cancel
Showing results for 
Search instead for 
Did you mean: 
gizmagis
Level 11

IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

Hi guys,

I found article (https://kc.mcafee.com/corporate/index?page=content&id=KB69000) desrcibing how to configure WLM to work with MWG 7. Well I did everything as it should be , nslookup on my clients resolves web gateway, everything is fine. However I can not see any IM traffic in web gateway charts. Is there any way I can test this connection ?

Does WLM 2011 work and is supported ? WLM in article was 2 years old (2009, version 14.)

Thnx,

Gregor

0 Kudos
1 Solution

Accepted Solutions
gizmagis
Level 11

Re: IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

For those who are interested... with McAfee support we got a little further

Article from KB did not work for me because I have different network setup. Those step does not work for transparent network setup - I have transaprent router. And transparent setup do not need entries in host list or redirects in DNS (primary zones...), because transparent mean that every traffic goes through MWG anyway... now I am smart heh ?

OK so DNS redirect is not needed. Furthermore WLM proxy needs to be enabled in Proxies (HTTP(S), FTP, ICAP, and IM) and (the step I did not know) under Port Redirects (the same section) you need to enable protocol http and redirect port 1863 to 1863 and 1865 to 1865... the same way http (80) and https (443) ports are redirected to 9090

If you want this to work, IM authentication rule in Policy must be disabled (for me) otherwise WLM wants to have some authentication - this part does not work for me yet - mcafee supports is trying to help

Gregor

0 Kudos
15 Replies
gizmagis
Level 11

Re: IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

HI,

if anybody is willing to help I got a little further. WLM 2011 does not want to connect anymore, although all settings are correct and WLM startup diagnoses (internet conection, proxy...) have all green "ticks" there is also an error message with code 8004840f. Google says that system files are damged...

Any suggestions ?

Tnx

0 Kudos
asabban
Level 17

Re: IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

Hi Gregor,

sorry for no reply so far. I originally set up the IM proxy with WLM 2010, which was working fine. I guess a lot of things changed in the meantime, and I didn´t find the time to set everything up again. I noticed when sneaking around the support office that you already filed a ticket with them, am I right?

So I think we will allow them to do some research - hopefully you will get your answers asap :-)

Best,

Andre

0 Kudos
gizmagis
Level 11

Re: IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

Hi Andre,

yes, you are correct, I did open a ticket, however it's been two days (3 tomorow) and still no luck, or should I say - no response... I hope that support team is looking for solution or at least testing and recreating this issue, but stil any feedback would be more than welcome...

Regards,

Gregor

0 Kudos
jantuna
Level 7

Re: IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

Hi Gregor,

     I have a same issue with WebGateway and WLM2011, I followed the McAfee KB KB69000 step by step and test with WLM2009 and it worked perfect, but iit did not work with 2011 version.

     If you find the the solution please post it.

0 Kudos
asabban
Level 17

Re: IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

Okay, let´s try to deal with this ;-)

I have setup a Windows 7 VM and a MWG 7.1.5 with a default configuration. I have configured my Windows 7 hosts file on C:\Windows\system32\drivers\etc\hosts to the following:

192.168.122.119 messenger.hotmail.com

192.168.122.119 live.hotmail.com

Furthermore I have enabled the IM Proxy on Web Gateway and configured my HTTP proxy port 9090 for my installed browsers, which are IE and Firefox. I am using a direct proxy scenario here (no transparency). The client does not have a valid default Gateway, so it has no chance to bypass MWG.

Why am I mentioning this?

With this configuration I was able to run Live Messenger 2011 and I was able to log on right out of the box with no changes. :-(

Therefore I think we have to find out why it works for me but not for you, and I think I need some help. Please verify your environment and let me know what is different between your environment and mine. Any hint could be helpful.

Also lets make sure we talk about the same things. My Live Messenger 2011 is version "15.4.3538.513". What I do is starting it, and I see this screen:

Auswahl_116.png

I click "Logon" (which is "Anmelden" in my german version) and this is what I see afterwards:

Auswahl_117.png

This looks pretty much connected to me. But I may be looking at the wrong thing.

Please verify. Maybe you can send me some screenshots or similar that show what you end up with?

For reference I attach a copy of my access.log. Live Messenger calls several URLs which may be part of categories that are not allowed in your environment. Please check if you see similar results when you try to connect.

Please also try to allow those categories, or add the URLs called by Live Messenger to a Global Whitelist that skips authentication and filtering - just to see if this works.

If this doesn´t help it would be good if I can have some lines of your access.log when you try to connect. Please try to filter out your requests, and do not provide logs that show your companies traffic :-)

Maybe you can also install a Wireshark on your Client and capture the connection attempt.

I hope we will be able to solve the issue this way.

Thank you for your help,

Andre

Nachricht geändert durch asabban on 02.09.11 10:50:42 CDT
0 Kudos
gizmagis
Level 11

Re: IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

Hi Andre,

I am very happy to see that something is doing around this issue... I will try to describe evry peace of MWG configuration (regarding this issue) with some screenshots...

  1. Windows 7 Ultimate with WLM 2011 installed (version is the same as yours)
    1. DNS for login.live.com and messenger.hotmail.com are set in Windows Server 2008 R2 DNS under primary zones and clients resolve those 2 addresses as IP of MWG
      CMD_resolve.PNG
  2. MWG 7 has version 7.1.5 (11113)
    1. MWG has 2 IPs
      1. 192.168.1.102 is for managing only
      2. 192.168.1.252 is used for gateway
    2. Network setup is transparent router
    3. Windows Live Messenger proxy is enabled as shown on picture (default)
      WLM_proxy.PNG
    4. I tried with disabling all rules, except the one for IM authentication
      1. BTW, IM Authentication rule is importet from rule library (default)
  3. When trying to connect to WLM i get the following error
    WLM_error.PNG
  4. I tried to login to WLM twice, here is the export of access.log file

    [02/Sep/2011:18:34:52 +0200] "" 192.168.1.123 301 "GET http://g.live.com/1reupdate/short?!/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-GetShortCatalog-ship/... HTTP/1.1" "" "-" "" 422 "WLInstaller/2.0" "" "0"
    [02/Sep/2011:18:34:57 +0200] "" 192.168.1.123 200 "GET http://msc.wlxrs.com/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-GetShortCatalog-ship/~ts-110902/~l-e... HTTP/1.1" "" "-" "" 1623 "WLInstaller/2.0" "" "0"
    [02/Sep/2011:18:35:02 +0200] "" 192.168.1.123 301 "GET http://g.live.com/1reupdate/short?!/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-GetShortCatalog-ship/... HTTP/1.1" "" "-" "" 422 "WLInstaller/2.0" "" "0"
    [02/Sep/2011:18:35:07 +0200] "" 192.168.1.123 200 "GET http://msc.wlxrs.com/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-GetShortCatalog-ship/~ts-110902/~l-e... HTTP/1.1" "" "-" "" 1623 "WLInstaller/2.0" "" "0"

If you need any further information to help me with this issue just say it please... cause I need to resolve this... we need to use WLM through MWG

With best regards,

Gregor Jus

0 Kudos
asabban
Level 17

Re: IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

Hey Gregor,

thank you for all the information. Unfortunatly I am travveling right now and have limited access to test equipment. Are you able to let me know if access works if you disable the IM authentication rule? Just for testing of course. Maybe the IM rule set needs to be adjusted.

Thank you,

Andre

0 Kudos
gizmagis
Level 11

Re: IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

Hi Andre,

I tried with disable IM authentication rule, however no change. WLM is still not able to connect, the error stays the same. I beleive there should be something with connecting WLM to MWG7 ...

Gregor

0 Kudos
gizmagis
Level 11

Re: IM Authentication - Windows Live Messenger 2011 not working

Jump to solution

For those who are interested... with McAfee support we got a little further

Article from KB did not work for me because I have different network setup. Those step does not work for transparent network setup - I have transaprent router. And transparent setup do not need entries in host list or redirects in DNS (primary zones...), because transparent mean that every traffic goes through MWG anyway... now I am smart heh ?

OK so DNS redirect is not needed. Furthermore WLM proxy needs to be enabled in Proxies (HTTP(S), FTP, ICAP, and IM) and (the step I did not know) under Port Redirects (the same section) you need to enable protocol http and redirect port 1863 to 1863 and 1865 to 1865... the same way http (80) and https (443) ports are redirected to 9090

If you want this to work, IM authentication rule in Policy must be disabled (for me) otherwise WLM wants to have some authentication - this part does not work for me yet - mcafee supports is trying to help

Gregor

0 Kudos