01-09-2009 08:56 AM
Solved! Go to Solution.
01-16-2009 03:13 PM
Worked through the issue with Juniper and Symantec support. Problem is due to WSAM does not support Kerberos authentication. Workaround is unchecking Enable Integrated Windows Authentication under Internet Options ; Advanced.
After appying that change is seems to work fine. Need to do further testing but this looks like a good solution so far.
01-09-2009 10:54 AM
Try this command from the DOS prompt:
telnet EVSERVERNAME 80
Does the DOS prompt hang (If so a TCP connection is made to the Web server TYPE "get" then hit enter.
An error from the Web server should return.
If you receive and error then what is the error?
01-09-2009 11:32 AM
the error received was:
HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Fri, 09 Jan 2009 19:26:54 GMT
Connection: close
Content-Lenth: 35
<h1>Bad Request (Invalid Verb)</h1>
01-09-2009 11:37 AM
So you can access the Web server.
type:
HTTP://VAULTSERVERNAME/EnterpriseVault/Search.asp
where VAULTSERVERNAME is your vault server name.
01-09-2009 11:37 AM
01-09-2009 01:05 PM
Entered the URL in IE, but received the page not found message
In the detailed debug log for WSAM, the entry is
connecting to evserver1:80...
server disconnected from host evserver1:80...
01-09-2009 06:05 PM
Do you actually see the EV icons in the toolbar? We had a similar problem using Microsoft IAG (formerly known as eGap Whale Communications - we had to amend our EVShared.js file under the EVGETROOT function which allowed passthrough of the correct URL as the 'Whale box' was changing the URL by wrapping its own bits around the original URL needed/used
Not sure if this helps but thought I'd mention it - when we investigated this we came across a known issue regarding Juniper and I'm sure we saw an kb article about from Symantec..
Hope this helps..
01-11-2009 03:53 PM
Tom,
This sounds an awful lot like some kind of port filtering is in effect. I know plenty of customers using the Cisco VPN tool with no worries, and that should be some indication of something odd with your Juniper setup. If you do a tracert to the EV server do you get there? If you check and see if you have an TCP route for 0.0.0.0 to the VPN interface which is what the Cisco VPN does, it routes ALL traffic into the VPN tunnel.
I'd have a word with your network team, clearly VPN's are pretty normal stuff these days. You could also check your IIS logs and see if the client are actually reaching the server, but my bet's on the VPN doing some port filtering. EV will expect "normal IETF RFC compliant ports" and not PAT (Port Address Translation) which can sometimes be problematic for ANY application.
Hope this helps!
01-12-2009 03:40 AM
I do not think this is port filtering.
He can connect to the Web server with command line but not with the browser.
Clear your browser proxy settings and try to connect with the browser.
Check netstat with the browser running and verify where it is attempting to connect to.
01-12-2009 05:39 AM
01-16-2009 03:13 PM
Worked through the issue with Juniper and Symantec support. Problem is due to WSAM does not support Kerberos authentication. Workaround is unchecking Enable Integrated Windows Authentication under Internet Options ; Advanced.
After appying that change is seems to work fine. Need to do further testing but this looks like a good solution so far.
01-17-2009 01:41 AM
You also can check if the required ports for EV are open at Juniper SSL VPN, you will find the required ports in the EV documentation. Additional try if the client can contact the EVServer Name over DNS mechanism...
_________________
www.longerich.com