We just implemented the new version of Webgateway in my company and we are still blocked with a big issue :
How to use Itunes over this new version of Webgateway ?
I didnt found any working solution so I hope that you can help me
Many thanks in advance
what is the exact problem you are encoutering? Is it a problem to download ittunes or has it already been installed and some features do not work as expected?
Can you add some more description on what exactly fails?
Itunes is already installed on the PC but when I start it a request for login and password to the proxy appears and the program doesnt run.... I tried to add those url below to the global whitelist but it doesn't change anything...
the authentication popup is most likely caused by your MWG being setup to require authentication. This should not be an issue if you provide correct credentials. I have tested it on my Lab with a default MWG + NTLM Auth. Once I filled domain\username + a valid password into the popup, access worked pretty well.
To whitelist authentication it seems that a couple of more URL hosts need to be whitelisted, such as below:
Additionally iTunes tries to talk to several URLs to get certificate revocation lists to ensure the SSL certificates used are valid. I added my rule set that seems to work on iTunes 10.6 on Windows 7 (64 bit).
You will most likely have to add additional hosts. The errors log will help you to determine URL, URL.Host and/or User-Agents. If you add more, beware of the properties being used (URL.Host or URL).
AndreNachricht geändert durch asabban on 26.03.12 08:46:04 CDT
thanks for your both answer
@asabban : I tried to put the correct credentials but the popup appears again and again and Itunes doesn't start..... I also tried to add all the url hosts you sent to me in my global whitelist and also in my certificate whitelist for ssl inspection but it's still the same 😕 I saw in you xml file that you're running the MWG 7.2.0.x and my version is 7.1.0.x ... Do you think I should upgrade it to get it works ???
@Troja : Yes I have the SSL Scan enabled and if it possible I would like to keeps it active....
7.2 is not yet available for public use I think. I am running a beta in my lab, so I won´t recommend to upgrade. In my tests I have moved the rule set I shared on top of the policy to prevent even SSL Scanner from being called. If you put the entries to the global whitelist you will remove any filtering anyway, so there is no benefit of keeping SSL inspection active. Also Thorsten is right, iTunes checks the certificate it obtained from the server. If the certificate is not the original one issued by iTunes, it will show an error message and will not proceed.
Can you try adding the rule set I added to the top of the policy? Additionally can you check the access.log when you try to access iTunes? There should be requests with a status code of 407, which means that MWG requires authentication. They will cause the popup to occur.
What happens when you will in valid credentials, check the "remember credentials" checkbox and procees? Will iTunes start or still keep asking?
i tested iTunes on different systems (Bluecoat and so on) where SSL Scan is active. iTunes was never working when SSL Scan is active.
Perhaps we can build a spezial Ruleset to get iTunes traffic working.
Ok I imported your ruleset on the top of my policy :
Itunes keeps asking me for credentials (4 times) but after that the program works perfectly. The problem is that even if I check the "remember credentials" checkbox, when I restart the program the popup reappears.... I add you below the part of the access log when I start Itunes :
can you add the following two entries to the iTunes Host list from the rule set above?
Then give it another try and check the access.log.
Hi Moros, I also spent some time getting iTunes working through MWG6 and now V7. The problem is that iTunes does not support certain authentication methods, for us that is NTLM. Assuming you are using the default Direct Proxy Authentication and Authorization rule set, the way round is as follows:
iTunes should work just fine after that, it saves you have to whitelist all the URLS as the majority use the user agent iTunes/current iTunes version number
If you like I can upload my rule set...