Hi There,
We are experiencing the above problem with our Wingate service. It seems to be related to NTLM authentication.. (The WWW Proxy service is set to NTLM ONLY)
When I do a packet sniff of Firefox 1.06 (works) and Firefox 1.5 I can definatly see that the process is different.. and the last thing that happens before Wingate stops is an access denied returned to Firefox (1.5) and some NTLM Auth stuff
I hope you guys can reproduce the problem.. We are using Wingate 6.1.1 build 1077, (I upgraded from 6.0.4 1025 thinking it might help)
If you cant reproduce the problem I can give you more information such as packet logs and Wingate & Server configuration etc..
BTW I thought it might be a bug with Firefox but I tested the Authentication against a IIS Website using NTLM and it seemed to work. Perhaps its some incompatability between the 2 products, or some other problem altogether..
Any help appreciated!
Johnny
Lincoln Ventures Ltd
Firefox 1.5 causes Wingate Service to Terminate unexpectedly
Moderator: Qbik Staff
19 posts
• Page 1 of 1
Firefox 1.5 causes Wingate Service to Terminate unexpectedly
by beckerj » Dec 16 05 2:20 pm
- beckerj
- Posts: 16
- Joined: Jun 18 04 1:29 pm
by Zaphod » Jan 25 06 6:38 am
I can confirm this behaviour.
Firefox crashes Wingate 6.1.1 on Windows Advanced Server 2003 SP1 when using NTLM authentication using Firefox 1.5.
The errors in the NT Application Event Log is as follows:
Fualting Application Wingate.exe, version 6.1.1.1077, faulting module unknown, version 0.0.0.0, fault address 0x30334261.
Followed by the following Dr. Watston Informational event log message:
The application c:\program files\wingate\wingate.exe, generated an application error The error occurred on dd/mm/yyyy @ hh:mm:ss The exception generated was c0000005 at address 005a5ca3 (Wingate! l4linkSt::operator=)
Does anyone know of a workaround for this problem?
Firefox crashes Wingate 6.1.1 on Windows Advanced Server 2003 SP1 when using NTLM authentication using Firefox 1.5.
The errors in the NT Application Event Log is as follows:
Fualting Application Wingate.exe, version 6.1.1.1077, faulting module unknown, version 0.0.0.0, fault address 0x30334261.
Followed by the following Dr. Watston Informational event log message:
The application c:\program files\wingate\wingate.exe, generated an application error The error occurred on dd/mm/yyyy @ hh:mm:ss The exception generated was c0000005 at address 005a5ca3 (Wingate! l4linkSt::operator=)
Does anyone know of a workaround for this problem?
- Zaphod
- Posts: 6
- Joined: Oct 20 03 9:02 pm
by Pascal » Jan 25 06 1:18 pm
Zaphod wrote:Does anyone know of a workaround for this problem?
Short of bypassing the parts of the equation that causes the problem (Firefox or NTLM auth) no. You could use the Qbik Auth Tool as a temporary workaround while we look into this.
I'm busy investigating this, will report as soon as more is known.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by Pascal » Jan 25 06 2:31 pm
Genie investigated the crash information shown. It appears to be in the History Database. We can't reproduce the problem at the moment (FF1.5 through 6.1.1, build 1077) seems to work fine.
Is this a direct proxy connection or are you using Intercepts?
Are you using the History Database, and if yes, is it accessible, etc.?
Is this a direct proxy connection or are you using Intercepts?
Are you using the History Database, and if yes, is it accessible, etc.?
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by AltTeo » Jan 26 06 3:21 am
I also confirm that Wingate WWW Proxy service with NTLM authorization causes Wingate system service to stop while using Firefox 1.5.
It's not accdential. It happens EVERY time when client tries to connect to Internet. It happens for certain when using Intercepts (I didn't check direct proxy).
It does not depend on system (I tried on several machines with the same result).
Using other types of authorization do not cause this error.
This error is actual for Wingate 6.0.4.1025 and latter (Didn't test older versions).
This error does not happen when using Firefox 1.0 - 1.0.7.
It's a big problem, because proxy server SHOULD NOT stop at all (and especially doing it's common tasks).
It's not accdential. It happens EVERY time when client tries to connect to Internet. It happens for certain when using Intercepts (I didn't check direct proxy).
It does not depend on system (I tried on several machines with the same result).
Using other types of authorization do not cause this error.
This error is actual for Wingate 6.0.4.1025 and latter (Didn't test older versions).
This error does not happen when using Firefox 1.0 - 1.0.7.
It's a big problem, because proxy server SHOULD NOT stop at all (and especially doing it's common tasks).
- AltTeo
- Posts: 6
- Joined: Jan 26 06 3:03 am
by adrien » Jan 26 06 10:16 am
Hi
Just one thing - we don't recommend using NTLM with intercepted connections. We made it possible for completeness of the solution, but browsers can get quite confused.
When a browser is being intercepted, it still thinks it is talking directly to the end server on the internet. If the intercepting proxy requests authentication, then the browser (at least IE does) associates the credentials with the end server. If you hit a page that has say images hosted on many different servers, then you will get an authentication prompt for each different server, since the browser considers that the credentials it has associated with one server will not be useful for another server.
things are generally better behaved if the browser is configured to use the proxy directly.
Adrien
Just one thing - we don't recommend using NTLM with intercepted connections. We made it possible for completeness of the solution, but browsers can get quite confused.
When a browser is being intercepted, it still thinks it is talking directly to the end server on the internet. If the intercepting proxy requests authentication, then the browser (at least IE does) associates the credentials with the end server. If you hit a page that has say images hosted on many different servers, then you will get an authentication prompt for each different server, since the browser considers that the credentials it has associated with one server will not be useful for another server.
things are generally better behaved if the browser is configured to use the proxy directly.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by mikeout » Jan 30 06 11:34 am
AltTeo wrote:This error does depend on system... I tried it on another system and it worked. Now I'll try to find what causes it...
Not sure if this is any help but this problem started for me when one NIC had two IP Adresses...prior to this change NTLM and the versions mentioned above were working fine with Firefox.
IE still does.
Mike
- mikeout
- Posts: 10
- Joined: Aug 27 04 11:04 pm
- Location: London
by AltTeo » Jan 31 06 2:46 am
The problem does not depend on interceptions.
The only thing that is specific for the problem system is complex user rights for WWW Service. There are 2 groups: Everyone (they may not be authorized but have access only to 3 sites), and Internet Users (they must be authorized and they are granted full access). When NTLM is not realy used everything is OK.
The only thing that is specific for the problem system is complex user rights for WWW Service. There are 2 groups: Everyone (they may not be authorized but have access only to 3 sites), and Internet Users (they must be authorized and they are granted full access). When NTLM is not realy used everything is OK.
- AltTeo
- Posts: 6
- Joined: Jan 26 06 3:03 am
by leades » Jan 31 06 3:24 am
I am having the same problem with Firefox1.5 and also with IE5.5 when access to the WWW service is restricted to a user group and "User must be authenticated". If I leave permissions at "Unrestricted Rights" everything works great. When I upgrade clients to IE6 the problem goes away.
Laurence
- leades
- Posts: 2
- Joined: Apr 27 05 5:04 am
- Location: Lone Star, TX
by tomm » Jan 31 06 5:29 pm
Hi all,
I've been trying to reproduce this problem in the Qbik labs without success and have a couple of questions.
1) What OS is installed on the machine running Wingate?
2) At what point do you see the problem? Before the authentication dialog box has appeared, or after the credentials have been entered?
Below is a rundown of the configuration parameters I used in the lab. If there's anything missing or different about this setup to your own please reply back and let me know.
cheers
T
Config:-
- 2 machines, one running Wingate, one running ff1.5 connected locally to the wg machine and accessing the internet through it
- latest version of Wingate (6.1.1)
- tried both 2003sp1 and xp for the WinGate machine. In the case where I tried 2003sp1, the machine was the domain controller of the active directory, and on the client machine I tried logging on both locally and also to the domain before attempting to browse using firefox.
- in the policies for the www proxy created 2 groups ('everyone' and 'internet users'). System policies are ignored, 'Internet Users' must be authenticated, and 'Everyone' was tried with all three security settings. 'Internet users' had no other restriction, 'everyone' was limited using a filter so that users belonging to this group could only access one site.
- attempted to browse both as an 'internet user' and as a user that did not belong to this group (ie 'everyone'). After authentication 'internet users' had complete internet access, others were limited to the site specified in the filter (other sites showed up as 'access denied').
I've been trying to reproduce this problem in the Qbik labs without success and have a couple of questions.
1) What OS is installed on the machine running Wingate?
2) At what point do you see the problem? Before the authentication dialog box has appeared, or after the credentials have been entered?
Below is a rundown of the configuration parameters I used in the lab. If there's anything missing or different about this setup to your own please reply back and let me know.
cheers
T
Config:-
- 2 machines, one running Wingate, one running ff1.5 connected locally to the wg machine and accessing the internet through it
- latest version of Wingate (6.1.1)
- tried both 2003sp1 and xp for the WinGate machine. In the case where I tried 2003sp1, the machine was the domain controller of the active directory, and on the client machine I tried logging on both locally and also to the domain before attempting to browse using firefox.
- in the policies for the www proxy created 2 groups ('everyone' and 'internet users'). System policies are ignored, 'Internet Users' must be authenticated, and 'Everyone' was tried with all three security settings. 'Internet users' had no other restriction, 'everyone' was limited using a filter so that users belonging to this group could only access one site.
- attempted to browse both as an 'internet user' and as a user that did not belong to this group (ie 'everyone'). After authentication 'internet users' had complete internet access, others were limited to the site specified in the filter (other sites showed up as 'access denied').
- tomm
- Qbik Staff
- Posts: 7
- Joined: Jan 26 06 4:47 pm
by Zaphod » Feb 01 06 2:18 am
Hi,
For the server I'm using is a Windows Server 2003 box with SP1 + all latest hotfixes.
The server is an Active Directory 2003 member server and has a single NIC with a static IP address on our network which has a static NAT mapping through our firewall.
I'm authenticing against active directory so I'm not seeing any dialog box.
Group "Domain Users" has been granted access to the WWW Proxy Server Service with must be authenticated. Default rights set to "Are Ignored"
I don't actually see any dialog box. The Wingate server just bombs out as soon as a Firefox client attempts to connect through the proxy.
Cheers,
Dave.
For the server I'm using is a Windows Server 2003 box with SP1 + all latest hotfixes.
The server is an Active Directory 2003 member server and has a single NIC with a static IP address on our network which has a static NAT mapping through our firewall.
I'm authenticing against active directory so I'm not seeing any dialog box.
Group "Domain Users" has been granted access to the WWW Proxy Server Service with must be authenticated. Default rights set to "Are Ignored"
I don't actually see any dialog box. The Wingate server just bombs out as soon as a Firefox client attempts to connect through the proxy.
Cheers,
Dave.
- Zaphod
- Posts: 6
- Joined: Oct 20 03 9:02 pm
by AltTeo » Feb 01 06 3:20 am
I've got a server running Windows Server 2003 with SP1. It is a domain controller. It has two NICs one connected to LAN (static IP) and one to Internet (static IP).
Domain users authorize when they logon to the system. So there no authorize dialog boxes after login. The Wingate Server Stops at the moment when client starts Firefox.
In Firefox in Connection settings server's IP is a default proxy server.
The client machine runs Windows XP SP2. And there is not a Wingate client.
Domain users authorize when they logon to the system. So there no authorize dialog boxes after login. The Wingate Server Stops at the moment when client starts Firefox.
In Firefox in Connection settings server's IP is a default proxy server.
The client machine runs Windows XP SP2. And there is not a Wingate client.
- AltTeo
- Posts: 6
- Joined: Jan 26 06 3:03 am
by tomm » Feb 01 06 7:11 pm
Hi all,
Unfortunately still working on reproducing this in the lab. Can you (AltTeo, Zaphod, anyone else with this problem, etc) please email your wingate registry file to sales@wingate.com.
Thanks
T
Unfortunately still working on reproducing this in the lab. Can you (AltTeo, Zaphod, anyone else with this problem, etc) please email your wingate registry file to sales@wingate.com.
Thanks
T
- tomm
- Qbik Staff
- Posts: 7
- Joined: Jan 26 06 4:47 pm
by tomm » Feb 09 06 6:37 pm
Hi all,
We've finally managed to reproduce this problem in the lab with Johnny's help. It appears that in FF1.5, in the proxy server settings, referring to the WG proxy server using its netbios name rather than using its IP causes a problem.
We are currently investigating the problem.
To work around this in the meantime, alert users that in Tools:Options:General:Connection Settings, the 'HTTP Proxy' setting should be set to the IP of the WinGate machine rather than the netbios (machine) name.
Thanks
We've finally managed to reproduce this problem in the lab with Johnny's help. It appears that in FF1.5, in the proxy server settings, referring to the WG proxy server using its netbios name rather than using its IP causes a problem.
We are currently investigating the problem.
To work around this in the meantime, alert users that in Tools:Options:General:Connection Settings, the 'HTTP Proxy' setting should be set to the IP of the WinGate machine rather than the netbios (machine) name.
Thanks
- tomm
- Qbik Staff
- Posts: 7
- Joined: Jan 26 06 4:47 pm
Firefox 1.5.1 crashes wingate
by itgmorigia » Mar 10 06 12:45 am
Is this problem resolved rather than using workaround?
Thanks
Davide Cottignoli
Thanks
Davide Cottignoli
- itgmorigia
- Posts: 15
- Joined: Feb 01 06 10:36 pm
- Location: Italy
19 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 5 guests