04-20-2016 10:44 AM
HTTPs sites randomly not working on WSA 170 seeing following in access logs when it happens. what does DENY_ADMIN_2 mean here?
What could be possible cause? the other times it works fine. 3 out 10 times it gives this error message.
1461173910.696 104 10.36.198.77 TCP_DENIED/403 0 TCP_CONNECT 142.103.59.207:443 - DIRECT/ubc.ca - DENY_ADMIN_2-NONE-HAC_AD-NONE-NONE-NONE-DefaultGroup <IW_edu,1.5,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_edu,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-"> -
1461173911.010 154 10.36.198.77 TCP_DENIED/403 0 TCP_CONNECT 142.103.59.207:443 - DIRECT/ubc.ca - DENY_ADMIN_2-NONE-HAC_AD-NONE-NONE-NONE-DefaultGroup <IW_edu,1.5,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_edu,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-"> -
1461173911.115 103 10.36.198.77 TCP_DENIED/403 0 TCP_CONNECT 142.103.59.207:443 - DIRECT/ubc.ca - DENY_ADMIN_2-NONE-HAC_AD-NONE-NONE-NONE-DefaultGroup <IW_edu,1.5,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_edu,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-"> -
1461173911.452 334 10.36.198.77 TCP_DENIED/403 0 TCP_CONNECT 142.103.59.207:443 - DIRECT/142.103.59.207 - DENY_ADMIN_2-NONE-HAC_AD-NONE-NONE-NONE-DefaultGroup <IW_edu,1.5,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_edu,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-"
chrome displays following message when it happens:
ubc.ca unexpectedly closed the connection.
04-20-2016 04:30 PM
It looks you are running WSA in transparent mode with WCCP enabled and in the meantime, "
Decrypt for Authentication:" option in HTTPs Proxy is also enabled for proxy authentication.
04-22-2016 01:13 AM
Hi Tao. What does this mean? Should you not run these two things together? I have this issue as well.
04-22-2016 09:40 PM
When decrypt for authentication and WCCP is used together, this should be ok. However please note there is limitation in the proxy for 3 conditions below:
1. WCCP/transparent mode
2. HTTPS traffic
3. Authentication
And depends on the authentication surrogate used there is certain limitation on this (consult the user guide)
Would recommend to open a TAC case for the engineer to dig deep on to this based on the network environment and also possible defect (such as if you are using CDA or AD agent as your authentication).
04-22-2016 09:42 PM
The DENY_ADMIN_2 might indicating there is combination issues between https traffic with WCCP/transparent mode and authentication surrogate used (for example IP address surrogate).
Would recommend open TAC case to investigate in details and to explore possible defect as well (such as if you are using TUI as authentication using CDA or AD agent)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide