Hi,
we have installed Wingate 6.1.0 (Build 1068; incl. Kaspersky plugin) on Win2000 Server SP4 (but with some recent updates missing).
The main purpose of the proxy is the user authentification but for some reasons we don't want a single logon. On the general tab of the WWW proxy server there are two checkboxes: [_] Java Client and [X] Basic.
We have some rather old machines running NT4 SP6 (but maybe without some "recent" updates). If I try to open the Internet Explorer (6.01SP1) it instantly freezes very badly so these guys cannot access the internet anymore and only the task manager is able to remove the IE.
Do I need a specific patch or update to use NT4?
Best Regards
Thomas
NT4: IE crashes while trying to connect to wingate
Moderator: Qbik Staff
11 posts
• Page 1 of 1
NT4: IE crashes while trying to connect to wingate
by DickyArts » Nov 09 05 4:06 am
- DickyArts
- Posts: 15
- Joined: Nov 09 05 3:12 am
by adrien » Nov 09 05 6:02 pm
Hi
shouldn't need anything (that I know of).
How is your IE configured on these machines? Is it configured to use the proxy, or is it using transparent proxying (in which case you would just set the default gateway to be the IP address of WinGate).
You can use transparent proxy with only one NIC in the WinGate machine, although not NAT.
Adrien
shouldn't need anything (that I know of).
How is your IE configured on these machines? Is it configured to use the proxy, or is it using transparent proxying (in which case you would just set the default gateway to be the IP address of WinGate).
You can use transparent proxy with only one NIC in the WinGate machine, although not NAT.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by DickyArts » Nov 09 05 11:55 pm
I just entered the IP and the port of wingate into the lan settings of the IE. I am not sure what a "transparant proxy" may be. WinGate is installed on a separate win2k-machine for authentification purposes.
The internet access is done by a netscreen/juniper firewall but inside the firewall http-access is limited to the IP of the WinGate-server.
At least on two of our NT4-clients (hopefully to be replaced soon...) the IE crashes. When it first happened with IE5 I updated it to IE6 SP1 but the problem persists. It's the latest IE-Version I have as installation file since windows-updates are impossible without a working IE. Some Outlook 2000 also crashes while trying to display HTML-messages so WinGate is getting more and more annoying.
The internet access is done by a netscreen/juniper firewall but inside the firewall http-access is limited to the IP of the WinGate-server.
At least on two of our NT4-clients (hopefully to be replaced soon...) the IE crashes. When it first happened with IE5 I updated it to IE6 SP1 but the problem persists. It's the latest IE-Version I have as installation file since windows-updates are impossible without a working IE. Some Outlook 2000 also crashes while trying to display HTML-messages so WinGate is getting more and more annoying.
- DickyArts
- Posts: 15
- Joined: Nov 09 05 3:12 am
by adrien » Nov 10 05 10:07 am
when you say crashes, what do you mean? There shouldn't be anything that WinGate can possibly send IE or outlook that can crash it unless there is a bug in outlook or IE, or in the client OS.
Adrien
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by DickyArts » Nov 13 05 10:58 am
> what do you mean?
As I already said in my intial posting: The IE freezes. You cannot press any button anylonger. With a lot of luck I may be able to kill that app by the task manager.
> There shouldn't be anything that WinGate can possibly send IE or outlook that can crash it
Usually I would agree with you but now (after installing the software on a different machine) there are even more crashes on Win2k and XP (while trying to access https://...; I have opened a different thread for that). I am clueless what that strange software is transmitting to the IE.
I don't believe in any bug of windows (ok, limited to this issue ;-) since it works while using other proxy software.
Usually I would recommand the customer to use Opera but I had to learn that wingate uses M$-proprietary NTLM-authorization which opera (for obvious reasons) is not willing to support. Maybe we have to use Firefox but I did not yet test it against WinGate.
Thomas
As I already said in my intial posting: The IE freezes. You cannot press any button anylonger. With a lot of luck I may be able to kill that app by the task manager.
> There shouldn't be anything that WinGate can possibly send IE or outlook that can crash it
Usually I would agree with you but now (after installing the software on a different machine) there are even more crashes on Win2k and XP (while trying to access https://...; I have opened a different thread for that). I am clueless what that strange software is transmitting to the IE.
I don't believe in any bug of windows (ok, limited to this issue ;-) since it works while using other proxy software.
Usually I would recommand the customer to use Opera but I had to learn that wingate uses M$-proprietary NTLM-authorization which opera (for obvious reasons) is not willing to support. Maybe we have to use Firefox but I did not yet test it against WinGate.
Thomas
- DickyArts
- Posts: 15
- Joined: Nov 09 05 3:12 am
by adrien » Nov 13 05 12:58 pm
Hi
Firefox does support NTLM as well.
How many network cards do you have on the WinGate machine?
Could you check the MTU values of each of them? You can see these by double-clicking each adapter in GateKeeper's network pane, and selecting the details tab.
From all the problems you are having with WinGate, I'm suspicious of some lower level network configuration issue.
Adrien
Firefox does support NTLM as well.
How many network cards do you have on the WinGate machine?
Could you check the MTU values of each of them? You can see these by double-clicking each adapter in GateKeeper's network pane, and selecting the details tab.
From all the problems you are having with WinGate, I'm suspicious of some lower level network configuration issue.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by DickyArts » Nov 13 05 2:31 pm
One nic and the mtu override is not checked so most probably it's 1500 bytes.
> Firefox does support NTLM as well.
Yes, that's what written on their homepage. But since neither IE nor Opera is working together with wingate I have some doubts Firefox will do...
And I am not sure if all needed websites (online banking for example) will work with Firefox (ActiveX ...)
I will have to investigate that further - probably on wednesday.
Since nothing has worked as advertised so far this software is getting quite expensive...
Thomas
> Firefox does support NTLM as well.
Yes, that's what written on their homepage. But since neither IE nor Opera is working together with wingate I have some doubts Firefox will do...
And I am not sure if all needed websites (online banking for example) will work with Firefox (ActiveX ...)
I will have to investigate that further - probably on wednesday.
Since nothing has worked as advertised so far this software is getting quite expensive...
Thomas
- DickyArts
- Posts: 15
- Joined: Nov 09 05 3:12 am
by adrien » Nov 13 05 3:54 pm
OK, since you only have one NIC in that machine, there are some things that the current version of WinGate won't do, such as NAT, or transparent proxy (this is about to change - I am surprised by the number of people running WinGate on a machine with only one NIC!).
however, in your case, since your machines are configured to use a proxy connection, it should work fine with just one NIC.
If https connections are not working, that is most likely some problem connecting up stream. We have seen problems with SSL connections in the past if your firewall or a network adapter has a reduced MTU (maybe because of your internet connection type). Normally for https we recommend NAT, as it is the least intrusive, but I would need to send you a new ENS driver for that to work with your setup.
How does your firewall connect to your ISP? Is it a PPPoE connection? You may need to override your MTU on the WinGate adapter. To check how big your actual MTU is, you need to use the ping command, and send large packets until they no longer succeed.
e.g
ping somesite -f -l somesize
the maximum value of somesize that works plus 28 is the MTU.
Adrien
however, in your case, since your machines are configured to use a proxy connection, it should work fine with just one NIC.
If https connections are not working, that is most likely some problem connecting up stream. We have seen problems with SSL connections in the past if your firewall or a network adapter has a reduced MTU (maybe because of your internet connection type). Normally for https we recommend NAT, as it is the least intrusive, but I would need to send you a new ENS driver for that to work with your setup.
How does your firewall connect to your ISP? Is it a PPPoE connection? You may need to override your MTU on the WinGate adapter. To check how big your actual MTU is, you need to use the ping command, and send large packets until they no longer succeed.
e.g
ping somesite -f -l somesize
the maximum value of somesize that works plus 28 is the MTU.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by DickyArts » Nov 14 05 3:10 am
> such as NAT
Not needed for us ;-) It's done by our firewall.
> I am surprised by the number of people running WinGate on a machine with only one NIC!
No second nic needed since the firewall is able to limit web-access to only a few machines so there is no way to bypass the proxy.
> it should work fine with just one NIC.
Yes, that was our hope... In fact it doesn't.
> How does your firewall connect to your ISP?
Hm... that's difficult to explain. It's a wireless connection to a small local isp and I have no access to the settings in the radio equipment. I guess the isp itself has a 2MBit/s SDSL connection.
I will try that ping as soon as I am back at the customer (may be wednesday).
Thank you for your help so far
Thomas
Not needed for us ;-) It's done by our firewall.
> I am surprised by the number of people running WinGate on a machine with only one NIC!
No second nic needed since the firewall is able to limit web-access to only a few machines so there is no way to bypass the proxy.
> it should work fine with just one NIC.
Yes, that was our hope... In fact it doesn't.
> How does your firewall connect to your ISP?
Hm... that's difficult to explain. It's a wireless connection to a small local isp and I have no access to the settings in the radio equipment. I guess the isp itself has a 2MBit/s SDSL connection.
I will try that ping as soon as I am back at the customer (may be wednesday).
Thank you for your help so far
Thomas
- DickyArts
- Posts: 15
- Joined: Nov 09 05 3:12 am
by DickyArts » Nov 21 05 11:38 pm
Sorry that it took some time...
I modified the ping buffer as suggested and got the following results:
-f -l 1472: Antwort von ... (answer from [some site out there in the internet])
-f -l 1473: Paket müsste fragmentiert werden, DF-Flag ist jedoch gesetzt. (packet needs to be fragmented but DF-flag is set)
(Hopefully my translations are nearby the english messages ;-)
According to your posting 1472 + 28 = 1500 should work fine.
Besides this our other problem ([url]http://forums.qbik.com/viewtopic.php?t=4264[/url]) with crashing IEs on Win2k while accessing https://... still persists. May be they belong together?
Any more ideas?
Thomas
I modified the ping buffer as suggested and got the following results:
-f -l 1472: Antwort von ... (answer from [some site out there in the internet])
-f -l 1473: Paket müsste fragmentiert werden, DF-Flag ist jedoch gesetzt. (packet needs to be fragmented but DF-flag is set)
(Hopefully my translations are nearby the english messages ;-)
According to your posting 1472 + 28 = 1500 should work fine.
Besides this our other problem ([url]http://forums.qbik.com/viewtopic.php?t=4264[/url]) with crashing IEs on Win2k while accessing https://... still persists. May be they belong together?
Any more ideas?
Thomas
- DickyArts
- Posts: 15
- Joined: Nov 09 05 3:12 am
11 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot], xibolag and 26 guests