Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Internet Explorer - Bypass Proxy Not Working


  • Please log in to reply
3 replies to this topic

#1
Redhatcc

Redhatcc

    Advanced Member

  • Patrons
  • 337 posts
  • Joined 27-February 08
  • OS:none specified
  • Country: Country Flag

So our environment is configured as followed.

 

We have XenApp 6.5 servers, all handing out desktops to users. Everything works smooth except for the Bypass Proxy for Intranet sites.

 

When using IE you eventually get to to the site after about 25 seconds of waiting, and 25 seconds of waiting per each page to load for all INTERNAL websites.

 

For EXTERNAL websites i.e. Google.com, it loads fast.

 

 

 

 

I have two attachments.

 

1. NotWorking.png: Is the configuration we are running. Blacked out is our internal sites and proxy server, but they pull this from GPO.

2. Working.png: is the configuration that works. By works, I mean when you load an INTERNAL site it loads in 1-3 seconds. EXTERNAL sites i.e. Google.com quit working because you have to go through the Proxy Server to get outside (BlueCoat).

 

 

 

 

Additional Info:

* We have tried various versions of IE, but we currently run IE 9.

* We are an environment that is intergraded with CAC authentication.
* The desktops are Server 2008 R2 X64 patched all the way up. These desktops are Provisioned out by Citrix PVS and run XenApp 6.5.

* This has been working for years until about 2 months ago and we can not figured out what changed.

* To get to these options we are configuring is Internet Options > Connections > LAN Settings > X.

* By simply unchecking "Use a proxy server for your LAN" box, we can access INTERNAL sites super fast. But then it takes away the ability to access all EXTERNAL sites i.e. Google.com.

 

 

 

Attached Files


Citrix Engineer - AFCENT



How to remove advertisement from MSFN

#2
jaclaz

jaclaz

    The Finder

  • Developer
  • 15,502 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

If I get this right, the issue is with the "bypass proxy server for local addresses", that, if checked/enabled adds the 25 seconds delay?

 

Could it be some conflict with the Hosts file?

https://support.micr...en-us/kb/262981

 

Is there any chance that the addresses have been added in IE "Internet zone"?

 

Can you run a trace route in the various cases? (particularly the one with the 25 seconds delay)

 

Is the behaviour the same if you use web addresses like http://myniceweb/mypage.htmand iP addresses like http://192.168.0.100/mypage.htm?

 

I.e. could it be related to a DNS issue of some kind, are the result of running nslookup correct?

 

Is it possible that one of the Windows updates in the last two months caused this?

I.e. can you install a new "dummy machine" with a non "fully up-to-date" OS and see how it behaves?

 

jaclaz



#3
Redhatcc

Redhatcc

    Advanced Member

  • Patrons
  • 337 posts
  • Joined 27-February 08
  • OS:none specified
  • Country: Country Flag

Going to try and add some information, and answer your questions:

 

 

 

Could it be some conflict with the Hosts file: To my knowledge the host file in C:\Windows\System32\Drivers\etc\hosts is configured correctly. It hasn't been touched in 2 years. Checked it again just to make sure, and it looks good.

 

Is there any chance that the addresses have been added in IE "Internet zone": Great point. Higher level GPO's are preventing me from checking the actual Internet Options, however I was able to run a gpresult, dump it to a html file, and check the GPO settings from the domain. It seems the the sites are only being listed in the HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings -> ProxyOverride as a REG_SZ.

 

Can you run a trace route in the various cases (particularly the one with the 25 seconds delay): Yes. Traceroutes and Pathpings indicate that each hop is responding within ~1ms.

 

Is the behaviour the same if you use web addresses like http://myniceweb/mypage.htmand iP addresses like http://192.168.0.100/mypage.htm : Those pages I was not able to visit. But I instead used google.com and 74.125.228.193 which is a google.com server. Both responded very promptly (1-2 seconds)

 

I.e. could it be related to a DNS issue of some kind, are the result of running nslookup correct?: Nslookup on the URL/IP both match backwards and forwards.

 

Is it possible that one of the Windows updates in the last two months caused this?: We have tried old VHD files (vDisk in our Citrix environment) that were 5 months old, attached to an empty Virtual Machine, logged in and it didn't work... so probably not a patch or a GPO (as hard as that is for me to say... gahh...)

 

 

 

One thing someone in another shop sugggested us trying is setting the Local Intranet security settings from Medium-Low to Low. I also read about this online, as it might be specific to Citrix. I got the go ahead, but it seems every single thing I try either GPO or Local Policy will not change the Internet Options > Security Tab > Local Intranet > Security Level = Low . I have dug through the registry, and dug through the gpresult i exported to an html file, and can't find what is making it greyed out and preventing me from changing it. I changed it on the local level also i.e. local machine policy, but no luck.

 

Any idea on how I can change the Local Intranet security settings from Medium-Low to Low? Weird as it sounds, from what I read online and from what someone in another shop told me, this might do the trick.


Citrix Engineer - AFCENT


#4
jaclaz

jaclaz

    The Finder

  • Developer
  • 15,502 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

One thing someone in another shop sugggested us trying is setting the Local Intranet security settings from Medium-Low to Low. I also read about this online, as it might be specific to Citrix. I got the go ahead, but it seems every single thing I try either GPO or Local Policy will not change the Internet Options > Security Tab > Local Intranet > Security Level = Low . I have dug through the registry, and dug through the gpresult i exported to an html file, and can't find what is making it greyed out and preventing me from changing it. I changed it on the local level also i.e. local machine policy, but no luck.

 

Any idea on how I can change the Local Intranet security settings from Medium-Low to Low? Weird as it sounds, from what I read online and from what someone in another shop told me, this might do the trick.

It is entirely possible that changing that would workaround or solve the issue, though that would mean that *something* *somehow* raised that setting from Low to Medium-Low two months ago (but then the old .vhd should have worked) :unsure:

 

Maybe you have to check the Registry directly:

https://support.micr...en-us/kb/182569

 

jaclaz






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users