Please note that VisualCron support is not actively monitoring this community forum. Please use our contact page for contacting the VisualCron support directly.


rprastein
2010-10-14T02:12:27Z
I've created a task to send an HTTP post request to a remote server. The request has to get through our corporate proxy server with one set of credentials, and then present a different set of credentials at the remote server to get access to the web page.

I have configured the proxy settings on an HTTP task, and confirmed that that much is working by creating and testing a task to get a google page.

I created a credential in VisualCron for the remote server, using the IP address as the domain - normally, when I enter my username and password in response to the security popup, I don't specify a domain, and this server doesn't have a registered domain name, although it does have a pseudodomain with the hosting service.

When I try to test my VisualCron task using this credential and a post, I get an http 401 (Unauthorized) error, which is the same error that I would get if I cancelled out of the security dialog when fetching the page manually.

What am I doing wrong?

Thanks,

Rebeccah
Sponsor
Forum information
Support
2010-10-14T10:36:49Z
Try using an empty domain in the Credential.
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
rprastein
2010-10-15T20:04:07Z
Nope, that didn't help either.

Rebeccah
rprastein
2010-10-15T20:10:06Z
Another weird thing - on my display of jobs and tasks, I have several copies of this task with different credentials that I have tried. When I first opened up the UI this morning, all of the ones I was trying yesterday say "Success" for the result, although they still show the same error output. Why would that be? When I test them again, they go back to showing the failed status.

Rebeccah
Support
2010-10-17T20:22:47Z
That could happen if the Service (or machine) has been rebooted.

Is there any network administrator that could debug the login failure?
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
rprastein
2010-10-18T18:55:29Z
I am the admin of the virtual private server running the web server (IIS) that is denying the login. What would you like me to check? The logon works fine when I connect directly using the browser. If there is something that the VPS admins need to check, I will need to submit a ticket, and I will need to be pretty specific about what I want them to do, since the symptom is in my application.

Rebeccah
rprastein
2010-10-18T20:21:49Z
OK, I just checked to make sure that logon successes and failures are both being audited on the server. Now, when I attempt to run this task, I get the following three security event log "Success Audit" entries:

Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: IUSR_TEMPLATE
Source Workstation: REMOTEMSS
Error Code: 0x0


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp .



Logon attempt using explicit credentials:
Logged on user:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon GUID: -
User whose credentials were used:
Target User Name: IUSR_TEMPLATE
Target Domain: REMOTEMSS
Target Logon GUID: -

Target Server Name: localhost
Target Server Info: localhost
Caller Process ID: 13884
Source Network Address: -
Source Port: -


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp .


Successful Network Logon:
User Name: IUSR_TEMPLATE
Domain: REMOTEMSS
Logon ID: (0x0,0x6A48F21C)
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: REMOTEMSS
Logon GUID: -
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 13884
Transited Services: -
Source Network Address: -
Source Port: -


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp .




NOTE: The credentials I am supplying through VisualCron should NOT be those of IUSR_TEMPLATE. That's the anonymous web user, and it does not have permissions on my web site.

Thanks,

Rebeccah
rprastein
2010-10-18T20:28:25Z
In contrast, when I (successfully) connect manually using the browser, I get three Success Audit event notifications, and they *do* contain the currect user information.

Rebeccah
Support
2010-10-18T21:13:49Z
We did some tests against our web server. What you put in domain does not really matter. What mattered in our tests that we used the direct url and that it does not contain any redirects. For example:

http://mysite.com/admin/  - does not work

http://mysite.com/admin/adminpage1.aspx  - work
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
rprastein
2010-10-18T21:17:32Z
My URL is of the form
http://ip_address/context-path/webpage.html


Rebeccah
Support
2010-10-18T21:19:31Z
Is this really windows authentication or authentication in a form?


Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
rprastein
2010-10-18T21:21:36Z
IIS is annoying. It's Windows authentication.

Rebeccah
Support
2010-10-18T21:24:55Z
And this HTML page is not redirecting you to any other url when visiting that page`?
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
rprastein
2010-10-18T21:28:24Z
It's not *redirecting* (i.e., sending an http redirect status code that the browser follows to load another page), but it is forwarding (on the back end) to a tomcat web application.

Rebeccah
Support
2010-10-18T21:30:19Z
Can you send a screen shot of the Authentication settings in IIS on that page/folder?
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
rprastein
2010-10-18T21:38:11Z
to support@visualcron.com?

There's no single "authentication" page that I see in the IIS configuration for the page, I'll have to look and see what I did to set up the configuration. It was a PIA, involving creating a group that had the essential permissions that IUSR_TEMPLATE has, taking the eprmissions away from IUSR_TEMPLATE itself (or perhaps disabling it, I don't remember), and then making my new user a member of that group.

Rebeccah


Rebeccah
rprastein
2010-10-18T21:46:31Z
Wait, here it is, I found the page you asked for. I'll attach it here.

Rebeccah
rprastein attached the following image(s):
Support
2010-10-19T08:49:11Z
We use the same settings. I am not sure what happens here.

Can you try to create a local admin account on web server and then use that account instead?
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
rprastein
2010-10-19T20:24:14Z
I already did. It doesn't work, either.

Rebeccah
rprastein
2010-10-19T21:09:47Z
I'm setting up Wireshark right now on my VisualCron server, and I'm going to capture some packet traffic. Perhaps that will help sort things out.

Rebeccah
Support
2010-10-19T21:16:31Z
Hmm..do you have another server you could test this on?

I believe the correct authentication is sent as it worked here. Which IIS version do you have?
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
rprastein
2010-10-19T21:20:16Z
It's IIS 6.0.

I don't have another server set up with IIS, unfortunately.

Rebeccah
rprastein
2010-10-19T23:09:55Z
The problem is at the proxy authentication level (Thanks, Wireshark!)

When I go to the page with IE, the browser sends this:

GET http://<ip address stripped for privacy>/<context-path>/<webpage>.html HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-us
UA-CPU: x86
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: <destination ip address stripped>
Cookie: __utma=<cookie value a>; __utmb=<cookie value b>; __utmz=<cookie value z>


Whereas, VisualCron sends this:

GET http://<ip address stripped for privacy>/<context-path>/<webpage>.html HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
User-Agent: VisualCron
Host: <destination ip address stripped>
Proxy-Connection: Close



Both get a similar response from the proxy server, except that when I use IE, the proxy server sends back
Proxy-Connection: Keep-Alive

whereas with VisualCron, it sends back
Proxy-Connection: close


In the IE case, my browser sends another request with a Proxy-Authorization value, whereas with VisualCron, that's the end of the conversation (presumably because VisualCron's original request included Proxy-Connection: Close


Rebeccah

Support
2010-10-20T08:07:59Z
Thanks for the info. Have you tried using the same proxy settings in VisualCron (because VisualCron does not automatically pick up IE proxy settings)?
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
rprastein
2010-10-20T21:20:08Z
Yes, I've configured the proxy settings in VisualCron. There are too places I've found where they acan be configured - one for the VisualCron application, which gets used for checks for updates, and one for individual HTTP tasks. I have the proxy configured identically in both places.

The settings include proxy type (HTTP, SOCKS4, or SOCKS5), IP address, port number, credentials yes/no, and domain/username/password for the credentials. I don't see anywhere to specify whether to set the proxy connection to close or keep-alive. I have the proxy set to HTTP. Should it possibly be one of the SOCKS proxies? I was able to get the checks for update working with HTTP proxy, so I figured that was the right one, but perhaps not.

Rebeccah
Scroll to Top