none
IE using wpad when it shouldn't RRS feed

  • Question

  • Hi,

    We are setting up a new transparent web proxy on one of our subnets, and on the other subnets we are using explicit proxy which the clients get the WPAD url trough option 252 in DHCP. On the new subnet with transparent proxy, no WPAD is configured in DNS or DHCP. We would like to use "Automatically detect settings" on all machines, and this shouldn't cause any issues as it would go to direct communication when not finding WPAD on the new subnet.
    Now to the problem: Even trough no WPAD is configured to be offered in DNS or DHCP for the new subnet, IE still pulls the WPAD from the other subnet, if the client ever has been on that network, and tries to use the explicit proxy that blocks the traffic from that network.
    Why is IE continuing to grab information from a WPAD that isn't offered? Same goes for Skype for business and Outook that uses exchange Online. Non-MS applications like Chrome does not use the WPAD, and acts correctly.
    We have verified that the WPAD isn't offered trough FwcTool so configuration should be correct, but we still seen in C:\Windows\ServiceProfiles\LocalService\winhttp that it pulls the PAC.

    Any ideas?

    Friday, March 11, 2016 3:49 PM

Answers

  • Hi Tommy

     “We have also discovered that blocking access to the DHCP-server carrying the wpad resolves the issue, even if we unblock it again. However, as soon as we connect to the subnet using that DHCP it all breaks again.”

    It seems that the Dynamic Host Configuration Protocol (DHCP) messages has passed through multiple subnets. By default, DHCP packages shouldn`t pass through multiple subnets.

    Have you configured the DHCP Relay Agent on the router?

    Please check your router configuration.

    Here is a link for reference of DHCP relay agents.

    https://technet.microsoft.com/en-us/library/cc779610(v=ws.10).aspx

    Best regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, March 21, 2016 9:53 AM
    Moderator

All replies

  • Hi Tommy

    “if the client ever has been on that network, and tries to use the explicit proxy that blocks the traffic from that network.”

    Based on my understanding, this client has acquired WPAD script before on other subnet. According to my research, I found that there will be local cache in client store data obtained from a DHCP server.

    I found that wpad.dat file will be stored in “Temporary Internet Files” folder and written in registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings) after first time acquired.

    I think this issue could be caused when IE try to retrieve the wpad.dat URL from registry key in this case.

    So I would like to suggest delete the previously acquired WPAD cache.

    1. Clear the Internet Explorer cache completely.
    2. Close all instances of Internet Explorer.
    3. Type and run “del \wpad*.dat /s” command to delete all WPAD script instances.
    4. Type and run “ipconfig /flushdns” “nbtstat -R”command” to Clear DNS and Netbios name caches.

    Please also refer to this link for detailed steps and information.

    https://blogs.msdn.microsoft.com/asiatech/2012/08/14/insight-wpad-proxy-settings-on-ie/

    Best regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, March 14, 2016 1:53 PM
    Moderator
  • Hi Rick,

    Thanks for your answer. Unfortunately we've tried all that, both in your post and in that article, and the issue still remains. Whats even more strange that the issue follows the computer, not the user. If a new user logs on to an affected computer, that new user will try to use the proxy too, telling us that it doesn't have anything to do with the profile/HKCU/temp internet files.

    Other things we have tried is to clear the ARP cache, setting the WpadOverride registry value, and setting the group policy Disable caching of Auto-Proxy scripts.

    We have also discovered that blocking access to the DHCP-server carrying the wpad resolves the issue, even if we unblock it again. However, as soon as we connect to the subnet using that DHCP it all breaks again.

    Any other ideas?


    • Edited by Tommy [A] Tuesday, March 15, 2016 10:32 AM
    Tuesday, March 15, 2016 10:12 AM
  • Hi Tommy

     “We have also discovered that blocking access to the DHCP-server carrying the wpad resolves the issue, even if we unblock it again. However, as soon as we connect to the subnet using that DHCP it all breaks again.”

    It seems that the Dynamic Host Configuration Protocol (DHCP) messages has passed through multiple subnets. By default, DHCP packages shouldn`t pass through multiple subnets.

    Have you configured the DHCP Relay Agent on the router?

    Please check your router configuration.

    Here is a link for reference of DHCP relay agents.

    https://technet.microsoft.com/en-us/library/cc779610(v=ws.10).aspx

    Best regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, March 21, 2016 9:53 AM
    Moderator
  • Did you ever fix this? Experiencing exactly the same problem as you at the moment. I setup WPAD option 252 during a VPN project recently on one DHCP scope, and now all my other scopes appear to be picking it up, breaking our BYOD that I want to go directly out through my UTM rather than proxy.

    Why on earth is it doing this? I've been scratching my head all week, checking all of my routing, DNS, wireshark on the clients, clearing caches etc... nothing fixes it!

    Would love to know how you got around this

    Friday, March 1, 2019 10:54 AM