Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3029
Views
0
Helpful
5
Replies

Ironport and MS Office SharePoint Designer issues

Ronald Nutter
Level 1
Level 1

‎02-28-2011 10:41 AM

I have several developers that are using MS Office SharePoint Designer to manage some websites.  I have been able to deal with the SSL issues  due to the known defect in the WSA concerning SSL.  That workaround isnt fixing my SharePoint Designer problem.  The application is giving a "Gateway timeout" error.  If I put the same workstation on our guest network which runs through a seperate Ironport that has https proxy disabled, it works like a charm.  Before I put the web site(s) in question on the proxy bypass config item, I wanted to see how others were handling it.

Will really be glad when the SSL defect is resolved.

Ron

Labels:
0 Helpful
5 Replies 5

jahasan
Cisco Employee
Cisco Employee

‎02-28-2011 06:05 PM

Hi Ron,

I would recommend checking the access logs and see what is actually happening with the requests from this application. If you see NONE/502 or NONE/504 in the access logs then that teypically indicates a network issue.

Also check whether this application supports NTLM authentication or not. If the application fails authentication thought the proxy then should see several TCP_DENIED/407 in the access logs. In that case you will need to bypass authentication for this application.

Kind Regards

Jaki

0 Helpful

Ronald Nutter
Level 1
Level 1
In response to jahasan

‎03-01-2011 06:28 AM

Here is what I am seeing from the access logs -

TCP_MISS_SSL/200

TCP_CLIENT_REFRESH_MISS_SSL/401

TCP_CLIENT_REFRESH_MISS_SSL/200

TCP_CLIENT_REFRESH_MISS_SSL/504

TCP_CLIENT_REFRESH_MISS_SSL/500

Since putting the site on no decrypt custom category didnt help, I am going to see if putting the root CA Cert on the Ironport and see if that makes a difference.  Had do something similar for the .MIL sites that my company has to access and that fixed the problem for that.

If that doesnt help, then I will have to resort to the proxy bypass option.

Ron

0 Helpful

jahasan
Cisco Employee
Cisco Employee
In response to Ronald Nutter

‎03-09-2011 03:56 PM

Hi Ron,

Thank you for the HTTP response codes. The interesting ones are the "TCP_CLIENT_REFRESH_MISS_SSL/504" and "TCP_CLIENT_REFRESH_MISS_SSL/500".

The 500 indicates an Internal Server Error: The server encountered an unexpected condition which prevented it    from fulfilling the request.

The 504 indicates a Gateway Timeout: The server, while acting as a gateway or proxy, did not receive a    timely response from the upstream server specified by the URI (e.g.    HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed    to access in attempting to complete the request.

You may want to run packet captures on your IronPort and see why you are getting 500 and 504 errors.

Kind Regards

Jaki

0 Helpful

Ken Stieers
VIP
VIP

‎03-20-2011 08:01 PM

Hey Ron,

What is the known defect related to SSL on the WSA?

Ken

0 Helpful

Ronald Nutter
Level 1
Level 1
In response to Ken Stieers

‎03-21-2011 05:57 AM

Defect #71012 coveres this.  Basically it is when the Ironport has problems inserting itself into the middle of a SSL stream.  Its reaction at this point is to send a command to the remote webserver to step down to TLS which most websites wont do.

for further info on this problem - it seems that Sharepoint 2007 sites dont have a problem but Sharepoint 2010 have to be put in the custom Dont Decrypt policy that we have had to create as a work around for the above mentioned defect.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents