Troubleshooting Microsoft Proxy Server 2.0
Although Proxy Server 2.0 appears on the surface
to be relatively simple in design and implementation, it can be challenging to
get all parts of the program to work the way you want them to work. Since Proxy
Server 2.0 is actually several servers in one, you must be able to mange,
configure and troubleshoot multiple services and server configuration issues.
We can break down problems you might encounter
with Proxy Server 2.0 in the following ways:
- Troubleshooting the Proxy Server Configuration
- Troubleshooting the Web Proxy Service
- Troubleshooting the WinSock Proxy Service
- Troubleshooting the SOCKS Proxy Service
- Troubleshooting Network Services Interaction
with Proxy Server 2.0
Let’s begin with Troubleshooting common Proxy
Server 2.0 Server Configuration issues.
Troubleshooting the Server Configuration
The most common server configuration issues you
will run into are related to either the Network Interface Card, the Local
Address Table, and Packet Filtering issues.
Network Interface Configuration Issues
There are a few issues that are commonly
encountered by both new and experienced administrators when they configure the
interfaces on the proxy server. One of these has to do with how the Default
Gateway is configured for the machine.
For the Proxy Server to work correctly, you need
to assign only one default gateway on that computer. The default gateway
entry should be made only on the external interface of the Proxy Server
machine. If you add other gateways, you might find yourself getting into
trouble, and having some of the packets routed back to your internal network.
The most common problem we run into is that the
administrator has configured a default gateway on the internal interface of the
proxy server computer. Once that entry is removed, everything ends up working
fine. Also remember to disable IP Forwarding on all the interfaces so that users
won’t be able to circumvent the Proxy Server.
When setting up the Proxy Server, be sure that
you are able to supply all the required information for the external interface.
This includes the remote router (default gateway), the Proxy Server’s public
IP address and subnet mask, and the DNS Server’s address. If you find that
clients are able to connect to resources via IP address and not via FQDN, then
check on the configuration of the DNS Server address.
Local Address Table Issues
The local address table is used to determine
which machines are located on the internal network, and therefore putatively do
not require processing by the Proxy Server. If a request comes to the Proxy
Server for a machine who’s IP address is located in the Local Address Table
(LAT), then the Proxy Server will forward the request to the internal server
without subjecting it to further processing, such as the application of access
Be sure not to place the external interface’s
IP address on the LAT. If you do so, the Proxy Server will interpret the
external interface as a local address, and the proxy server will not forward
requests to Internet hosts!
If you find that clients are suffering from poor
performance when accessing local servers on the network, check to see if those
local server’s are on the LAT. The Proxy Server must evaluate all requests for
resources that are not contained in the LAT. If you internal server’s IP
addresses are not on the LAT, then the Proxy Server must evaluate all requests
made to those internal servers. This might lead to a situation where the Proxy
Server has to evaluate large volumes of requests for internal resources. If the
Proxy Server becomes “bogged down” evaluating such request, overall
performance will suffer.
To prevent the Proxy Server from being
overwhelmed by these internal requests, check that all internal server’s IP
addresses are included in the LAT.