3 Replies Latest reply on Aug 31, 2011 8:37 AM by JoeBidgood

    Problems with Proxy authentication

    tbujnowski

      I´m facing problems on my Pull task to update the repository.

       

      On the logs I can see authentication error 407 on my proxy.

       

      20110829213544 I #05508 NAINET   HTTP Session initialized
      20110829213544 I #05508 NAINET   Connecting to HTTP Server using Microsoft WinInet
      20110829213544 I #05508 NAINET   Trying to connect to Proxy Server 10.0.1.186:8080 using INTERNET_OPEN_TYPE_PROXY
      20110829213544 I #05508 NAINET   Connected to Server: update.nai.com on Port: 80 using WinInet
      20110829213544 I #05508 NAINET   Open URL: http://update.nai.com:80//Products/CommonUpdater/Test.ini
      20110829213544 I #05508 NAINET   Trying to download using Microsoft WinInet library
      20110829213544 I #05508 NAINET   Conneting to Proxy Server 10.0.1.186:8080 using INTERNET_OPEN_TYPE_PROXY
      20110829213544 I #05508 NAINET   No resume download needed, calling InternetOpenUrl
      20110829213545 E #05508 NAINET   HTTP Server returned Error : 403
      20110829213545 I #05508 NAINET   Failed to download the URL //Products/CommonUpdater/Test.ini using Wininet
      20110829213545 I #05508 NAINET   Trying to download using windows socket library
      20110829213545 I #05508 NAINET   Connecting to Real Server: update.nai.com on port: 80
      20110829213545 I #05508 NAINET   Connecting to Proxy Server: 10.0.1.186 on port: 8080
      20110829213545 I #05508 NAINET   Connected to Proxy Server: 10.0.1.186 on port: 8080
      20110829213545 I #05508 NAINET   Authenticating Proxy Server with user: domain\user and password ***
      20110829213545 I #05508 NAINET   Proxy Server needs authentication, c
      20110829213545 I #05508 NAINET   WWW Authentication Requested: NEGOTIATE

      20110829213545 I #05508 NAINET   WWW Authentication Requested: NTLM

      20110829213545 I #05508 NAINET   WWW Authentication Requested: BASIC realm="domain"

      20110829213545 I #05508 NAINET   Connecting to Real Server: update.nai.com on port: 80
      20110829213545 I #05508 NAINET   Connecting to Proxy Server: 10.0.1.186 on port: 8080
      20110829213545 I #05508 NAINET   Connected to Proxy Server: 10.0.1.186 on port: 8080
      20110829213545 I #05508 NAINET   Proxy Server needs authentication, HTTP return code: 407
      20110829213545 I #05508 NAINET   Proxy Server needs authentication, HTTP return code: 407
      20110829213545 E #05508 NAINET   Authentication rejected by server
      20110829213545 I #05508 NAINET   HTTP Session closed
      20110829213545 I #05508 NAINET   ------------------------------------------------------------

       

       

       

       

       

      But the exactly same config works perfectly fine for Software Manager.

       

      Any ideas?

        • 1. Re: Problems with Proxy authentication
          Attila Polinger

          Hi,

           

          easiest seemed to be to run a network monitor capture on the ePO server while you run a pull task and see what the proxy is saying actually and what it gets as username and password.

          Another option could be for you to negotiate with your firewall admin so that ePO server IP can always access *.nai.com and *.mcafee.com (and *.avertlabs.com) on necessary ports on the internet without proxy authentication need.

           

          Attila

          • 2. Re: Problems with Proxy authentication
            tbujnowski

            The weird point is that Software Manager is working perfectly... Only the Pull task doesn't seem to work..

             

            Maybe there's a bug in the authentication mechanism of the Pull Task...

             

            Bypassing authentication would be a workaround and I see lots of people doing the same in other forums. But it's not a solution.

             

            I'll refer this problem to McAfee Support...

             

            Thanks!

            • 3. Re: Problems with Proxy authentication
              JoeBidgood

              One thing that might be affecting it is that the software manager uses HTTP on port 443, whereas the normal pull task uses port 80. I have seen some customer environments where only HTTP traffic is proxied, and HTTPS traffic is not... maybe that is what is happening?

               

              Regards -

               

              Joe