Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 0 subscribers
  • Views 9799 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting Live Messenger to work through the Web Appliance?

sssstew

Hi All

Just taken over some admin of the Sophos Web Appliance which is new to me, ive used Websense before, but im trying to configure the web appliance to allow Live Messenger (for us in IT), but cannot figure out how to get it to work, the messenger client just fails to sign in each time.


So far i have created an Additional Policy called Internet Access Full which my user account is a member of which has most of the site categories set to allow, including chat which i thought would fix it but we still cannot sign in on the application.

Is there any special config anywhere for this?

Thanks

Stewart

:18343


This thread was automatically locked due to age.
  • 0

    Hi Stewart,

    Are you using Active Directory authentication?  The Web Appliance could be blocking it for not providing NTLM authentication.  To workaround this you could try:

    - Go to 'Configuration > System > Active Directory' and exempt MSN/Live Messenger using the 'Sophos list of applications'

    - OR disable 'Authenticate all requests'.  In this mode only supported browser are authenticated against AD

    - OR configure Live Messenger proxy settings with AD credentials (if possible)

    Another thing that can cause problems is HTTPS Scanning.  You may need to exempt some sites from HTTPS scanning for this to work.  You could always disable HTTPS Scanning entirely (Configuration > Global Policy > HTTPS Scanning) to confirm if this is the problem.

    Let me know if you have any questions, and feel free to call our support team if you get stuck.

    Thanks,
    Tom.

    :18357
  • 0

    Thanks Tom,

    We are using AD authentication but the "Authenticate all requests against AD" tick box is not ticked.  Additionally i have also unticked it in the list of applications here, even though this doesnt affect it because the above tick box is not ticked.

    But your comment about configuring live messenger with AD credentials worked for me, i am able to sign in now.

    Great thanks Tom, appreciate it :)

    :18383
  • 0

    Hi Stewart,

    Great news!  Glad to hear you got it working :)

    It's odd that you had to enter your AD credentials, because we shouldn't authenticate non-browser applications with this option unchecked.  It might be that Messenger has a 'user agent' string that makes us think it's Internet Explorer - therefore we force it to authenticate.  In any case, I'll look into this to make sure there are no problems in how Messenger is handled.

    Thanks,

    Tom.

    :18389
  • 0

    Hi Tom, yes agreed this is because Live Messenger tightly integrates with the IE settings and thus probably presents itself as IE like you mentioned.

    :18403
Unfiltered HTML