Rogue Proxy settings.....

Discussion in 'Networks' started by Luddym, Dec 12, 2008.

  1. Luddym

    Luddym Megabyte Poster

    797
    19
    74
    We have a problem with web proxy settings at the moment, and have done for some time. The story so far:

    We have an ISA server in which the settings were pushed out via logon scripts.
    Now we have GPO's set up that push the settings out via GPO. This works great, except for a few exceptions.

    Since I have been here (18 months) we have had sporadic issues with a rogue proxy setting appearing for specific individuals. IE, user one will log on and have the rogue setting of 'julius', we will 'gpupdate /force' and the right proxy settings will appear, until the user turns off his pc and comes in the following morning to find the same issue.

    Out of a user base of around 200 pc's this issue is currently happening to two users.

    We do have a legacy server called 'julius', which did have a free proxy program on it at some point, but in the services the only entry I can find is 'WinHTTP Web Proxy Auto-Discovery Service.' which is described as...

    This service is disabled, but by it's description I'm not sure that will help. I have also restarted the server a few times over the months to see if there is something running that shouldn't be, checked MSconfig/services and startup, but can't find anything there that shouldn't be. Turning the server off isn't an option at the moment unfortunately.

    Does anyone have any ideas on how to try and stop this other than trying a complete turnoff of the server?

    Many thanks in advance guys.
     
    Certifications: VCP,A+, N+, MCSA, MCSE
    WIP: Christmas Drunkard
  2. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Sounds like its still advertising itself as a proxy somehow. Can you actually proxy through it still? My guess would be that some clients may be picking the proxy up from DHCP - have you checked your scope options?
     
    Certifications: A few
    WIP: None - f*** 'em
  3. kevicho

    kevicho Gigabyte Poster

    1,219
    58
    116
    Have you done a registry scan on a client for the word Julius, it could be the client has left some junk behind and will need removing
     
    Certifications: A+, Net+, MCSA Server 2003, 2008, Windows XP & 7 , ITIL V3 Foundation
    WIP: CCNA Renewal
  4. Luddym

    Luddym Megabyte Poster

    797
    19
    74
    Thanks for the reply Zeb,

    Nope, can't proxy through it, and all of the offending machines have static IP's.
     
    Certifications: VCP,A+, N+, MCSA, MCSE
    WIP: Christmas Drunkard
  5. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    If you can, run a wireshark trace from a client exhibiting the problem (you'll need to hub out and collect from another machine whilst its booting up) and pm me a link to it - I'll take a look and see if its picking it up somewhere on boot. If not, then you;re looking at something 'within' the client that's causing it and, as kevicho suggested, a scan through the registry for 'julius' should point you in the right direction
     
    Certifications: A few
    WIP: None - f*** 'em
  6. Luddym

    Luddym Megabyte Poster

    797
    19
    74
    Will give that another go on monday when it appears again. (We've gpupdate /force'd since, which may blue my results.)

    But i vaguely remember doing that before and only having 'julius' display once, and only then as the proxy server.

    Thanks for the help, will give it a go. :thumbleft
     
    Certifications: VCP,A+, N+, MCSA, MCSE
    WIP: Christmas Drunkard

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.