Back To Basics: Troubleshooting Proxy Server 2.0 Page 5
Troubleshooting Microsoft Proxy Server 2.0
Although Proxy Server 2.0 appears on the surface to be relatively simple in design and implementation, it can be challenging to get all parts of the program to work the way you want them to work. Since Proxy Server 2.0 is actually several servers in one, you must be able to mange, configure and troubleshoot multiple services and server configuration issues.
We can break down problems you might encounter with Proxy Server 2.0 in the following ways:
- Troubleshooting the Proxy Server Configuration
- Troubleshooting the Web Proxy Service
- Troubleshooting the WinSock Proxy Service
- Troubleshooting the SOCKS Proxy Service
- Troubleshooting Network Services Interaction with Proxy Server 2.0
Let's begin with Troubleshooting common Proxy Server 2.0 Server Configuration issues.
Troubleshooting the Server Configuration
The most common server configuration issues you will run into are related to either the Network Interface Card, the Local Address Table, and Packet Filtering issues.
Network Interface Configuration Issues
There are a few issues that are commonly encountered by both new and experienced administrators when they configure the interfaces on the proxy server. One of these has to do with how the Default Gateway is configured for the machine.
For the Proxy Server to work correctly, you need to assign only one default gateway on that computer. The default gateway entry should be made only on the external interface of the Proxy Server machine. If you add other gateways, you might find yourself getting into trouble, and having some of the packets routed back to your internal network.
The most common problem we run into is that the administrator has configured a default gateway on the internal interface of the proxy server computer. Once that entry is removed, everything ends up working fine. Also remember to disable IP Forwarding on all the interfaces so that users won't be able to circumvent the Proxy Server.
When setting up the Proxy Server, be sure that you are able to supply all the required information for the external interface. This includes the remote router (default gateway), the Proxy Server's public IP address and subnet mask, and the DNS Server's address. If you find that clients are able to connect to resources via IP address and not via FQDN, then check on the configuration of the DNS Server address.
Local Address Table Issues
The local address table is used to determine which machines are located on the internal network, and therefore putatively do not require processing by the Proxy Server. If a request comes to the Proxy Server for a machine who's IP address is located in the Local Address Table (LAT), then the Proxy Server will forward the request to the internal server without subjecting it to further processing, such as the application of access controls.
Be sure not to place the external interface's IP address on the LAT. If you do so, the Proxy Server will interpret the external interface as a local address, and the proxy server will not forward requests to Internet hosts!
If you find that clients are suffering from poor performance when accessing local servers on the network, check to see if those local server's are on the LAT. The Proxy Server must evaluate all requests for resources that are not contained in the LAT. If you internal server's IP addresses are not on the LAT, then the Proxy Server must evaluate all requests made to those internal servers. This might lead to a situation where the Proxy Server has to evaluate large volumes of requests for internal resources. If the Proxy Server becomes "bogged down" evaluating such request, overall performance will suffer.
To prevent the Proxy Server from being overwhelmed by these internal requests, check that all internal server's IP addresses are included in the LAT.