This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Goto Meeting/ Goto Training

Starting to lose my mind with this one.

Added everything from here  http://support.citrixonline.com/en_us/meeting/all_files/G2M060010 To Web Protection/Filter Options/Websites as Trusted and into the Category as Web Meetings.

Created an Exceptionto allow access from selected AD group to Web Meetings Category

 

Try to load Goto Meeting and Training and get this.

2016-11-10 13:20:11.002 PST i: [g2mcomm] <mcast-agent> {Session 6821593718158790153 mcast::MCSNeighbor[1]::} _connect: connecting to the remote host [216.115.223.79, 68.64.13.78, 68.64.5.123(mcs37-1-isp1.atl.expertcity.com, mcs37-1-isp3.atl.expertcity.com, mcs37-1-isp2.atl.expertcity.com):80, 8200, 443]
2016-11-10 13:20:11.003 PST d: [g2mcomm] <mcast-agent> comm::jinet::JJediSocketProviderCreator::createSocketProvider(): validated server [mcs37-1-isp1.atl.expertcity.com(216.115.223.79<initial>), mcs37-1-isp3.atl.expertcity.com(68.64.13.78<initial>), mcs37-1-isp2.atl.expertcity.com(68.64.5.123<initial>)]
2016-11-10 13:20:11.003 PST i: [g2mcomm] <AddressResolver(1)(AddressResolveTask)(0)> DNS lookup for "mcs37-1-isp1.atl.expertcity.com"
2016-11-10 13:20:11.003 PST i: [g2mcomm] <mcast-agent> comm::jinet::JSpecProviderBroker::getJediProvider(): Matched the singleton connection spec provider
2016-11-10 13:20:11.003 PST i: [g2mcomm] <AddressResolver(3)(AddressResolveTask)(0)> DNS lookup for "mcs37-1-isp3.atl.expertcity.com"
2016-11-10 13:20:11.003 PST d: [g2mcomm] <mcast-agent> JEDI connect: Start connect to mcs37-1-isp1.atl.expertcity.com(216.115.223.79<initial>) (index=0)
2016-11-10 13:20:11.003 PST i: [g2mcomm] <AddressResolver(2)(AddressResolveTask)(0)> DNS lookup for "mcs37-1-isp2.atl.expertcity.com"
2016-11-10 13:20:11.004 PST i: [g2mcomm] <mcast-agent> JEDI connect: Creating SSL socket for SSL
2016-11-10 13:20:11.005 PST i: [g2mcomm] <mcast-agent> {Session 6821593718158790153 MCastPeerController::} connect: successfully initiated connect to peer 3
2016-11-10 13:20:11.005 PST i: [g2mcomm] <mcast-agent> {Session 6821593718158790153 EPSessionHelper::} _join: initiated join to server 1
2016-11-10 13:20:11.032 PST i: [g2mcomm] <mcast-agent> JEDI connect: Connected to address[0] mcs37-1-isp1.atl.expertcity.com(216.115.223.79<resolved>):443
2016-11-10 13:20:11.246 PST i: [g2mcomm] <mcast-agent> (9000) "ECSecurityError::eBadCertificate"
2016-11-10 13:20:11.246 PST i: [g2mcomm] <mcast-agent> Certificate verification using Local Certificate Store failed with error. Logging peer certificate....
2016-11-10 13:20:11.246 PST s: [g2mcomm] <mcast-agent> EmbCert-OSCert 0 1
2016-11-10 13:20:11.306 PST E: [g2mcomm] <mcast-agent> {CryptoHandle::} handshake: failed to complete client handshake [(2014) "ECError::eEnd": ## SLS , cconn.cpp:239]
2016-11-10 13:20:11.306 PST i: [g2mcomm] <mcast-agent> {Session 6821593718158790153 mcast::MCSNeighbor[1]::} _disconnect: disconnecting from the remote host, current connectivity=unconnected and status=disconnected
2016-11-10 13:20:11.306 PST i: [g2mcomm] <mcast-agent> {DeviceStack[so(2)t]::} close: closing device stack [(2010) "ECError::eIOError"]
2016-11-10 13:20:11.306 PST E: [g2mcomm] <mcast-agent> {CryptoHandler::} push: error processing handshake [(2014) "ECError::eEnd"]

 

Now if I remove The Goto Meeting Category from my Exception which pretty much gives that AD group full access to the internet Goto Meeting and Training Opens instant. With the cert errors above is there another category I need to add.



This thread was automatically locked due to age.
Parents
  • Anyone else been able to get  Goto Meeting working without bypassing or completely turning off filtering which kinda defeats the purpose of it.

  • I don't understand why the mcast-agent would be involved in this.  Do you have Multicast Routing configured?

    As for trusting a direct connection with GoToMeeting by skipping the Proxy for it, I would think the risk would be minimal.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I don't understand why the mcast-agent would be involved in this.  Do you have Multicast Routing configured?

    As for trusting a direct connection with GoToMeeting by skipping the Proxy for it, I would think the risk would be minimal.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • It's odd Goto Meeting works. Goto Training doesn't want to connect but it's the same software.  I tried the Citrix support and they pointed me back to Sophos.

     

     

    So on the Bypass field I would enter all the IP's and URLs do I leave the checkbox at the bottom checked or unchecked.

  • BAlfson said:

    I don't understand why the mcast-agent would be involved in this.  Do you have Multicast Routing configured?

    As for trusting a direct connection with GoToMeeting by skipping the Proxy for it, I would think the risk would be minimal.

    Cheers - Bob

     

     

    Hi Bob,

     

    I put all the URL's in the skiplist and left the checkbox on and couldn't get to any of the websites then.