Wednesday, June 15, 2011

Webproxy auto configuration, the (hard) MS way

In windows you can use automatic proxy detection to configure all your local clients to use the proxy settings you wish.

In short you do the following:

  1. Create a file named wpad.dat on a webserver named wpad.mycompany.local (Or whatever your dns domain is)
  2. In that file you put the prxy definition, which ports, urls etc. (See here for the details)
  3. Make sure your DNS answers the query for wpad.mycompany.local with the web server delivering the wpad.dat file

So far, everything is simple and easy to understand, but... it does not work if you use microsoft products for DNS and/or Webserver.

There are two pitfalls in the MS products:

1. DNS problem

Do a query for wpad.mycompany.local (Like nslookup wpad.mycompany.local)
You would now assume your DNS server returns you the configured IP.
Nada, nothing, it just return a message telling you it's not a known name. Double check it, it's just not working.
The DNS server does not answer the question properly.

The reason for this is "security", looks like the query for wpad. is a dangerous query, so MS blocks these in the DNS servers. Don't believe it ? Look here

The simplest way is to just disable that queryblocklist on your DNS server(s)

dnscmd [dnsservername] /config /enableglobalqueryblocklist 0

2. IIS problem

When you finally got past the DNS problem and your dns servers answer queries for wpad.mycompany.local correctly, then the next problem jumps in.

Just open your web browser and enter: http://wpda.mycompany.local/wpad.dat
You would expect that you see the content of that text file, but no, IIS thinks it's not something we wish to deliver to the clients.

The reason is, that the .dat extension is not assigned to a mime type, so IIS does not deliver these files and just returns a "File not found"

As the last step you make .dat known as mime type "application/x-ns-proxy-autoconfig"