Proxy Server configuration when using the LANDesk Components such as the Web Console

Version 7

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.x

    Many organizations use Proxy servers for internet connectivity.  LANDesk components, including but not limited to, the LANDesk Web Console often fail when the proxy is misconfigured for the LANDesk environment.
    This article will explain the proxy settings needed for the Web Console to work correctly.
    Please note the following: Specific proxy configuration settings are outside the scope of LANDesk Technical Support.  If there are any problems caused by using Proxy auto-detect settings in Internet Explorer, then either the Proxy server settings must be changed or the Proxy excluded for the LANDesk server as explained below.
    When attempting to login to the web console, the following error can occur:
    Could not log into the management console. Try logging in again.
    Unable to validate the current user with the database.

     

     


    Web Console logging can be enabled by adding the following registry key to the Core Server:
    HKLM\Software\LANDesk\ManagementSuite\Core
    Type: DWORD    
    Name: LogEvents    
    Value: 1

    In the Application Log, the following information is displayed.

     

    The description for Event ID ( 0 ) in Source ( LANDesk Abstraction Layer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Request to get database connection string.
    L01NTLDK01 specified as core.
    A web exception (shown below) occurred when contacting the web service on the specified core.
    Please verify that the web server is running, and that https has been properly configured on the specified core server.
    Web exception details - System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required.  
    at System.Net.HttpWebRequest.GetRequestStream()  
    at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)  
    at LANDesk.ManagementSuite.Information.DatabaseInformationWebReference.
    DatabaseInformation.GetConnectionString()  
    at LANDesk.ManagementSuite.Information.DatabaseInformation.GetConnectionString(String core)

     

     

    Cause

    This issue or other problems using the Web Console can be caused by incorrect proxy settings.
    Microsoft Internet Explorer has the following options when configuring a proxy as seen below.  These settings can also be controlled by using Group Policies.

     

     

    It is important to differentiate between the Logged on user and the user configured for the LANDesk Com+ Application Identity. Each user will have their own proxy settings.

     

    For the user configured for the LANDesk Com+ Application Identity, one of the following must be true:

     

    1. The proxy must be bypassed. (Recommended)
    2. The proxy authentication must succeed. (Be ready to involve your Proxy Administrator.)

     

    Bypassing the Proxy


    It is recommend that the proxy must be bypassed when the Core is talking to itself, and when workstations connect to the Web Console.
    If the "Automatically detect settings" option is checked in the IE proxy settings then the Web Console authentication will fail.  Microsoft does not allow for bypassing the proxy, so this option must NOT be checked.

     

    If "Use a proxy server for you LAN" option is checked, then there is an option to "Bypass proxy server for local addresses." If this is not enabled and configured, then the proxy will still be used. This option must be configured to bypass the proxy for the Core Server IP, Core Server name and FQDN, and 127.0.0.1.

     

    Authenticating to the Proxy


    Proxy authentication is outside the scope of LANDesk support.  LANDesk Support does not support or have information on how to configure proxy settings or provide assistance in configuring it.

     

    What we do provide is information on what is failing.

     

    If a proxy is in use and the user configured for the identity of the LANDesk COM+ Application cannot authenticate to the proxy, then "Unable to validate the current user with the database" will occur. Usually the site that is accessed by Com+ is the following:

     

     

    Have the proxy administrator make any connections to this site work using the user configured for the identity of the LANDesk COM+ Application Identity. If the Proxy administrator is unsure how to do this, then you should resolve the issue using the other option of "Bypassing the proxy".


    Resolution

    Solution 1 - Bypassing the Proxy (Recommended)

    1. Disable "Automatically detect settings" for the IE Proxy settings for the user configured for the LANDesk Com+ Application Identity and any other LANDesk user that may not be able to authenticate to the proxy.

    2. Enable the proxy using the manual settings. 
      1. Check the box for "Use a proxy server for you LAN".

      2. Check the box for "Bypass proxy server for local addresses."



      3. Click Advanced.

      4. Add Exceptions for each of the following items:
        Core Server Name
        Core Server FQDN
        Core Server IP
        Localhost IP

        For example, the settings for a Core named vm88.mydomain.com with an IP of 10.1.1.1 would be:

        vm88; vm88.mydomain.com; 10.1.1.1; 127.0.0.1



      5. Click OK.

      6. Click Apply.

      7. Cick OK.

     

     

     

    Solution 2 - Configuring the Proxy to Correctly Authenticate


    LANDesk has no information on this other than that we are attempting to hit the following site and proxy authentication is failing:

     

    https://CoreServer/landesk/managementsuite/core/ssl/information/databaseinformation.asmx

     

    1. Change the Com+ Application Identity to a User That Can Authenticate on the Proxy.

      - OR -

    2. Have the Administrator of the proxy server configure the Proxy to properly authenticate the user configured for the LANDesk Com+ Application Identity. If the administrator is unsure as to how to do this, then use Solution 1 - Bypass proxy server.