Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 28 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 70462 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to connect to Sophos Central via proxy that requires authentication

Roman Korchak

Hi

We have just moved to a new Proxy system that requires authentication and our servers stopped communicating with Sophos Central and stopped downloading updates.

I have already checked https://community.sophos.com/kb/en-us/119263 and it will not work for us as we dont have an option to exclude particular sites from the proxy (or rather we cannot open our firewall for particular sites). I have noticed though an option for proxy credentials in config.xml file so I am wandering if we can use that to authenticate an endpoint to our proxy so it can communicate with Sophos Central and download updates.

Thanks

   



This thread was automatically locked due to age.
  • 0 in reply to Roman Korchak

    I have the same problem:

    2018-04-17T19:43:32.6584701Z WARNING : WinHttpGetProxyForUrl returned: 12180
    2018-04-17T19:43:32.6584701Z INFO : Attempting to connect using proxy 'proxyserver:3128' of type 'Customer'.
    2018-04-17T19:43:32.6584701Z INFO : Set security protocol: 00000800
    2018-04-17T19:43:32.6584701Z INFO : Opening connection to downloads.sophos.com
    2018-04-17T19:43:32.6584701Z INFO : Opened connection to downloads.sophos.com
    2018-04-17T19:43:32.6584701Z INFO : Request content size: 0
    2018-04-17T19:43:32.7208702Z INFO : Request sent
    2018-04-17T19:43:32.7988703Z INFO : Response status code: 407
    2018-04-17T19:43:32.7988703Z INFO : Response data size: 0
    2018-04-17T19:43:32.7988703Z WARNING : Basic authentication was offered by the proxy server.
    2018-04-17T19:43:32.7988703Z INFO : Failed to connect using proxy 'proxyserver:3128' with error: No supported proxy authentication schemes.

  • 0 in reply to benny4982

    Please can I ask that you log a support ticket (bottom right of this page) and then send me the case ID?

    It looks like you are sending the correct commands to the installer, but there is something not quite right. I can pass the logs to the development team for review.

    Stephen

  • 0 in reply to StephenMcKay

    Hi Stephen,

    i send you a private message with the case id.

    Benjamin

  • 0 in reply to benny4982

    Hi Benjamin,

    I have your case, i will escalate this.

    Many thanks.

    Stephen

  • 0 in reply to StephenMcKay

    There is a good chance that Basic auth is not supported due to being insecure.

    Regards,

    Jak

  • 0

    A bit of update - thats what I find in a log:

    2018-04-20T09:52:17.5645293Z INFO : Set security protocol: 00000800
    2018-04-20T09:52:17.5645293Z INFO : Opening connection to dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com
    2018-04-20T09:52:17.5645293Z INFO : Sending request for connection confirmation through potential proxy
    2018-04-20T09:52:17.5645293Z INFO : Request content size: 0
    2018-04-20T09:52:23.8388107Z ERROR : WinHttpSendRequest failed with error 12029
    2018-04-20T09:52:23.8388107Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed
    2018-04-20T09:52:23.8388107Z ERROR : HTTP error: Failed to connect with any proxy: certificate check failure
    2018-04-20T09:52:23.8543841Z ERROR : System Property Check: ValidDeploymentInfo - FAILED
    2018-04-20T09:52:23.9169505Z INFO : Running System Property Check: InstallationInProgress ...
    2018-04-20T09:52:23.9169505Z INFO : System Property Check: InstallationInProgress - PASSED
    2018-04-20T09:52:23.9794572Z INFO : Running System Property Check: SafeGuardEncryption ...
    2018-04-20T09:52:23.9794572Z INFO : Entered installedProductCode, upgradeCode={BA2F47D3-1C17-40E7-8DE7-1CD733442B6C}
    2018-04-20T09:52:23.9794572Z INFO : Product is not installed
    2018-04-20T09:52:23.9794572Z INFO : Entered installedProductCode, upgradeCode={C48CCEDE-A264-411F-AB82-BC9D67B8344B}
    2018-04-20T09:52:23.9794572Z INFO : Product is not installed
    2018-04-20T09:52:23.9794572Z INFO : licensesContainFeature(FILE_ENCRYPTION): false
    2018-04-20T09:52:23.9794572Z INFO : licensesContainFeature(DEVICE_ENCRYPTION): false
    2018-04-20T09:52:23.9794572Z INFO : System Property Check: SafeGuardEncryption - PASSED

  • 0

    Just noticed something - according to the logs , endpoint is trying to communicate with dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com/  but when I try to browse to this address I am getting certificate error.

  • 0 in reply to Roman Korchak

    As suggested, the basic authentication error is caused because we explicitly reject it. 

    Stephen

  • 0 in reply to StephenMcKay

    Hello all,

    excuse me for chiming in but it seems indeed to be the wrong certificate

    Note that, apart from the CA issue, it's not for hmr.sophos.com but hydra.sophos.com.

    Christian

  • 0 in reply to QC

    Christian,

    us-west and eu-west use a hmr.sophos.com address, whereas eu-central and us-east use a hydra.sophos.com address

    Stephen

Unfiltered HTML