Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 3 subscribers
  • Views 53841 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebFilter and https://outlook.office.com or https://outlook.office365.com "Host not found" HELP

AZSysAdmin

Okay, so I have setup the Web Filtering and using the transparent mode. I have added exceptions for Office 365 as we're using Microsoft Office 365 for SharePoint and Exchange. Which all has been working well and I cannot tell by the error what is occurring here when the Outlook Web Access (OWA) is reporting invalid HTTPS cert (from the UTM) as well the error reads Host not found.

UTM Error Page:

While trying to retrieve the URL:
https://outlook.office.com/
The content could not be delivered due to the following condition:
Host not found
Your cache administrator is:
MyEmail@apexanalog.com
Testing done:
I have reviewed  the web filter live log (if you would like to see) which shows status codes 200, 502 then final of 304.
The Base Policy is one that states blocks when testing https://outlook.office.com/owa the exception is listed. The Reason is Host not found. So, I am really lost with this error reason. https://outlook.office365.com/owa works with the Policy HelpDesk. Is this a DNS issue cause testing this in browser it varies from outlook.office.com to outlook.office365.com.
I cannot figure out where this is getting hung up. I have web filter options to allow many Office 365 items. This is the only one complaining. The SSL warning before reaching the page is from Astaro the UTM, and I did not think I would get such since I am using transparent mode web filtering.
Please let me know what I can look at, at this point I am drawing a blank. There is no reason I see as to why this should be occurring.
Any assistance would be greatly appreciated. Thanks in advance!


This thread was automatically locked due to age.
  • 0
    Nudge, nudge.

    Anyone able to assist? Need more information on where I can locate why the failure of Office 365 Professional OWA page? The certificate errors and is published by Astaro, so know the certificate is from UTM, then users (self included) get UTM Web Filtering error "host not found". I'm not able to track down a solution since I think UTM is processing more than just web-filter here.
    Waiting and need assistance soon.
  • 0
    200 means the request was successfully proxied. 304 means the client set a conditional GET and the server is saying that the document wasn't modified. 502 often means a compatibility issue between the Proxy and the server. Please show us the log line(s) related to one of these problem accesses.
    .Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob, thank you for grabbing this.

    As requested here is log showing block today:

    Hope this format works (its messy as logs often are) any suggestion for posting logs is appreciated.


    2016:01:14-12:14:54 apex-ualpha httpproxy[6557]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.101.89" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdd00c800" url="https://outlook.office.com/" referer="" error="Host not found" authtime="0" dnstime="184" cattime="0" avscantime="0" fullreqtime="254369" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:14:54 apex-ualpha httpproxy[6557]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.101.89" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe12b7800" url="https://outlook.office.com/" referer="" error="Host not found" authtime="0" dnstime="13" cattime="0" avscantime="0" fullreqtime="222755" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:14:55 apex-ualpha httpproxy[6557]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.101.89" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xa231800" url="https://outlook.office.com/" referer="" error="Host not found" authtime="0" dnstime="3" cattime="0" avscantime="0" fullreqtime="214847" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:14:58 apex-ualpha httpproxy[6557]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.101.89" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdd2e5000" url="https://outlook.office.com/" referer="" error="Host not found" authtime="0" dnstime="3" cattime="0" avscantime="0" fullreqtime="206980" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:14:58 apex-ualpha httpproxy[6557]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.101.89" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdc650800" url="https://outlook.office.com/" referer="" error="Host not found" authtime="0" dnstime="2" cattime="0" avscantime="0" fullreqtime="228903" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:14:58 apex-ualpha httpproxy[6557]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.101.89" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe16f2800" url="https://outlook.office.com/" referer="" error="Host not found" authtime="0" dnstime="13" cattime="0" avscantime="0" fullreqtime="208951" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:14:59 apex-ualpha httpproxy[6557]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.101.89" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2552" request="0xdfa6f800" url="https://outlook.office.com/" referer="" error="Host not found" authtime="0" dnstime="3" cattime="0" avscantime="0" fullreqtime="212043" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:14:59 apex-ualpha httpproxy[6557]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.101.89" dstip="64.4.54.165" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7668" request="0xd8ac7800" url="https://urs.microsoft.com/" referer="" error="" authtime="0" dnstime="3" cattime="0" avscantime="0" fullreqtime="240078" device="0" auth="0" ua="" exceptions="av,content,url,ssl,mime,cache,fileextension,size"
    2016:01:14-12:14:59 apex-ualpha httpproxy[6557]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.101.89" dstip="132.245.47.82" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="8269" request="0xdda61800" url="outlook.office365.com/" referer="" error="" authtime="0" dnstime="3" cattime="0" avscantime="0" fullreqtime="121796319" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:14:59 apex-ualpha httpproxy[6557]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.101.89" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdeefe800" url="https://outlook.office.com/" referer="" error="Host not found" authtime="0" dnstime="2" cattime="0" avscantime="0" fullreqtime="237435" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:14:59 apex-ualpha httpproxy[6557]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.101.89" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd92bb800" url="https://outlook.office.com/" referer="" error="Host not found" authtime="0" dnstime="3" cattime="0" avscantime="0" fullreqtime="237698" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:14:59 apex-ualpha httpproxy[6557]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.101.89" dstip="64.4.54.165" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7668" request="0xdc36b800" url="https://urs.microsoft.com/" referer="" error="" authtime="0" dnstime="3" cattime="0" avscantime="0" fullreqtime="253547" device="0" auth="0" ua="" exceptions="av,content,url,ssl,mime,cache,fileextension,size"

    2016:01:14-12:14:59 apex-ualpha httpproxy[6557]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.101.89" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdf0c8800" url="https://outlook.office.com/" referer="" error="Host not found" authtime="0" dnstime="14" cattime="0" avscantime="0" fullreqtime="209556" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:15:10 apex-ualpha httpproxy[6557]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.101.89" dstip="23.7.136.70" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4233" request="0xe1916000" url="https://auth.gfx.ms/" referer="" error="" authtime="0" dnstime="63369" cattime="0" avscantime="0" fullreqtime="20091013" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:15:10 apex-ualpha httpproxy[6557]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.101.89" dstip="23.7.136.70" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4233" request="0xa232800" url="https://auth.gfx.ms/" referer="" error="" authtime="0" dnstime="65714" cattime="0" avscantime="0" fullreqtime="20097027" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:15:10 apex-ualpha httpproxy[6557]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.101.89" dstip="23.7.136.70" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4233" request="0xdc049000" url="https://auth.gfx.ms/" referer="" error="" authtime="0" dnstime="65129" cattime="0" avscantime="0" fullreqtime="20096881" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    2016:01:14-12:15:10 apex-ualpha httpproxy[6557]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.101.89" dstip="23.7.136.70" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4233" request="0xe1814800" url="https://auth.gfx.ms/" referer="" error="" authtime="0" dnstime="3" cattime="0" avscantime="0" fullreqtime="20028278" device="0" auth="0" ua="" exceptions="content,url,mime,cache,fileextension,size"

    Anything else, please let me know.

    Thanks in advance,

    Joel \

  • 0 in reply to AZSysAdmin
    Yes, you need to skip the proxy for outlook.office.com and auth.gfx.ms. Although you might be able to solve the problem by skipping AV and maybe SSL scanning altogether for them.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    One of my client resolved Office 365 problems with this exception. Also try with Bob's suggestion including AV and SSL scanning in exception object.

  • 0 in reply to vilic
    Guys,
    Sorry for the delay. This is now working. This particular instance was a bad Host record that I was using. The old IP address, hence the UTM not being able to reach. It occurred when initially setting up and had forgotten about, needing to go back and change. Removing this static host record corrected the situation.

    Thank you Vilic, I have similar setup and find its key to Office365 DNS. These are setup in Filtering Options/Exceptions.
    Bob, thank you as well. I will keep this option in mind if needed in future.
  • 0 in reply to AZSysAdmin

    We are experiencing this issue. The certificate error is for "companyname.onmicrosoft.com"

    I have tried importing the certificate, but the error persists.

    I tried the exception list above, and also added onmicrosoft.com to the list. This doesn't work either.

    The only solution I have found is to add "onmicrosoft.com" to the proxy exception list on the client. This is awkward for 200+ users and requires us to keep masquerading open.

    I am really hoping for a better solution. Any ideas?

    Thanks,

    Alan

  • 0 in reply to Alan Lehman

    Alan, have you tried using a GPO to get that Exception out to all of the clients?  Are you in Standard or Transparent mode?  How does your setup compare to DNS best practice and Configuring HTTP/S proxy access with AD SSO?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks Bob.

    I'll look in to GPO for the proxy config if bypassing the proxy is the best way to go.

    I am using standard mode proxy with no client authentication at the moment. Clients are configured to use our AD DC for DNS resolution. The DNS service is not configured on the UTM.

    I understand that in standard mode, the proxy server provides DNS resolution for browsers. How does the proxy resolve DNS if the service is not configured?

     

     

     

  • 0 in reply to Alan Lehman

    Alan,

     

    It would not hurt to allow UTM to provide DNS. I used suggested DNS configuration guide from Bob *https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/32566/solved-dns-best-practice

    I am sure you know the Office365 DNS is dynamic and changes every week or 72 hours (cannot remember). If you configure the UTM to allow DNS and adding current Office 365 DNS names, you should be okay.

    Hope this helps, I'll let Bob take it from here.

Unfiltered HTML