WinGate Forums

[bench]

It was my experience that when installing wingate on a server by itself and using remote active directory to authenticate users did not give the best result. I kept getting master browser warnings in the event viewer that it could not retrieve the list from the master browser.

My question is what is the ideal way to install wingate? Should it be installed on the domain server? Should it have the firewall disabled if you already have a hardware firewall?

I just don't see any other way to avoid gatekeeper from losing connection to active directory. Would installing it on the domain controller really affect performance? What type of hardware would you recommend to do this?

We would just like to block websites from being accessed and nothing else. Mail server would not be running.

Thanks.

[MattP]

Hi Bench,

We have found it necessary to ensure that the WinGate service is logging on as a user in the Domain Admins group. You set this from the services applet, by going to the properties of the WinGate service and entering a username in the logon tab. We recommend creating a new user (maybe call it WinGate) and make it a member only of the domain admins group. This way there is no danger of removing priveleges from the group that the WinGate user is a member of and causing yourself problems somewhere down the line.

Logging WinGate on as a member of the Domain Admins group should allow you to always access the user database on the domain controller, and we've found it clears up any problems associated with Active Directory.

If you must install WinGate on the Domain Controller you shouldn't really experience any problems, although performance-wise this could depend on the number of users that are connecting through WinGate. It sounds like you're just using the WWW proxy to control access so it's not a huge load being placed on the server.

But, I'd say try it with the new user first and see how that works foryou, in our experience it should be fine.

[bench]

Hello Matt,

I have done what you suggest already and as it was suggested in the guidelines when using remote database access. The user was created with domain admin privileges and the qbik service configured and it connected fine. I can synchronize the database whenever I add or delete users and it works wonderfully. The only problem, as I posted on previous posts, is that it loses connection to the database at least 3 times per day.

How do I know this, the event viewer tells me the browser could not retrieve a list of servers from browser master. Also, the client calls me to let me know they can't connect to the internet at which time I log on to the proxy server attempt to open gatekeeper and tells me it could not log me on.
I then have to restart the qbik service and then it lets me login to gatekeeper.

I have changed cables and switch boxes but the problem persists. I don't know what else could be causing it. That's the reason I think wingate would best work if installed on the domain controller.

I will recommend a dual xeon 3 GHz with at least 1 GB of RAM to be used as the domain controller and proxy server.

[Pascal]

Bench, that doesn't sound as if it's an AD related problem - it sounds more like a lockup / loss of connectivity.

Few questions:

1. Which version of WinGate are you currently using? (I think it's 6.1.1)
2. How do your users connect through WinGate and are you using any plugins?
3. Do you have deadlock detection turned on? (In advanced options)

[bench]

I am using version 6.0.4 and yes deadlock is turned on. I already posted the whole problem in previous posts but none of the solutions worked so I assume it's a network issue, somehow it loses connectivity with AD. If wingate is installed on the same sever as AD then it won't have that issue.

No plugins are used, users connect through assigned proxy in IE connection options. They are not using WGIC, I removed it because it kept asking for a username and password at bootup even though I added all startup services that needed to have internet access.

[Pascal]

Is there any chance you can zip and email me those deadlock detection files, please?

[kgoodknecht]

It was my experience that when installing wingate on a server by itself and using remote active directory to authenticate users did not give the best result. I kept getting master browser warnings in the event viewer that it could not retrieve the list from the master browser.


Thanks.

Master browser problems are almost always due to NIC binding order on multihomed Domain Controllers.

If the DC is multihomed, or if the Wingate server is multihomed make sure the internal interface has NetBIOS over TCP/IP enabled and is enabled on only the internal interface. This is also common if the DC has RAS running on the same subnet and you have not disabled NetBIOS on it.

To set the binding order, right click on Network Places, choose properties, then in the Advanced menu, select Advanced settings, move the internal interface to the top of the connections pane.

NetBIOS over TCP/IP is a broadcast protocol and will not cross a router, therefore the binding order is required to be correct so all Netbt interfaces are on the same subnet..