This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weird Issue with Microsoft Teams

Hello,

I am having trouble diagnosing this particular issue with Microsoft Teams. The messaging function isn't working as messages aren't sent ("Failed to send" error message). After checking the web filtering logs, i found this out: 

 

2019:03:13-09:12:20 utm-bomare-2 httpproxy[6214]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block"

method="CONNECT" srcip="192.168.1.168" dstip="40.74.62.125" user="" group="" ad_domain="" statuscode="500" cached="0"

profile="REF_HttProContaInterNetwo (VIP_Profile)" filteraction="REF_HttCffVipwhfilte (VIP_WHFilterAction)"

size="517" request="0x1b020c00" url="emea.ng.msg.teams.microsoft.com/" referer="" error="Connection timed out" authtime="0" dnstime="2"

cattime="128" avscantime="0" fullreqtime="127255911" device="0" auth="0" ua="" exceptions="application" category="122" reputation="neutral"

categoryname="Instant Messaging" application="micrsoft" app-id="1151"

 

Apparently, the request was blocked because of a connection time out error. I don't have AV scanning enabled on any of my filter actions. I tried skipping the proxy, same thing. I even disabled web filtering and application control, still same problem. Could it be a DNS issue? (we don't have an internal DNS server, we're using the UTM as gateway and DNS).

Any suggestions?



This thread was automatically locked due to age.
Parents
  • Okay so i know i said on my post that i tried skipping the transparent proxy but it didn't work but somehow someway, this morning when i tried that again it worked, i was able to send and receive messages.

    Do websites that i visit still get proxied and appear in the web filtering live log even when i'm on the Skip transparent proxy list? I'm saying this because it's still showing all of my traffic, and one thing i noticed is, that Microsoft Teams URL that gets blocked for a connection timeout does not appear on the log. Is it sort of an implicit "pass" action? I only see this line related to Microsoft Teams:

     

    2019:03:14-09:58:23 utm-bomare-2 httpproxy[12473]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" 
     
    method="CONNECT" srcip="192.168.1.168" dstip="52.113.194.131" user="" group="" ad_domain="" statuscode="200" cached="0"
     
    profile="REF_HttProContaInterNetwo (VIP_Profile)" filteraction="REF_HttCffVipwhfilte (VIP_WHFilterAction)"
     
    size="1199515" request="0x1a86b800" url="https://teams.microsoft.com/" referer="" error="" authtime="0" dnstime="2580612"
     
    cattime="132" avscantime="0" fullreqtime="382729168" device="0" auth="0" ua="" exceptions="application" category="122" reputation="neutral"
     
    categoryname="Instant Messaging" application="micrsoft" app-id="1151"

     

     

  • Salut Zak,

    If an access appears in the Web Filtering log, it did not qualify for the Skiplist.  Since you weren't doing AV scanning, the only thing left was to skip the Proxy for the access to emea.ng.msg.teams.microsoft.com.  I note that that FQDN has multiple DNS A-records, so you will want to use it in a DNS Group definition in the Skiplist instead of a DNS Host definition.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello and sorry for the late response, 

     

    I just tried adding that DNS Group definition to the Transparent Mode Skiplist... and it didn't work, still getting that same line on the web filtering log. MS Teams seems to be only working when my source IP is on that skiplist. Confusing.

  • OK, Zak, it sounds like you're using the Proxy in the Standard mode, so you'll need to add *.teams.microsoft.com to the Exceptions in [Advanced] after selecting to use the proxy explicitly in Internet Options > [Lan Settings].  Instead of the numeric IP of the UTM, you should use an FQDN that resolves to that IP - refer to Configuring HTTP/S proxy access with AD SSO.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I'm actually using the Proxy in Transparent mode, and have already tried adding MS Teams on the exceptions tab... still nothing.

  • If you're running in Transparent and the traffic still is handled by the Proxy, show us the Edit of the DNS Host/Group that you have in the Skiplist.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • That's perfect, Zak, so the issue is that the DNS Group is [unresolved] and your DNS configuration must need some attention.  Does DNS best practice give you any help?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you for the reply. 

     

    I will check it out and get back to you as soon as i can.

  • Ok so i just went through the DNS best practices article and the thing is, we don't have any internal DNS servers, everything is just forwarded to the UTM and our Office365 subscription is cloud-based. However, i did find out from point #8 that disabling Pharming Protection on the Fitlering Options > Misc tab does the trick! Could it be an ISP problem? 

  • Is it okay if i leave Pharming Protection unchecked?

Reply Children
No Data