Troubleshoot Proxy wpad.dat deployment

We are trying to deploy the following PAC via wpad.dat:

function FindProxyForURL(url, host)
{ if (isPlainHostName(host))
return "DIRECT";
else
return "PROXY 10.0.0.36:8080";
}

I have followed the documentation from http://finproxyforurl.com/wpad_tutorial.html

I think my problem is with respect to our web server & IIS. We have a couple servers running IIS with multiple sites. I will admit to having limited IIS knowledge. However, i know the basics; which i would assume is enought to configure this wpad.dat file. Yes, i have conifgured the correct MIME for this file too.

Suggestions?

I am just simply trying to setup a single proxy for all internal users. However; like most offices, we have x number of laptop users - which is why we are trying to deploy wpad.dat.

We are not using ISA for the proxy, we are using a product called Cyblock from Wavecrest. It's an appliance. Servers are running 2003, workstations are running xp sp3, with IE7 or IE8.
mray77Asked:
Who is Participating?
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
lol - nice and simple .pac file and assumes that ALL internal web access uses just the netbios name of the server but you know your own network :)

IIS is not relevant in respect to any configuration except that it needs to be available to host the .pac file when it gets requested - most just stick it in the inetpub\wwwroot directory on the IIS server.

The benefit of using a wpad file is really when you have large numbers of DHCP scopes and each requires a different value returned by the proxy.pac file. However, based on your proxy.pac, it looks like you are using ONE proxy.pac file for everyone, regardless of subnet (isinNet(host)).

Best way to do this for such a simple job is use group policy to assign the autoconfigure option and provide the http://iis-server/proxy.pac entry. All users then get the proxy.pac file when they log on and it is blank when they are external - for notebook users etc.

0
 
Encrypted1024Commented:
I only have experience with ISA and wpad.dat but maybe I can help. What issues are you expreiencing? A couple "Gotchas" are that you need to use DHCP option since your proxy is on port 8080. DNS will not work. And make sure Proxy Autodiscover is turned on in IE.

0
 
mray77Author Commented:
Great, i appreciate the help! does the PAC look right? This is a first for me, and i've been reading every resource available.

I would suspect if this were working that in IE i would see the proxy setting configured while inside the network (auto detect setting is checked). I don't see anything configured, other than auto detect.

Walking through the WPAD Deployment Tutorial, i have completed each step. My concern is IIS. Is there any way to test that the wpad.dat has been configured for deployment correctly, aside from it actually working through IE of course.

0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
mray77Author Commented:
yes, it is that easy - we only have about 85 users. To confirm, i would be adding the proxy.pac in group policy and not the wpad.dat. Do i even need the wpad.dat if i do it this way then?
0
 
Keith AlabasterEnterprise ArchitectCommented:
No, you don't need the wpad.dat file. That is really only when you create the option 252 entry within the DHCP scope.

0
 
mray77Author Commented:
Gotcha, so then the policy is not applied when users are offline? Of the 85 users about 20 of them are laptop users that work from home.

I really appreciate the help - this makes much more sense already.
0
 
Keith AlabasterEnterprise ArchitectCommented:
The policy will 'try' and apply - because the policy has already been deployed to the laptop - but as the file is not there, the settings are ignored and everything will be the equivalent of blank.
0
 
mray77Author Commented:
Thanks!
0
 
Encrypted1024Commented:
You should not see anything in the settings in IE if it is working. The autoconfigure option will be selected and your users will have internet. I have run into issues with roaming laptop users when trying to populate the settings in IE. Plus if you have non domain connected PC's trying to use the internet you will have to manually configure them . The DHCP option is easy and works well. Then macs and firefox and Ipods all work (If that matters to you).

Here is the MS link on how to configure it.
http://technet.microsoft.com/en-us/library/cc713344.aspx
Some of it pertains to ISA but the wpad DHCP settings are the same.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Fair point - in our own case we specifically do NOT want non-domain users anywhere near our secure network - it is actually a sackable offence to plug non-company equipment into the network.

That said, we supply a completely standalone ADSL Broadband Wireless connection for the ipod/visitors (and internal staff when using personal equipment) to use and so is not an issue.
0
All Courses

From novice to tech pro — start learning today.