A secure SSL session could not be established with the Web Site: “(null)”

I need a solution

Does anyone know what causes the SSL error A secure SSL session could not be established with the Web Site: “(null)”? I’ve attached a screenshot of the full browser error message. SSL interception is only enabled on blocked requests (On Exception). The website users are accessing is allowed and they can access it without ProxySG perforiming SSL intercept. However, they get the error message upon logging in to that website. Disabling proxy authentication on the allowed URL categories seemed to resolve the issue.

0

Related:

  • No Related Posts

ProxySG | IP Phone SIP Protocol cannot connect via Proxy

I need a solution

Dear All

  My customer would like to connect ip phone to cloud of ip phone system and it connect to proxy type explicit.

on ip phone can config to use proxy. we tried to test connect to internet but cannot connect.

for VPM policy we create exception for all of this ip phone already.

for check traffic on Proxy we not found active session from ip of ip-phone

and then we tried to check from error session we found error from ip of ip-phone

this detail of error session as below

Client    Server    A    S    FW    I    Duration    Client Bytes    Server Bytes    Savings    C    BC    OC    P    BM    Service Name    Application    Protocol    Detail    Age

10.223.176.32:39043        –    –    –    –    0 sec    1482    0    100%    –    –    OC (D)    P    BM (D)    Explicit HTTP    HTTP    HTTP(error) : “The request HTTP version is invalid”       2 sec

it have error The request HTTP version is invalid

Proxy IP: 10.180.192.100   IP-Phone IP:10.223.176.32

My customer use Proxy SGOS version 6.6.5.9   if would like more information please let me know.

Thank you so much for your help.

Best Regards,

Chakuttha R.

0

1546875335

Related:

  • No Related Posts

SSL traffic interception

I need a solution

Dear all,

I am using ProxySG server as explicit proxy,I want to configure SSL interception in ProxySG.

In the  user’s browser the IP address of Proxy and port number is mentioned 80.

After configuring the SSL interception do I need to change the port number 80 to 443 in the browser.?

Please advise.

regards

0

1546408647

Related:

  • No Related Posts

Can ProxySG do the two-way URL rewrite with SSL reverse proxy?

I need a solution

I try to configure two-way URL rewrite with SSL reverse proxy.
 

Cliets———–<https>———-|ReverseProxy|————|Server:81|

So, exising all clients access to server by URL http://myapp.local:81/

rightnow, they want to setup SSL reverse proxy for this application.

I try to configure by two-way URL rewrite + SSL reverse proxy but not work,

I design URL for all clients http://newmyapp.local and then Proxy will redirect(302) to https://newmyapp.local

after client request to https://newmyapp.local I try to configure proxy rewirte to internal server by URL http://myapp.local:81

but its not work.

Anyonce have bester idea please advice?

0

Related:

  • No Related Posts

Proxy needs to reauthenticate HTTPS sessions on policy install

I need a solution

Hi Knights

I’m seeing an issue with ASG policy that I haven’t come across before.

This is an explicit proxy deployment with IWA authentication, category/site based exceptions.  We see that when any policy is saved, any users with active intercepted HTTPS connections are presented with browser authentication popups.  Policy traces show that despite the connection being authenticated at the CONNECT command,  and intercepted requests prior to the policy update being processed against the authenticated user,  following the policy update the requests fail due to authentication required.  The proxy does its best to authenticate by sending a HTTP status 401 (can’t do a 407 proxy auth within an existing HTTPS tunnel).  We can prevent the auth popups with some policy to say “do not authenticate SSL proxy requests”, but then we need to blow a hole in our policy as we can not have any user based rules applied to HTTPS traffic.

What makes this environment a bit unusual is that we use multi-tenant policy with ‘global’ and per-tenant policy,   maybe that triggers the behaviour.

But,  just wanted to know if any other Knights had seen this sort of behaviour before?

thanks!

Simon

0

Related:

  • No Related Posts

Dell EMC Unity: How to troubleshoot on Received message with ID: 14:380010 or 14:380012 or 14:380013(Customer Correctable)

Article Number: 524849 Article Version: 3 Article Type: How To



Dell EMC Unity Family

Customer may receive the error message like below from time to time

TRiiAGE_30day_ECOM.txt

A 08/20/18 06:24:27.000 receive cemtracer_health INFO: Received message with ID: 14:380010 [SuppressionUtils.cpp:902]

A 08/20/18 06:24:27.000 receive cemtracer_health INFO: Received event An automatic refresh of the contract data failed due to wrong contract format. [EventReceiver.cpp:90]

A 08/06/18 06:25:14.000 receive cemtracer_health INFO: Received message with ID: 14:380012 [SuppressionUtils.cpp:902]

A 08/06/18 06:25:14.000 receive cemtracer_health INFO: Received event Failed to get technical advisory with configured proxy http://XXX.XXX.XX.XX:3333. [EventReceiver.cpp:90]

A 08/20/18 06:25:08.000 receive cemtracer_health INFO: Received message with ID: 14:380013 [SuppressionUtils.cpp:902]

A 08/20/18 06:25:08.000 receive cemtracer_health INFO: Received event Failed to get software, firmware or language pack updates with configured proxy http://XXX.XXX.XX.XX:3333. [EventReceiver.cpp:90]

### It requires direct internet access to sso.emc.com/support.emc.com/uemconnect.emc.com to get the contract and technical advisory and software.

### Proxy is needed if Unity management interface is not able to access internet.

You can SSH to the array and run nslookup to check whether the internet connectivity/DNS is able to resolve the IP.

nslookup sso.emc.com

nslookup support.emc.com

nslookup uemconnect.emc.com

### If it is able to resolve the IP, try to refresh manually on Unisphere: Service>>Technical Advisories; Update system setting >> Software upgrades >> Download new software. If both are working, it means the internet connection has been resorted.

User-added imageUser-added image

There are two possible causes for the received error message:

1. A transient internet connectivity issue.

2. A temporary service issue on the catalog service host.

The error messages could be safely ignored, customer can acknowledge the alert then remove it from the Unisphere.

These messages doesn’t have any impact to customer’s management.

### If it is unable to resolve the IP, please get network team to check the proxy server/DNS to restore the internet connection.

### If it is the first time for the Unity box to retrieve the contract and technical advisories, never successful before, please also refer to the KB 485275 and 487022 to make sure the ports are not blocked.

In this case, we can see the customer is using proxy for Unity box to access internet.

A 08/06/18 06:25:14.000 thread_getColuCatalogString cemtracer_emcsup INFO: Will use proxy to retrieve catalog, proxyStr: http://XXX.XXX.XX.XX, proxyPort: 3333 [EmcSupportUtils.cpp:447]

A 08/06/18 06:25:14.000 receive cemtracer_health INFO: Received message with ID: 14:380012 [SuppressionUtils.cpp:902]

A 08/06/18 06:25:14.000 receive cemtracer_health INFO: Received event Failed to get technical advisory with configured proxy http://XXX.XXX.XX.XX:3333. [EventReceiver.cpp:90]

A 08/06/18 06:25:14.000 alertProcessor cemtracer_health INFO: *** Processing event, message ID: 14:380012 text: Failed to get technical advisory with configured proxy http://XXX.XXX.XX.XX:3333. [AlertQueue.cpp:494]

Check in /EMC/CEM/log/cemtracer_emcsupport.log

There is successful logins to the catalog service and few failed attempts

#### Successful query


15 Aug 2018 06:24:04 – [EmcSupportServices] INFO – {0:2590697:285323509}[6603|8304|d73ffb40][thread_getColuCatalogString @ ../../../components/providers/osls/EmcSupportServices/src/EmcSupportUtils.cpp:447] Will use proxy to retrieve catalog, proxyStr: http://XXX.XXX.84.22, proxyPort: 3333

15 Aug 2018 06:24:07 – [EmcSupportServices] INFO – {0:2590700:681953438}[6603|17643|e5fffb40][shouldFilterAdvisoryEnt @ ../../../components/providers/osls/EmcSupportServices/src/EmcSupport_TechnicalAdvisory.cpp:389] Didn’t match any Cases for FilterProperty Storage System. Filter this entry.

15 Aug 2018 06:24:07 – [EmcSupportServices] INFO – {0:2590700:682118584}[6603|17643|e5fffb40][shouldFilterAdvisoryEnt @ ../../../components/providers/osls/EmcSupportServices/src/EmcSupport_TechnicalAdvisory.cpp:389] Didn’t match any Cases for FilterProperty Storage System. Filter this entry.

15 Aug 2018 06:24:07 – [EmcSupportServices] INFO – {0:2590700:682191463}[6603|17643|e5fffb40][shouldFilterAdvisoryEnt @ ../../../components/providers/osls/EmcSupportServices/src/EmcSupport_TechnicalAdvisory.cpp:389] Didn’t match any Cases for FilterProperty Storage System. Filter this entry.

15 Aug 2018 06:24:07 – [EmcSupportServices] INFO – {0:2590700:682306133}[6603|17643|e5fffb40][shouldFilterAdvisoryEnt @ ../../../components/providers/osls/EmcSupportServices/src/EmcSupport_TechnicalAdvisory.cpp:389] Didn’t match any Cases for FilterProperty Storage System. Filter this entry.

#### Failed attempt

20 Aug 2018 06:24:22 – [EmcSupportServices] INFO – {0:3022715:302012640}[6603|17641|e63ffb40][getContractReportingUrl @ ../../../components/providers/osls/EmcSupportServices/src/EmcSupport_ContractReporting.cpp:392] Using https://support.emc.com/contractRestApp/contract/servicelines as contract url

20 Aug 2018 06:24:27 – [EmcSupportServices] ERROR – {0:3022720:308512211}[6603|17641|e63ffb40][getContractData @ ../../../components/providers/osls/EmcSupportServices/src/EmcSupport_ContractReporting.cpp:494] Failed to validate contract data XML, could not refresh contract data<HTML><HEAD>

The server is temporarily unable to service your request. Please try again later.<P>

20 Aug 2018 06:25:04 – [EmcSupportServices] ERROR – {0:3022757:36357592}[6603|7752|d95ffb40][thread_getColuCatalogString @ ../../../components/providers/osls/EmcSupportServices/src/EmcSupportUtils.cpp:470] Failed to retrieve catalog due to soap returned error, return code = 28, response = , fault string =

retrieve catalog error, thread return error code: 104860634

Related:

  • No Related Posts

Policies and Applications are not pushing to iOS devices from Xenmobile (Proxy Enabled Environment)

Since the XenMobile is configured with proxy, the traffic will go through proxy to the internet, hence if you have configured http or https with auth.

Image of proxy server setup

Image of proxy server setup

The following table for supported target types for each proxy server type.

Proxy type

Supported targets

SOCKS

APNS

HTTP

APNS, Web. PKI

HTTPS

Web, PKI

HTTP with authentication

Web, PKI

HTTPS with authentication

Web, PKI

Test by removing APNS from them and configure again either configure the proxy without auth or Enabled SOCKS on Proxy Server and add APNS under XenMobile CLI for APNS.

Note : Any changes in Proxy settings require reboot .

If you have configured APNS in multiple options like http/socks/https – it is advisable to use on of these since it will help in narrowing down the issue and having multiple proxy options for single component can create ambiguity .

The following table for supported target types for each proxy server type.

Proxy type

Supported targets

SOCKS

APNS

HTTP

APNS, Web. PKI

HTTPS

Web, PKI

HTTP with authentication

Web, PKI

HTTPS with authentication

Web, PKI

Related:

  • No Related Posts

Access to AWS through a proxySG

I need a solution

The user when trying to enter AWS is not possible and returns the following error

HTTPSConnectionPool(host=’ec2.us-east-1.amazonaws.com’, port=443): Max retries exceeded with url: (Caused by ProxyError(‘Cannot connect to proxy.’, error(‘Tunnel connection failed: 407 Proxy Authentication Required’)))

I’ve already configured the authentication layer for bypass and it keeps showing me the same message.

Thank you in advance.

Kind regards

0

Related:

  • No Related Posts