WinGate Forums

[tizza42]

Firstly, there's not much help on the Apple/iTunes site.

I've opened TCP port 3689 & UDP port 5353 after a little digging around.

I've added iTunes.exe & iTunesHelper.exe as Global to the Wingate Client.

I use ENS.

There's no helpful info from the iTunes application, just a pop-up saying connection failed. I then went to their web site for help and the ONLY thing they suggest is to ensure your Internet connection is working - HOW CAN YOU READ THE HELP OTHERWISE?

If anyone is successfully connecting to the Music Store from a client machine, could you PLEASE post any settings you had to change?

Thanks for any help/advice/hint you can give.

[ggiebler]

I've been having the same problem.
The only way I have been able to resolve it is to uncheck the box for Transparent proxy under the Sessions configuration of WWW Proxy Server properties. However, this seems to defeat some of the key benefits of Wingate, i.e., the ability to use the antivirus and content filtering plugins, and the ability to set web restriction policies.
I hope one of the Qbik staff can enlighten us on how to use iTunes without having to disable the transparent proxy.

[tizza42]

Thanx 4 the tip on unchecking the box [ggiebler] but, just as you've stated, it seems to "unfix" more things than it fixes!

I too would welcome a response from the QBIK team.

[Pascal]

Do both of you have plugins installed?

From the sound of it it could very well be a plugin blocking the content coming back from iTunes (E.g. KAV rejecting it because it could not be scanned / is deemed to be corrupted / etc.)

This is fairly common for certain sites, such as antivirus / software update type sites. A quick test to confirm if this is the case or not would be to disable plugins and then try it again with Intercepts enabled. If that is the case then you should be able to add the iTunes website as an "ignored/trusted" site for both plugins, in which case you can still carry on as normal.

[ggiebler]

Pascal,

Yes, I have the plugins installed. I tried your suggestion of disabling the plugins, but this did not help.
I also added the appropriate sites (phobos.apple.com and phobos.apple.com.edgesuite.net) so that they are allowed by Puresight and ignored by Kaspersky, but this did not help either.

Here is a sample user log when someone tries to use iTunes:
02/19/06 22:24:00 192.168.1.139 0000004033 Requested DNS: A lookup "phobos.apple.com."
02/19/06 22:24:00 192.168.1.139 0000004033 Traffic 50 34 0 0 0s
02/19/06 22:24:00 192.168.1.139 0000004034 Requested http://phobos.apple.com/storeBag.xml.gz
02/19/06 22:24:01 192.168.1.139 0000004034 Traffic 516 424 390 516 1s
02/19/06 22:24:01 192.168.1.139 0000004034 Traffic 0 0 0 0 0s
02/19/06 22:24:01 192.168.1.139 0000004035 Requested DNS: A lookup "ax.phobos.apple.com.edgesuite.net."
02/19/06 22:24:01 192.168.1.139 0000004035 Traffic 113 51 0 0 0s
02/19/06 22:24:01 192.168.1.139 0000004036 Requested http://ax.phobos.apple.com.edgesuite.ne ... ateSession
02/19/06 22:24:01 192.168.1.139 0000004036 Traffic 995 467 0 0 0s

Maybe this will give you some clues.
There are no entries in the Puresight or Kaspersky logs for any of these sites.

Perhaps it has something to do with ports being blocked. I have Extended Networking set up so that no ports are allowed as connections from the internet for both TCP and UDP.
So, I then tried unblocking ports 113, 1024-4096, and 5353 for TCP, and port 3689 for UDP, but this didn't help either.

Thanks for your help with this.

[Pascal]

Do you see any firewall hits that correspond to that?

[ggiebler]

Nope. Here are the firewall entries from the WinGate NAT.log for around that same time period. As you can see, there is nothing listed for the time when iTunes was started, i.e., around 22:24:00

02/19/06 22:00:34 Authorisation failure: NAT STATUS: firewall block: UDP src 65.89.168.247:9710 dst 66.105.52.18:1026
02/19/06 22:15:36 192.168.1.139 test 0000004022 Requested: NAT: TCP Connection to 64.233.167.109:995
02/19/06 22:15:38 192.168.1.139 test 0000004022 Traffic 1522 766 766 1522 2s
02/19/06 22:30:25 Authorisation failure: NAT STATUS: firewall block: UDP src 65.51.218.189:3445 dst 66.105.52.18:1026
02/19/06 22:34:54 Authorisation failure: NAT STATUS: firewall block: TCP src 218.24.201.24:6000 dst 66.105.52.18:1433

[Pascal]

OK, QA will setup a test rig for this tomorrow morning. To help them get it as close as possible to your setup:

1. What version of WinGate are you using?
2. What OS is it installed on? (With service packs, if applicable)
3. Would it be possible to get a copy of your WG settings please? (Registry config export from advanced options)
4. How do the client PCs connect through it?

[ggiebler]

Running the latest version of Wingate.
Both Wingate server and client are running Windows XP with Service Pack 2 and all critical updates.
Clients connect as assumed users through NAT.
I'm emailing Pascal our WG settings file

[Pascal]

Thanks, will look through that today.

[Pascal]

Ok, we have managed to reproduce the issue. We're currently investigating what exactly is causing it and will let you guys now what will be done.

[Pascal]

Alright, Tom was able to reproduce this problem without plugins installed. The problem is actually with the caching of

"http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/initiateSession"

In the cases where the session fails it is because the page is being returned from the cache, rather than being served from the Apple site. There is a very easy work around for this.

Open the Cache Properties and switch to the "What to Cache" page. Add a Filter with one Criterion : "Do Not Cache if HTTP URL contains phobos.apple.com". Then you can re-enable plugins and all should be fine.

[tizza42]

Pascal - you're a champion - I put in the suggested cache entry & voila! It worked first time.

[Pascal]

Hehe, thank you, but Tom is the legend in this case!