1 2 Previous Next 15 Replies Latest reply on Sep 19, 2011 6:34 AM by asabban

    IM Authentication - Windows Live Messenger 2011 not working

    gizmagis

      Hi guys,

       

      I found article (https://kc.mcafee.com/corporate/index?page=content&id=KB69000) desrcibing how to configure WLM to work with MWG 7. Well I did everything as it should be , nslookup on my clients resolves web gateway, everything is fine. However I can not see any IM traffic in web gateway charts. Is there any way I can test this connection ?

       

      Does WLM 2011 work and is supported ? WLM in article was 2 years old (2009, version 14.)

       

      Thnx,

      Gregor

        • 1. Re: IM Authentication - Windows Live Messenger 2011 not working
          gizmagis

          HI,

           

          if anybody is willing to help I got a little further. WLM 2011 does not want to connect anymore, although all settings are correct and WLM startup diagnoses (internet conection, proxy...) have all green "ticks" there is also an error message with code 8004840f. Google says that system files are damged...

           

          Any suggestions ?

           

          Tnx

          • 2. Re: IM Authentication - Windows Live Messenger 2011 not working
            asabban

            Hi Gregor,

             

            sorry for no reply so far. I originally set up the IM proxy with WLM 2010, which was working fine. I guess a lot of things changed in the meantime, and I didn´t find the time to set everything up again. I noticed when sneaking around the support office that you already filed a ticket with them, am I right?

             

            So I think we will allow them to do some research - hopefully you will get your answers asap :-)

             

            Best,

            Andre

            • 3. Re: IM Authentication - Windows Live Messenger 2011 not working
              gizmagis

              Hi Andre,

               

              yes, you are correct, I did open a ticket, however it's been two days (3 tomorow) and still no luck, or should I say - no response... I hope that support team is looking for solution or at least testing and recreating this issue, but stil any feedback would be more than welcome...

               

              Regards,

              Gregor

              • 4. Re: IM Authentication - Windows Live Messenger 2011 not working

                Hi Gregor,

                 

                     I have a same issue with WebGateway and WLM2011, I followed the McAfee KB KB69000 step by step and test with WLM2009 and it worked perfect, but iit did not work with 2011 version.

                     If you find the the solution please post it.

                • 5. Re: IM Authentication - Windows Live Messenger 2011 not working
                  asabban

                  Okay, let´s try to deal with this ;-)

                   

                  I have setup a Windows 7 VM and a MWG 7.1.5 with a default configuration. I have configured my Windows 7 hosts file on C:\Windows\system32\drivers\etc\hosts to the following:

                   

                  192.168.122.119 messenger.hotmail.com

                  192.168.122.119 live.hotmail.com

                   

                  Furthermore I have enabled the IM Proxy on Web Gateway and configured my HTTP proxy port 9090 for my installed browsers, which are IE and Firefox. I am using a direct proxy scenario here (no transparency). The client does not have a valid default Gateway, so it has no chance to bypass MWG.

                   

                  Why am I mentioning this?

                   

                  With this configuration I was able to run Live Messenger 2011 and I was able to log on right out of the box with no changes. :-(

                   

                  Therefore I think we have to find out why it works for me but not for you, and I think I need some help. Please verify your environment and let me know what is different between your environment and mine. Any hint could be helpful.

                   

                  Also lets make sure we talk about the same things. My Live Messenger 2011 is version "15.4.3538.513". What I do is starting it, and I see this screen:

                   

                  Auswahl_116.png

                  I click "Logon" (which is "Anmelden" in my german version) and this is what I see afterwards:

                   

                  Auswahl_117.png

                  This looks pretty much connected to me. But I may be looking at the wrong thing.

                   

                  Please verify. Maybe you can send me some screenshots or similar that show what you end up with?

                   

                  For reference I attach a copy of my access.log. Live Messenger calls several URLs which may be part of categories that are not allowed in your environment. Please check if you see similar results when you try to connect.

                   

                  Please also try to allow those categories, or add the URLs called by Live Messenger to a Global Whitelist that skips authentication and filtering - just to see if this works.

                   

                  If this doesn´t help it would be good if I can have some lines of your access.log when you try to connect. Please try to filter out your requests, and do not provide logs that show your companies traffic :-)

                   

                  Maybe you can also install a Wireshark on your Client and capture the connection attempt.

                   

                  I hope we will be able to solve the issue this way.

                   

                  Thank you for your help,

                  Andre

                   

                  Nachricht geändert durch asabban on 02.09.11 10:50:42 CDT
                  • 6. Re: IM Authentication - Windows Live Messenger 2011 not working
                    gizmagis

                    Hi Andre,

                     

                    I am very happy to see that something is doing around this issue... I will try to describe evry peace of MWG configuration (regarding this issue) with some screenshots...

                     

                    1. Windows 7 Ultimate with WLM 2011 installed (version is the same as yours)
                      1. DNS for login.live.com and messenger.hotmail.com are set in Windows Server 2008 R2 DNS under primary zones and clients resolve those 2 addresses as IP of MWG
                        CMD_resolve.PNG
                    2. MWG 7 has version 7.1.5 (11113)
                      1. MWG has 2 IPs
                        1. 192.168.1.102 is for managing only
                        2. 192.168.1.252 is used for gateway
                      2. Network setup is transparent router
                      3. Windows Live Messenger proxy is enabled as shown on picture (default)
                        WLM_proxy.PNG
                      4. I tried with disabling all rules, except the one for IM authentication
                        1. BTW, IM Authentication rule is importet from rule library (default)
                    3. When trying to connect to WLM i get the following error
                      WLM_error.PNG
                    4. I tried to login to WLM twice, here is the export of access.log file

                      [02/Sep/2011:18:34:52 +0200] "" 192.168.1.123 301 "GET http://g.live.com/1reupdate/short?!/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-G etShortCatalog-ship/~ts-110902/~l-en/config.xml HTTP/1.1" "" "-" "" 422 "WLInstaller/2.0" "" "0"
                      [02/Sep/2011:18:34:57 +0200] "" 192.168.1.123 200 "GET http://msc.wlxrs.com/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-GetShortCatalog- ship/~ts-110902/~l-en/config.xml HTTP/1.1" "" "-" "" 1623 "WLInstaller/2.0" "" "0"
                      [02/Sep/2011:18:35:02 +0200] "" 192.168.1.123 301 "GET http://g.live.com/1reupdate/short?!/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-G etShortCatalog-ship/~ts-110902/~l-en/config.xml HTTP/1.1" "" "-" "" 422 "WLInstaller/2.0" "" "0"
                      [02/Sep/2011:18:35:07 +0200] "" 192.168.1.123 200 "GET http://msc.wlxrs.com/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-GetShortCatalog- ship/~ts-110902/~l-en/config.xml HTTP/1.1" "" "-" "" 1623 "WLInstaller/2.0" "" "0"

                    If you need any further information to help me with this issue just say it please... cause I need to resolve this... we need to use WLM through MWG

                     

                     

                    With best regards,

                    Gregor Jus

                    • 7. Re: IM Authentication - Windows Live Messenger 2011 not working
                      asabban

                      Hey Gregor,

                       

                      thank you for all the information. Unfortunatly I am travveling right now and have limited access to test equipment. Are you able to let me know if access works if you disable the IM authentication rule? Just for testing of course. Maybe the IM rule set needs to be adjusted.

                       

                      Thank you,

                      Andre

                      • 8. Re: IM Authentication - Windows Live Messenger 2011 not working
                        gizmagis

                        Hi Andre,

                         

                        I tried with disable IM authentication rule, however no change. WLM is still not able to connect, the error stays the same. I beleive there should be something with connecting WLM to MWG7 ...

                         

                        Gregor

                        • 9. Re: IM Authentication - Windows Live Messenger 2011 not working
                          gizmagis

                          For those who are interested... with McAfee support we got a little further

                           

                          Article from KB did not work for me because I have different network setup. Those step does not work for transparent network setup - I have transaprent router. And transparent setup do not need entries in host list or redirects in DNS (primary zones...), because transparent mean that every traffic goes through MWG anyway... now I am smart heh ?

                           

                          OK so DNS redirect is not needed. Furthermore WLM proxy needs to be enabled in Proxies (HTTP(S), FTP, ICAP, and IM) and (the step I did not know) under Port Redirects (the same section) you need to enable protocol http and redirect port 1863 to 1863 and 1865 to 1865... the same way http (80) and https (443) ports are redirected to 9090

                           

                          If you want this to work, IM authentication rule in Policy must be disabled (for me) otherwise WLM wants to have some authentication - this part does not work for me yet - mcafee supports is trying to help

                           

                          Gregor

                          1 2 Previous Next