if anybody is willing to help I got a little further. WLM 2011 does not want to connect anymore, although all settings are correct and WLM startup diagnoses (internet conection, proxy...) have all green "ticks" there is also an error message with code 8004840f. Google says that system files are damged...
Any suggestions ?
sorry for no reply so far. I originally set up the IM proxy with WLM 2010, which was working fine. I guess a lot of things changed in the meantime, and I didn´t find the time to set everything up again. I noticed when sneaking around the support office that you already filed a ticket with them, am I right?
So I think we will allow them to do some research - hopefully you will get your answers asap :-)
yes, you are correct, I did open a ticket, however it's been two days (3 tomorow) and still no luck, or should I say - no response... I hope that support team is looking for solution or at least testing and recreating this issue, but stil any feedback would be more than welcome...
I have a same issue with WebGateway and WLM2011, I followed the McAfee KB KB69000 step by step and test with WLM2009 and it worked perfect, but iit did not work with 2011 version.
If you find the the solution please post it.
Okay, let´s try to deal with this ;-)
I have setup a Windows 7 VM and a MWG 7.1.5 with a default configuration. I have configured my Windows 7 hosts file on C:\Windows\system32\drivers\etc\hosts to the following:
Furthermore I have enabled the IM Proxy on Web Gateway and configured my HTTP proxy port 9090 for my installed browsers, which are IE and Firefox. I am using a direct proxy scenario here (no transparency). The client does not have a valid default Gateway, so it has no chance to bypass MWG.
Why am I mentioning this?
With this configuration I was able to run Live Messenger 2011 and I was able to log on right out of the box with no changes. :-(
Therefore I think we have to find out why it works for me but not for you, and I think I need some help. Please verify your environment and let me know what is different between your environment and mine. Any hint could be helpful.
Also lets make sure we talk about the same things. My Live Messenger 2011 is version "15.4.3538.513". What I do is starting it, and I see this screen:
I click "Logon" (which is "Anmelden" in my german version) and this is what I see afterwards:
This looks pretty much connected to me. But I may be looking at the wrong thing.
Please verify. Maybe you can send me some screenshots or similar that show what you end up with?
For reference I attach a copy of my access.log. Live Messenger calls several URLs which may be part of categories that are not allowed in your environment. Please check if you see similar results when you try to connect.
Please also try to allow those categories, or add the URLs called by Live Messenger to a Global Whitelist that skips authentication and filtering - just to see if this works.
If this doesn´t help it would be good if I can have some lines of your access.log when you try to connect. Please try to filter out your requests, and do not provide logs that show your companies traffic :-)
Maybe you can also install a Wireshark on your Client and capture the connection attempt.
I hope we will be able to solve the issue this way.
Thank you for your help,
access.log.zip 1.7 K
I am very happy to see that something is doing around this issue... I will try to describe evry peace of MWG configuration (regarding this issue) with some screenshots...
- Windows 7 Ultimate with WLM 2011 installed (version is the same as yours)
- MWG 7 has version 7.1.5 (11113)
- MWG has 2 IPs
- 192.168.1.102 is for managing only
- 192.168.1.252 is used for gateway
- Network setup is transparent router
- Windows Live Messenger proxy is enabled as shown on picture (default)
- I tried with disabling all rules, except the one for IM authentication
- BTW, IM Authentication rule is importet from rule library (default)
- MWG has 2 IPs
- When trying to connect to WLM i get the following error
- I tried to login to WLM twice, here is the export of access.log file
[02/Sep/2011:18:34:52 +0200] "" 192.168.1.123 301 "GET http://g.live.com/1reupdate/short?!/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-G etShortCatalog-ship/~ts-110902/~l-en/config.xml HTTP/1.1" "" "-" "" 422 "WLInstaller/2.0" "" "0"
[02/Sep/2011:18:34:57 +0200] "" 192.168.1.123 200 "GET http://msc.wlxrs.com/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-GetShortCatalog- ship/~ts-110902/~l-en/config.xml HTTP/1.1" "" "-" "" 1623 "WLInstaller/2.0" "" "0"
[02/Sep/2011:18:35:02 +0200] "" 192.168.1.123 301 "GET http://g.live.com/1reupdate/short?!/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-G etShortCatalog-ship/~ts-110902/~l-en/config.xml HTTP/1.1" "" "-" "" 422 "WLInstaller/2.0" "" "0"
[02/Sep/2011:18:35:07 +0200] "" 192.168.1.123 200 "GET http://msc.wlxrs.com/~Live.ConfigServer.SuiteUpdate/~/~/~/~/~op-GetShortCatalog- ship/~ts-110902/~l-en/config.xml HTTP/1.1" "" "-" "" 1623 "WLInstaller/2.0" "" "0"
If you need any further information to help me with this issue just say it please... cause I need to resolve this... we need to use WLM through MWG
With best regards,
thank you for all the information. Unfortunatly I am travveling right now and have limited access to test equipment. Are you able to let me know if access works if you disable the IM authentication rule? Just for testing of course. Maybe the IM rule set needs to be adjusted.
I tried with disable IM authentication rule, however no change. WLM is still not able to connect, the error stays the same. I beleive there should be something with connecting WLM to MWG7 ...
For those who are interested... with McAfee support we got a little further
Article from KB did not work for me because I have different network setup. Those step does not work for transparent network setup - I have transaprent router. And transparent setup do not need entries in host list or redirects in DNS (primary zones...), because transparent mean that every traffic goes through MWG anyway... now I am smart heh ?
OK so DNS redirect is not needed. Furthermore WLM proxy needs to be enabled in Proxies (HTTP(S), FTP, ICAP, and IM) and (the step I did not know) under Port Redirects (the same section) you need to enable protocol http and redirect port 1863 to 1863 and 1865 to 1865... the same way http (80) and https (443) ports are redirected to 9090
If you want this to work, IM authentication rule in Policy must be disabled (for me) otherwise WLM wants to have some authentication - this part does not work for me yet - mcafee supports is trying to help