rene11
2 Iron

RE: 2 minute delay on opening .pit file (from DMZ / SSL gateway)

Jump to solution

It's an official certificate.

0 Kudos
rene11
2 Iron

RE: 2 minute delay on opening .pit file (from DMZ / SSL gateway)

Jump to solution

I almost thought this must be it! But too bad

I disabled smartscreen filter and made sure the site was added to the trusted site (already was). Did a complete restart, but it was still loading for 2 minutes.

0 Kudos
rene11
2 Iron

RE: 2 minute delay on opening .pit file (from DMZ / SSL gateway)

Jump to solution

Thanks all for your good suggestions. We still haven't solved this.

Because this topic is getting very big, here is a list of our conclusions:

  • The timeout only occures with Internet Explorer (all versions / any OS). Never with Firefox!
  • It happens randomly. If you try to click on the Virtual Machine 10 times in a row, it times-out about 5 or 6 times.
  • It only happens when connecting from the internet (external users). So when we connect from our internal network to the external webserver, there are no problems. Our network guys say the exact same route is being used, and you pass the same firewalls.
  • It has nothing to do with certificates or SSL gateway. I tried it directly on port 80, bypassing the SSL gateway, with same results.
  • SSL/Webserver are installed on same server in DMZ. In DMZ we do not have an active directory.
  • The brokers are on are internal network, in active directory.
  • I also tried to proxy the SSL gateway (in DMZ) to an internal webserver, still the same time-out problem!
  • All servers are Windows 2008 x64 / IIS7
  • In the eventlog, we get a 'The request is aborted' message (see http://communities.quest.com/message/3068#3068)
  • For a video of the problem see : http://www.chelloo.com/images/temp/vworkspace.avi
0 Kudos
Highlighted
yorker1
1 Copper

RE: 2 minute delay on opening .pit file (from DMZ / SSL gateway)

Jump to solution

After a lot of testing and debugging on this issue we have come to the following conclusion and are working on a solution.

1. It definately has to do with 2008 R1/R2 servers (IIS 7.x specifically).

2. It definately has to do with Certificates as we can not reproduce the issue over straight HTTP no matter how we try.

3. It all depends where the Certificate is installed.  Secure Gateway server, Web Access/Secure Gateway combo or Web Access over SSL.

    i. It all depends on 'where' the certificate is installed.  If using Secure Gateway on 2008 R1/R2 this is the issue.

4. It does only happen with IE (any version) and not with FireFox or other browsers.

5. If using Windows Server 2003, there are no issues at all.

A temp work-around right now is to use the Secure Gateway server on Windows Server 2003, can be x86 or x64, this does not matter.

We are still debugging and hope to have a proper solution for 2008 R1/R2 using IIS 7.x very soon.

-Stephen Yorke

0 Kudos

RE: 2 minute delay on opening .pit file (from DMZ / SSL gateway)

Jump to solution

That is great news Stephen!

Rene, please let us know if this also solves your problem.

0 Kudos
rene11
2 Iron

RE: 2 minute delay on opening .pit file (from DMZ / SSL gateway)

Jump to solution

I tried it on Windows 2003. On W2K3 we do not have the .pit timeout, but then we got other problems.

On w2k3 strange things happen with the web-interface like pictures not loading.

So this is not the way we want to go, installing a 7 year old OS. If it would solve all problems then it would be fine, but it introduces new problems.

ps: Stephen says in his situation it is related to the SSL gateway, but in our situation it goes wrong with or without SSL enabled. Even on port 80, we get this timeout.

Only in DMZ...

0 Kudos
yorker1
1 Copper

RE: 2 minute delay on opening .pit file (from DMZ / SSL gateway)

Jump to solution

After a great deal of debugging/troubleshooting, we have narrowed this issue down to an IIS7+ issue currently with the installation of Web Access.

Currently we create an Application Pool to run Web Access and set the 'Managed Pipeline' to 'Integrated'.

Switching this 'Managed Pipeline' to 'Classic' mode appears to resolve the issue.

Quest Support also has a Knowledge Base article on this issue now.

rene11
2 Iron

RE: 2 minute delay on opening .pit file (from DMZ / SSL gateway)

Jump to solution

We are very happy with this solution. It was really an annoying problem and very hard to replicate in another environment.

That's what made this one hard to solve, it only happend on our network.

Anyway, by adjusting one small setting in IIS the problem completely disappeard. That's just amazing!

I want to thank everybody who was involved by solving this problem, thanks for your patience. That includes myself (did you try turning it off and on again ).

0 Kudos

RE: 2 minute delay on opening .pit file (from DMZ / SSL gateway)

Jump to solution

That is an awesome find Yorker! Thanks for providing this!

0 Kudos