Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 16259 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 8 Store and Update fail in https-Proxy mode

HMaster
Hi,

I am trying to get my Windows 8 pc running in https-proxy mode, but the Store and the Updates fail.

When I try to install any tool or update from the store I get the following error in WebFiltering. 

2013:04:24-20:16:00 firewall httpproxy[4267]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x14eaf128" function="tunnel_handler_recv_data" file="tunnel.c" line="45" message="epoll_fill_buffer: Connection reset by peer" 



2013:04:24-20:16:00 firewall httpproxy[4267]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.*.*" dstip="157.56.194.72" user="" statuscode="500" cached="0" profile="REF_HttProProxyFilte (Proxy Filter)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="8479" request="0x14eaf128" url="services.apps.microsoft.com/" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error="Connection reset by peer" 



2013:04:24-20:16:01 firewall httpproxy[4267]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x14f09df0" function="tunnel_handler_recv_data" file="tunnel.c" line="45" message="epoll_fill_buffer: Connection reset by peer" 



2013:04:24-20:16:01 firewall httpproxy[4267]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.*.*" dstip="157.56.194.72" user="" statuscode="500" cached="0" profile="REF_HttProProxyFilte (Proxy Filter)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="9307" request="0x14f09df0" url="lic.apps.microsoft.com/" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error="Connection reset by peer" 


As you can see I have set for test-procedure all functions in "Skip" mode, but nothing works.

This is my WebFilter-Setup 
Microsoft Windows 8 Store [Allows Windows Store Installations without side effects.] 

 

Skipping: Authentication / Caching / Antivirus / Extension blocking / MIME type blocking / URL Filter / Content Removal / SSL scanning / Certificate Trust Check / Certificate Date Check 

 

Matching these URLs: 

^https?://([A-Za-z0-9.-]*\.)?services\.apps\.microsoft\.com/

^https?://157\.56\.194\.72

^https?://([A-Za-z0-9.-]*\.)?lic\.apps\.microsoft\.com/ 


Is this a "known issue"??? [:S] I would like to get the Updates / Store-Updates and the Store running in proxy-mode.


This thread was automatically locked due to age.
  • 0
    statuscode="500" [...] exceptions="av [...] ,ssl, [...] error="Connection reset by peer"

    The two exceptions that might have worked (av & ssl) didn't help.  The only thing you can do is skip the proxy for this.  In "Transparent" mode, that's the 'Skip transparent mode destination hosts/nets' list on the 'Advanced' tab.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Well I tried what you said, but that didn't work either. 

    What I see is, that the system is able to contact the Internet-sites as normal. It also is capable to run the Store. You can browse through the Store to see what tools/apps are available. But when you actualy want to installl an app /programm you'll get a Block-Error. 
    The same with Updates for Windows 8. The Update tool gives also an error that Updates could not being checked. 

    Looks like there is something wierd going on.
  • 0
    Well I tried what you said, but that didn't work either. 

    If you still see related activity in the Web Filtering log file, then the accesses aren't skipping.  If you are scanning SSL, the Microsoft site apparently is detecting the man-in-the-middle and refusing to respond.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi, i have the same problem and use this Microsoft workaround (greenlist)
    It now working, hope it can help you.

    Utilisation de serveurs proxy authentifiés avec Windows 8

    Add this list to the exceptions and check the Auth.
    ^https?://Login\.Live\.com/
    ^https?://Account\.Live\.com/
    ^https?://ClientConfig\.Passport\.NET/
    ^https?://wustat\.Windows\.com/
    ^https?://([A-Za-z0-9.-]*\.)?windowsupdate\.com/
    ^https?://([A-Za-z0-9.-]*\.)?wns\.windows\.com/
    ^https?://([A-Za-z0-9.-]*\.)?hotmail\.com/
    ^https?://([A-Za-z0-9.-]*\.)?outlook\.com/
    ^https?://([A-Za-z0-9.-]*\.)?microsoft\.com/
    ^https?://([A-Za-z0-9.-]*\.)?msftncsi\.com/ncsi\.txt/
  • 0 in reply to brassardv
    Brassardv

    That worked perfectly to fix the same issue with the windows 10 store
  • 0 in reply to brassardv

    Cool!  That's the first time I've seen an article translated automatically and then improved by the Community Translation Framework.

    I think that, instead of "Pour résoudre ces problèmes, ils se rapportent à l'utilisation d'applications du Windows Store,"one should change it to "Pour résoudre ces problèmes, autant qu'ils se rapportent à l'utilisation d'applications du Windows Store" n'est-ce pas?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to brassardv

    This was very useful , I was having similar issues when trying to download/update applications from my Windows Phone. I had to add one additional entry:

    ^https?://([A-Za-z0-9.-]*\.)?windowsphone\.com/

Unfiltered HTML