KB1001.034
Problem: Firewall or proxy authentication fails

This article applies to Domain Time II.

Last Updated: 3 September 2003

Note: This article applies to Domain Time version 4.1 or earlier, proxy support was discontinued in verion 5.1.

Problem

    Your firewall or proxy server may allow traffic when you are testing, but not when Domain Time is running as a service. Checking firewall, proxy, or Domain Time logs may show that the error is related to authentication.

Details

    If you are using Domain Time to obtain the time from an Internet-based source, you may experience problems if you have a firewall or proxy in place that does not allow the time protocol(s) you are using to pass through.

    In addition to configuring the ports (see KB1001.033), you may need to configure permissions. This is especially true when using Microsoft's Proxy Server with the client-side WinProxy option. WinProxy sends the logged-on user's credentials to Proxy Server, and Proxy Server decides whether or not to allow the traffic based on who is requesting it.

    When you test a program like Domain Time using its control panel applet test buttons, everything may seem to work fine. However, when you examine Domain Time's log, you see that the service was unable to connect to its time sources. This is because you, the logged-on user, have one set of credentials, and the service, running in the background, has its own credentials.

    Changing your browser's settings or logging on as a different user will not correct the problem. You must instead tell the Proxy Server that it should allow traffic from the Domain Time service in addition to traffic from people using browsers or other foreground programs.

Solution

    In most cases, adding the user System to Proxy Server (and giving this user permissions to use the various time ports) will be sufficient. However, in some cases, based on Windows configuration and service packs, you may need to add the user LocalSystem, too.

    If you are using the Domain Time over HTTP protocol with a web proxy (either Microsoft's Proxy Server or another proxy server) or going through a firewall in addition to going through a proxy, you may need to add System and/or LocalSystem to the list of authorized users on the web proxy or firewall, too.

    If you are using the SOCKS4 proxy (again, either on Microsoft's Proxy server or another proxy server), you may need to add the user DomTime to the list of authorized users for the SOCKS4 protocol. When Domain Time uses SOCKS4, it fills in the username field with DomTime. Some SOCKS4 proxies care about this information, and some don't. Only experimentation will enable you to determine if you need to add this pseudo-user.

See also

Domain Time II Software distributed by Microsemi, Inc.
Documentation copyright © 1995-2024 Greyware Automation Products, Inc.
All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.