Home

Support for Proxy

%3CLINGO-SUB%20id%3D%22lingo-sub-814370%22%20slang%3D%22en-US%22%3ESupport%20for%20Proxy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-814370%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20WAC%20is%20installed%20as%20the%20Gateway%20Service%20on%20a%20server%20it%20doesn't%20seem%20to%20be%20able%20to%20reach%20the%20internet%20via%20a%20locally%20configured%20proxy%3F%20I%20haven't%20tested%20connecting%20to%20Azure%20but%20the%20issue%20I%20have%20is%20I%20cannot%20connect%20to%20the%20Extensions%20feed%20and%20get%20this%20error%3A%3CSPAN%3E%26nbsp%3BFeed%20is%20not%20available%3A%20'%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fslack-redir.net%2Flink%3Furl%3Dhttps%253A%252F%252Faka.ms%252Fsme-extension-feed%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fsme-extension-feed%3C%2FA%3E%3CSPAN%3E'.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20tried%20configuring%20a%20machine%20proxy%20as%20well%20as%20in%20my%20local%20profile%2C%20but%20that%20also%20didn't%20work.%20In%20the%20end%20the%20only%20way%20I%20could%20get%20WAC%20to%20work%20via%20a%20proxy%20was%20to%20configure%20the%20proxy%20on%20the%20Network%20Service%20account%20that%20the%20WAC%20Gateway%20Service%20runs%20under%20(by%20default).%20Then%20WAC%20was%20able%20to%20connect%20to%20the%20Extensions%20feed.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EObviously%20this%20is%20not%20ideal%20and%20so%20I%20am%20wondering%20if%20we%20could%20have%20a%20way%20of%20configuring%20proxy%20settings%20in%20the%20Settings%20section%20within%20WAC%20in%20future%3F%20Or%20will%20this%20not%20be%20supported%20for%20some%20reason%3F%20Or%20should%20we%20run%20the%20WAC%20Gateway%20Service%20under%20a%20different%20account%20(e.g.%20gmsa)%20and%20set%20the%20proxy%20on%20that%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-833141%22%20slang%3D%22en-US%22%3ERe%3A%20Support%20for%20Proxy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-833141%22%20slang%3D%22en-US%22%3EProxy%20support%20is%20needed%20as%20the%20hack%20to%20provide%20the%20network%20service%20with%20proxy%20settings%20is%20not%20secure.%20Currently%20extensions%20installs%2Fupdates%20and%20Azure%20tools%20are%20affected%20by%20this%20lack%20of%20support.%20You%20can%20run%20the%20service%20as%20another%20account%20however%20this%20changes%20how%20Kerberos%20Resource%20Delegation%20is%20setup%20and%20also%20seems%20to%20break%20the%20remote%20powershell%20function.%20A%20supported%20mechanism%20for%20the%20admin%20center%20to%20work%20with%20a%20forward%20proxy%20for%20any%20internet%20access%20would%20be%20great.%3C%2FLINGO-BODY%3E
Lee Harrison
New Contributor

When WAC is installed as the Gateway Service on a server it doesn't seem to be able to reach the internet via a locally configured proxy? I haven't tested connecting to Azure but the issue I have is I cannot connect to the Extensions feed and get this error: Feed is not available: 'https://aka.ms/sme-extension-feed'.

I tried configuring a machine proxy as well as in my local profile, but that also didn't work. In the end the only way I could get WAC to work via a proxy was to configure the proxy on the Network Service account that the WAC Gateway Service runs under (by default). Then WAC was able to connect to the Extensions feed.

Obviously this is not ideal and so I am wondering if we could have a way of configuring proxy settings in the Settings section within WAC in future? Or will this not be supported for some reason? Or should we run the WAC Gateway Service under a different account (e.g. gmsa) and set the proxy on that?

Thanks

1 Reply
Proxy support is needed as the hack to provide the network service with proxy settings is not secure. Currently extensions installs/updates and Azure tools are affected by this lack of support. You can run the service as another account however this changes how Kerberos Resource Delegation is setup and also seems to break the remote powershell function. A supported mechanism for the admin center to work with a forward proxy for any internet access would be great.