HCSHAW
asked on
Proxy settings show correct setting but are using a different setting
We have two locations. Both have a proxy server. I work one day at one location, and the next at the other location.
When I move between the locations, I set the Internet Settings > connections > Lan > proxy to the correct locations proxy.
Location 1: proxy.location1.com resolves to (192.168.100.46)
Location 2: proxy.location2.com resolves to (192.168.1.46)
What is happening is that while at Location1, I found that I am actually routing to the Proxy at Location 2.
I have confirmed that my proxy settings is for Location 1.
I have confirmed on my laptop that the proxy.location1.com resolves to the correct ip address (192.168.100.46)
Does anyone know why it would be using the other proxy setting, but everything shows the correct proxy setting?
When I move between the locations, I set the Internet Settings > connections > Lan > proxy to the correct locations proxy.
Location 1: proxy.location1.com resolves to (192.168.100.46)
Location 2: proxy.location2.com resolves to (192.168.1.46)
What is happening is that while at Location1, I found that I am actually routing to the Proxy at Location 2.
I have confirmed that my proxy settings is for Location 1.
I have confirmed on my laptop that the proxy.location1.com resolves to the correct ip address (192.168.100.46)
Does anyone know why it would be using the other proxy setting, but everything shows the correct proxy setting?
i assume those setting are in your browser. most likely you did not restart the browser. it is also possible that you have setup an OS-level proxy so your browser actually uses proxy1 but reaches it through proxy2 because of the OS-level setup
ASKER
The browser was restarted at the time of the issue. The settings were confirmed as correct. Yet when tested, it would still go through Proxy2, not 1 as the settings was saying. You say OS-Level. How do I check that?
browser restarted ? unless the browser was killed manually using the task manager you cannot be sure. also note that shutting down a windows 8 machine actually hibernates it so no process are actually killed when you stop+restart it.
how to check for something OS-level ? first tell us which os we are dealing with. i can infer windows + internet explorer given your question but nothing more
how to check for something OS-level ? first tell us which os we are dealing with. i can infer windows + internet explorer given your question but nothing more
ASKER
Yes, it is windows 7. Chrome or IE, both have the same issue.
"Internet Settings > connections > Lan" does not apply to chrome
this means that you either have some acquired proxy settings maybe through wpad or a similar mechanism on the site, or a system wide proxy.
you can check for os-level proxies using "netsh winhttp show proxy" from the command line (and equivalent command if it happens to be some other kind of proxy such as socks proxy)
this means that you either have some acquired proxy settings maybe through wpad or a similar mechanism on the site, or a system wide proxy.
you can check for os-level proxies using "netsh winhttp show proxy" from the command line (and equivalent command if it happens to be some other kind of proxy such as socks proxy)
btw, how did you determine you were using the wrong proxy ? network sniffer ?
ASKER
I was opening up a site on location 1 proxy while in that local network. I could not connect to the site. My proxy settings pointed to the location 1 proxy.
I opened up the site on the location 2 proxy and found that I could now access the site. I was being routed to the other subnet and out their proxy.
"Internet > connections > lan" do apply to chrome as well. I control users internet access with a global policy that forces the connections to the local proxy for internet traffic. Firefox will allow you to bypass the group policy settings but chrome recognizes them.
Netsh ... reports Direct access (no proxy server) . However it is set up in Internet settings > Connections > lan.
I opened up the site on the location 2 proxy and found that I could now access the site. I was being routed to the other subnet and out their proxy.
"Internet > connections > lan" do apply to chrome as well. I control users internet access with a global policy that forces the connections to the local proxy for internet traffic. Firefox will allow you to bypass the group policy settings but chrome recognizes them.
Netsh ... reports Direct access (no proxy server) . However it is set up in Internet settings > Connections > lan.
your explanation regarding the use of a proxy or another is very unclear to me. "open the site on the location 2 proxy"... the same WEBsite as previously ? open a site on a proxy ?
""Internet > connections > lan" do apply to chrome as well"
yes, i was mistaken
"I control users internet access with a global policy that forces the connections to the local proxy for internet traffic"
can you elaborate ? are we talking about a GPO ? if so, it is very likely that the gpo has a higher priority than whatever you can configure manually. if you're talking about a firewall or router redirection/interception, whatever was setup also won't apply.
"Netsh ... reports Direct access (no proxy server) . However it is set up in Internet settings > Connections > lan. "
this is expected behavior. netsh gives information regarding os-level proxy while internet setting is supposed to be application-level
""Internet > connections > lan" do apply to chrome as well"
yes, i was mistaken
"I control users internet access with a global policy that forces the connections to the local proxy for internet traffic"
can you elaborate ? are we talking about a GPO ? if so, it is very likely that the gpo has a higher priority than whatever you can configure manually. if you're talking about a firewall or router redirection/interception, whatever was setup also won't apply.
"Netsh ... reports Direct access (no proxy server) . However it is set up in Internet settings > Connections > lan. "
this is expected behavior. netsh gives information regarding os-level proxy while internet setting is supposed to be application-level
ASKER
Gpo points users to the proxy.
They are set to not allow changing the proxy settings. A seperate Gpo for me also points me but allows me to overide the setting.
The firewall sends internet traffic to the proxy which then passes it to the user and vice versa. User sends traffic to firewall which passes to internet.
Stating the issue another way. My laptop was using the location 2 proxy when set to use location 1. We use dans guardian as a filter. The proxy (squid) and DG are the same machine. Traffic goes to squid then is checked by DG. The DG allows me to bypass filtering of a site.
While at location 1 and set to use the Proxy/DG of location 1 I found a site that was being blocked. I added the site to DG as a safe site. I then tried again to connect to the site. No go. Blocked. Out of courisity I then added the site to the location 2 DG. I tried to access again and was allowed to the site.
Besides tracert , is there an easy way to trace the route that a machine is taking to the website? We do not have allowed ping response turned on so trace route comes back with incomplete data.
Thanks
They are set to not allow changing the proxy settings. A seperate Gpo for me also points me but allows me to overide the setting.
The firewall sends internet traffic to the proxy which then passes it to the user and vice versa. User sends traffic to firewall which passes to internet.
Stating the issue another way. My laptop was using the location 2 proxy when set to use location 1. We use dans guardian as a filter. The proxy (squid) and DG are the same machine. Traffic goes to squid then is checked by DG. The DG allows me to bypass filtering of a site.
While at location 1 and set to use the Proxy/DG of location 1 I found a site that was being blocked. I added the site to DG as a safe site. I then tried again to connect to the site. No go. Blocked. Out of courisity I then added the site to the location 2 DG. I tried to access again and was allowed to the site.
Besides tracert , is there an easy way to trace the route that a machine is taking to the website? We do not have allowed ping response turned on so trace route comes back with incomplete data.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I will give that a try.
you don't have to accept answers when you did not get one. feel free to post the actual answer if you figure it out, and feel free to ask more questions in this thread.
ASKER
I went on an all out investigation into our network settings. There was a lot of clean up that needed to happen, but nothing that would have caused the behavior I experienced.
Some areas that were reviewed and cleaned up
1) DNS
entries that were stale were removed.
DNS for the proxy was confirmed as correct.
2) DHCP
cleaned up and validated the settings it was handing out
3) Dans Guardian
Cleaned up some old stale settings. Still nothing that would cause the issue.
4) Router
Reviewed all rules and cleaned up.
Again, nothing to explain the behavior
5) My PC
Reviewed all network settings and they are correct.
At this point it is working correctly, so whatever it was probably cannot be traced now.
Again, thanks for the help.
Some areas that were reviewed and cleaned up
1) DNS
entries that were stale were removed.
DNS for the proxy was confirmed as correct.
2) DHCP
cleaned up and validated the settings it was handing out
3) Dans Guardian
Cleaned up some old stale settings. Still nothing that would cause the issue.
4) Router
Reviewed all rules and cleaned up.
Again, nothing to explain the behavior
5) My PC
Reviewed all network settings and they are correct.
At this point it is working correctly, so whatever it was probably cannot be traced now.
Again, thanks for the help.
too bad it cannot be traced any more but good to see you worked it out somehow.
best regards
---
ps regarding EE :
although it is always welcome to reward the effort of those who tried to be helpful, it is perfectly legit to accept your own answer (and get point refunded) if you are the one to figure things out in the end, or accept your own answer and award points to others as assisted answers, or even ask for the question to be deleted.
the main point to consider when making the decision is which information (if any) might be useful to another reader with a similar problem (assuming that the reader does exist even if your problem is highly specific)
note that the above reflects my personal opinion, and are not official guidelines of the forum (which are published somewhere on the site)
best regards
---
ps regarding EE :
although it is always welcome to reward the effort of those who tried to be helpful, it is perfectly legit to accept your own answer (and get point refunded) if you are the one to figure things out in the end, or accept your own answer and award points to others as assisted answers, or even ask for the question to be deleted.
the main point to consider when making the decision is which information (if any) might be useful to another reader with a similar problem (assuming that the reader does exist even if your problem is highly specific)
note that the above reflects my personal opinion, and are not official guidelines of the forum (which are published somewhere on the site)
ASKER
Thanks for your comments on awarding points. Although this is not a complete answer, it is one that does explore how to step through trouble shooting it. Although I didn't find the exact answer, I did find a way to research it and find out what it wasn't , and I walk away a little smarter. Thus the reason for the points awarded. ; )