nov 04 04 5:58 pm
- Location: Gosford, NSW
by erwin » Nov 22 04 12:34 pm
Hi Michael
How exactly are your client machines attempting to access these sites?.
You mentioned they were using WGIC but when we used your registry config here in the lab we found that GDP (what WGIC uses to locate the WinGate server) is disabled.
It also seems that your ENS driver has been manually disabled (which of course disables the WinGate firewall/startup protection completely) . Are you using a third party firewall on the WinGate machine and if so has this been reconfigured to allow SSL type connections properly via WinGate properly.
Using your registry configuration (and making sure WGIC/WRP was working for the client we have tried several different HTTPS connections/site and found we STILL could not reproduce your issue.
We also noticed that your WWW proxy service on port 85 did not have intercepts enabled, (which is required is you want NAT or WGIC clients to be forced through this proxy). Because of this we presumed that your clients had also configured their browsers to use a straight proxy connection, on port 85, and so tried this type of connection as well but still couldnt repro your issue.
Regards
Erwin
How exactly are your client machines attempting to access these sites?.
You mentioned they were using WGIC but when we used your registry config here in the lab we found that GDP (what WGIC uses to locate the WinGate server) is disabled.
It also seems that your ENS driver has been manually disabled (which of course disables the WinGate firewall/startup protection completely) . Are you using a third party firewall on the WinGate machine and if so has this been reconfigured to allow SSL type connections properly via WinGate properly.
Using your registry configuration (and making sure WGIC/WRP was working for the client we have tried several different HTTPS connections/site and found we STILL could not reproduce your issue.
We also noticed that your WWW proxy service on port 85 did not have intercepts enabled, (which is required is you want NAT or WGIC clients to be forced through this proxy). Because of this we presumed that your clients had also configured their browsers to use a straight proxy connection, on port 85, and so tried this type of connection as well but still couldnt repro your issue.
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by mykalel » Nov 30 04 5:07 pm
Hi,
Reading back up the thread I think I've confused NTLM authentication with WGIC. Sorry about that.
Our browsers are directly configured with the proxy settings.. using port 85 for all protocols. These settings are set via Group Policy (except for Firefox users, where it is set manually).
As an experiment I uninstalled Wingate last week, then reinstalled it. The only setting I changed was to change port 80 to 85 for the WWW proxy. I also ticked NTLM as the authentication method, and set a System Policy for Everybody to "Must be authenticated".
Even after doing this, the problem still occurs. We continue to get "authentication denied" messages for "guest" for users whose sessions HAVE been authorised with NTLM. The same sites, over and over, fail to work due, I assume, to this authentication failure. We never had this problem when using Wingate 5 and Java authentication.
Reading back up the thread I think I've confused NTLM authentication with WGIC. Sorry about that.
Our browsers are directly configured with the proxy settings.. using port 85 for all protocols. These settings are set via Group Policy (except for Firefox users, where it is set manually).
As an experiment I uninstalled Wingate last week, then reinstalled it. The only setting I changed was to change port 80 to 85 for the WWW proxy. I also ticked NTLM as the authentication method, and set a System Policy for Everybody to "Must be authenticated".
Even after doing this, the problem still occurs. We continue to get "authentication denied" messages for "guest" for users whose sessions HAVE been authorised with NTLM. The same sites, over and over, fail to work due, I assume, to this authentication failure. We never had this problem when using Wingate 5 and Java authentication.
Michael Lee
- mykalel
- Posts: 9
- Joined: Nov 04 04 5:58 pm
- Location: Gosford, NSW
31 posts
• Page 1 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 7 guests