none
Do you want to view only the webpage content that was delivered securely

    Question

  • Hi All,

    I've configured a https trunk on my uag server with an internal portal as web application. On my portal there are http links to internet addresses (images), those hostnames i've added to the web servers tab of my application configuration.

    When i access my internal portal through UAG the images (http internet) will not show in my browser, i see a red cross. When i change my application configuration on UAG and remove the hostnames from the web servers tab i see the images (http internet) but i get the IE message "Do you want to view only the webpage content that was delivered securely" which is correct of course.

    I know that you can change the settings on IE but that's not what i want because than all our employees have to change their IE settings, not an option!

    What i don't understand is why it isn't working when i configure the hostnames on the web servers tab of my applications configuration... I see that signing is working also for those images (https://portal.company.com/uniquesige06511fab65c8a33eb8a9981c847ac71/uniquesig0/thumbnail.php?thumbid=19311). When i go to the url from a browser on my UAG server it shows me the images just fine.

    What goes wrong and is this a valid configuration in UAG for external http urls?

    Regards,

    Maikel.

     


    Tuesday, August 02, 2011 3:49 PM

Answers

  • Hi Maikel,

    i'm not sure if UAG is able to use your proxy.

    My best bet is to configure the Windows WinHTTP Proxy settings and see if it works. The command for configuring the Windows WinHTTP Proxy is...

    "c:\netsh winhttp proxy YOURPROXYNAME"

    If not, then you have to grant access on your firewall from the UAG IP addresses.

    -Kai

     

    • Marked as answer by MvanWesteneng Monday, August 15, 2011 9:40 AM
    Thursday, August 04, 2011 12:07 PM
  • Hi Maikel,

     

    Please note that you cannot configure UAG to use a proxy in order to communicate with a published application server.

     

    Regards,


    -Ran
    • Marked as answer by MvanWesteneng Monday, August 15, 2011 9:41 AM
    Thursday, August 04, 2011 4:26 PM

All replies

  • Hi Maikel,

    i guess you have to digg into the HTML code a bit, to see how the broken URLs will look like. Fiddler2 may also do a great job for you in this case.

    In addition to that, its important for us to know which protocol type (HTTP/HTTPS and port number) and exact URLs you have selected on the web servers tab.

    BTW: Did you already noticed the double // in the URL you've provided?

    -Kai

    Tuesday, August 02, 2011 4:45 PM
  • Hi Kai,

    I've the following configuration:

    UAG public hostname: https://portal.company.com

    Application internal url: http://intranet.prod.company.com

    Original image url: http://company.mpublisher.com/intranet/thumbnail.php?thumbid=19340

    Application configuration Web Services tab: 

    IP/Host addresses: company.mpublisher.com

    http ports: 80 / https ports: <empty>

    UAG url: https://portal.company.com/uniquesig4fb66c4a8c7b86bfed0a7ef18621dcfa1dad68009af5a302a6ed56cc4c0f4d1e/uniquesig0/intranet/thumbnail.php?thumbid=19340

    HttpWatch:
    Sent:
    GET: /uniquesig4fb66c4a8c7b86bfed0a7ef18621dcfa1dad68009af5a302a6ed56cc4c0f4d1e/uniquesig0/intranet/thumbnail.php?thumbid=19340 HTTP/1.1

    Received:
    Status: HTTP/1.1 302 Object Moved
    Location: /InternalSite/InternalError.asp?site_name=company&secure=1&error_code=51

    UAG trace (error) log:

    [0]4a8.1444 08/03/2011-13:52:41.131 [whlasynccomm CSocketDevice::Write socketdevice.cpp@1106] ERROR:ERROR: Write(3180, company.mpublisher.com:80): WSASend() returned error 10057
    m_dwTotalWrite(1208), m_dwWriteIndex(0), m_dwTotalWriten(0)
    WSASend Parameters: 00000000012EA04B, 1208, 1, 0000000005C0F628, 0, 0000000004BEF138, NULL
    Overlapped: Internal=259, InternalHigh=0, Offset=0, OffsetHigh=0, hEvent=0000000000000000
    [0]4a8.1444 08/03/2011-13:52:41.131 [whlfilter CExtECB::SendRequest WhlExt2IWS.cpp@2957] ERROR:Write(company.mpublisher.com:80) failed with error <CMRT_FAIL_WRITE>, (ExtECB=00000000012E9F20), (PFC=000000000276F658)
    [0]4a8.1444 08/03/2011-13:52:41.131 [whlfilter CExtECB::OnConnectEx WhlExt2IWS.cpp@5806] ERROR:CExtECB::OnConnect(00000000040F8610): status <512>.(ExtECB=00000000012E9F20), (PFC=000000000276F658)

    I've googled the <CMRT_FAIL_WRITE> error, that gave me something about uploading 20 mb files...

    Any idea what goes wrong and what this error means in my case?

    Regards,

    Maikel.

     


    Wednesday, August 03, 2011 12:22 PM
  • Hi Maikel,

    i dont have a clue about the <CMRT_FAIL_WRITE> message you see. But i can explain some of the error messages you get.

    ERROR: Write(3180, company.mpublisher.com:80): WSASend() returned error 10057

    The WSA Error 10057 refers to "Socket is not connected."

    InternalError.asp?site_name=company&secure=1&error_code=51

    The Error_Code 51 refers to "A connection to the backend server cannot be established."

    So it seems that UAG can't reach the external backend server? Do you have a Wireshark at your hands to see whats going on?

    -Kai

    • Proposed as answer by Kai Wilke Sunday, August 14, 2011 12:08 AM
    Wednesday, August 03, 2011 2:19 PM
  • Hi,

    I've captured the traffic on my UAG server with the following scenario's:

    1. A browser from the internet -> UAG -> backend.

    2. A browser on my UAG server -> backend.

    When i compare the captures then there is the following difference:

    1. Traffic to the ip address of company.mpublisher.com

    2. Traffic to the proxy server on my local network

    I was on the assumption that UAG uses the proxy settings of the UAG server to connect to external links (internet) that are in my web application... If this is not the case than this explains why i can browse the internet link directly from the UAG server but not from the internet through the UAG application.

    How do i configure UAG so that it uses my local proxy server for web application that has links to an internet website?

    Thursday, August 04, 2011 11:27 AM
  • Hi Maikel,

    i'm not sure if UAG is able to use your proxy.

    My best bet is to configure the Windows WinHTTP Proxy settings and see if it works. The command for configuring the Windows WinHTTP Proxy is...

    "c:\netsh winhttp proxy YOURPROXYNAME"

    If not, then you have to grant access on your firewall from the UAG IP addresses.

    -Kai

     

    • Marked as answer by MvanWesteneng Monday, August 15, 2011 9:40 AM
    Thursday, August 04, 2011 12:07 PM
  • Hi Kai,

    Already tried the WinHTTP Proxy configuration but that didn't change anything...

    I will create a new post for this proxy issue and will ask Microsoft directly, i update this post as soon as i've new information.

    Thanks for your help!!!

    Thursday, August 04, 2011 12:55 PM
  • Hi Maikel,

     

    Please note that you cannot configure UAG to use a proxy in order to communicate with a published application server.

     

    Regards,


    -Ran
    • Marked as answer by MvanWesteneng Monday, August 15, 2011 9:41 AM
    Thursday, August 04, 2011 4:26 PM