Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
835
Views
1
Helpful
3
Replies

ERR_TUNNEL_CONNECTION_FAILED

kostasthedelegate
Level 4
Level 4

‎01-02-2024 06:31 AM

Hello, 

I have an issue with WSA. 

We have renewed the cert of WSA. 

The webpages load normally except this one

https://outlook.office.com/owa

it show an error ERR_TUNNEL_CONNECTION_FAILED on chrome and in incognito mode.

The policies are Allow and Passthrough. Also, the mail is working ok. 

The logs are also showing TCP_MISS/200

 

Any ideas?

Thanks and regards, 

Konstantinos

 

Labels:
0 Helpful
3 Replies 3

Ruben Cocheno
Spotlight
Spotlight

‎01-02-2024 07:22 AM

@kostasthedelegate 

From Chrome it seems that it can't connect to the WSA, and TCP_MISS/200 on WSA relates to cache miss. check if the WSA is reporting any connectivity issues back to the LAN for this particular desktop, also confirm if you using Explicit proxy or not.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful

kostasthedelegate
Level 4
Level 4

‎01-03-2024 02:13 AM

Hello @Ruben Cocheno , 

The other internet sites are loading successfully. We also tried explorer and it is the same behavior. 

We renewed the cert of WSA but this site should not be affected as it is passthrough. 

But sth changed after the renewal of the proxy cert. 

 

 

 

0 Helpful

amojarra
Cisco Employee
Cisco Employee

‎01-03-2024 12:48 PM

Hello @kostasthedelegate 

Hope you are doing fine. 

 

May I ask,

[1] Can you please capture Packet from WSA filter by Client IP and webserver IP to have both connections (Client <-> WSA and WSA <-> Web server) in one capture.  the reason I'm asking is to check who is sending FIN/RST and see in which part of communication and also comparing the Ciphers.

[2] Could you please confirm if you test by un-checking "Automatically detect settings" from Internet options > Connections > LAN settings 

[3] You have mentioned the Policy has been set to allowed, could you please confirm if it is hitting correct policy from Accesslogs?

[4] kindly advised if the issue is same in Firefox and/or Edge. 

[5] I was wondering if there are any logs in the HAR file while loading the page, could you please check the Developer tools, under Network section to see while you are accessing the URL, if there are any other URLs which are blocked. like cdn.office.net or ...

 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++        If you find this answer helpful, please rate it as such      ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

Customers Also Viewed These Support Documents