Web Security Services

Team

The following is the environment that we have:

Web Traffic Redirection used (Integration Policy)

WSS
SEP 14.3 MP1 / 14.3.1169.0100
Office 2016
Email Traffic from MS 365

Using a customized pac file that bypass proxy if the destination is MS365-outlook.

What is the issue?
Outlook works without issues for an average of 10 to 45 minutes and then fails to receive or send emails.

What I have done?
Follow Endpoint Protection Web Traffic Redirection fails to configure proxy settings

  and  Bypass Endpoint Protection Web Traffic Redirection using a custom PAC file

I used the pac file with the Integration policy  , the issue remained.
Then it was used LPSFlags.exe --pac-script proxy.pac --restart but again the issue appeared.

Run Process Monitor
I traced the following pattern
1. Under positive conditions it's confirmed that Outlook bypass the local proxy
2:55:23.9359466 PM OUTLOOK.EXE 13824 TCP Receive ComputerName.Domain.local:64488 -> <MS365IP>:https SUCCESS Length: 165, seqnum: 0, connid: 0
This condition allows Outlook to receive and send emails as long as it continues connected to https.

2. The issue appears when the Outlook traffic shows a change that never recover connection from Outlook to port 443

3:03:19.0569373 PM OUTLOOK.EXE 27772 TCP Receive ComputerName.Domain.local:50077 -> ComputerName.Domain.local:2968 SUCCESS Length: 111, seqnum: 0, connid: 0
3:03:26.9250588 PM OUTLOOK.EXE 27772 TCP Send ComputerName.Domain.local:50033 -> ComputerName.Domain.local:2968 SUCCESS Length: 798, startime: 53588760, endtime: 53588760, seqnum: 0, connid: 0
3:03:26.9251757 PM OUTLOOK.EXE 27772 TCP Send ComputerName.Domain.local:50033 -> ComputerName.Domain.local:2968 SUCCESS Length: 384, startime: 53588760, endtime: 53588760, seqnum: 0, connid: 0
3:03:27.0621392 PM OUTLOOK.EXE 27772 TCP TCPCopy ComputerName.Domain.local:50033 -> ComputerName.Domain.local:2968 SUCCESS Length: 1063, seqnum: 0, connid: 0

3. Confirmed in the registry the value "AutoConfigURL"="http://localhost:2968/proxy.pac"


Question for you:
- Do you have a recommendation or workaround to isolate the issue or even better, to fix it?

Best Regards

Team

The following is the environment that we have:

Web Traffic Redirection used (Integration Policy)

WSS
SEP 14.3 MP1 / 14.3.1169.0100
Office 2016
Email Traffic from MS 365

Using a customized pac file that bypass proxy if the destination is MS365-outlook.

What is the issue?
Outlook works without issues for an average of 10 to 45 minutes and then fails to receive or send emails.

What I have done?
Follow Endpoint Protection Web Traffic Redirection fails to configure proxy settings

  and  Bypass Endpoint Protection Web Traffic Redirection using a custom PAC file

I used the pac file with the Integration policy  , the issue remained.
Then it was used LPSFlags.exe --pac-script proxy.pac --restart but again the issue appeared.

Run Process Monitor
I traced the following pattern
1. Under positive conditions it's confirmed that Outlook bypass the local proxy
2:55:23.9359466 PM OUTLOOK.EXE 13824 TCP Receive ComputerName.Domain.local:64488 -> <MS365IP>:https SUCCESS Length: 165, seqnum: 0, connid: 0
This condition allows Outlook to receive and send emails as long as it continues connected to https.

2. The issue appears when the Outlook traffic shows a change that never recover connection from Outlook to port 443

3:03:19.0569373 PM OUTLOOK.EXE 27772 TCP Receive ComputerName.Domain.local:50077 -> ComputerName.Domain.local:2968 SUCCESS Length: 111, seqnum: 0, connid: 0
3:03:26.9250588 PM OUTLOOK.EXE 27772 TCP Send ComputerName.Domain.local:50033 -> ComputerName.Domain.local:2968 SUCCESS Length: 798, startime: 53588760, endtime: 53588760, seqnum: 0, connid: 0
3:03:26.9251757 PM OUTLOOK.EXE 27772 TCP Send ComputerName.Domain.local:50033 -> ComputerName.Domain.local:2968 SUCCESS Length: 384, startime: 53588760, endtime: 53588760, seqnum: 0, connid: 0
3:03:27.0621392 PM OUTLOOK.EXE 27772 TCP TCPCopy ComputerName.Domain.local:50033 -> ComputerName.Domain.local:2968 SUCCESS Length: 1063, seqnum: 0, connid: 0

3. Confirmed in the registry the value "AutoConfigURL"="http://localhost:2968/proxy.pac"


Question for you:
- Do you have a recommendation or workaround to isolate the issue or even better, to fix it?

Best Regards

Team

The following is the environment that we have:

Web Traffic Redirection used (Integration Policy)

WSS
SEP 14.3 MP1 / 14.3.1169.0100
Office 2016
Email Traffic from MS 365

Using a customized pac file that bypass proxy if the destination is MS365-outlook.

What is the issue?
Outlook works without issues for an average of 10 to 45 minutes and then fails to receive or send emails.

What I have done?
Follow Endpoint Protection Web Traffic Redirection fails to configure proxy settings

  and  Bypass Endpoint Protection Web Traffic Redirection using a custom PAC file

I used the pac file with the Integration policy  , the issue remained.
Then it was used LPSFlags.exe --pac-script proxy.pac --restart but again the issue appeared.

Run Process Monitor
I traced the following pattern
1. Under positive conditions it's confirmed that Outlook bypass the local proxy
2:55:23.9359466 PM OUTLOOK.EXE 13824 TCP Receive ComputerName.Domain.local:64488 -> <MS365IP>:https SUCCESS Length: 165, seqnum: 0, connid: 0
This condition allows Outlook to receive and send emails as long as it continues connected to https.

2. The issue appears when the Outlook traffic shows a change that never recover connection from Outlook to port 443

3:03:19.0569373 PM OUTLOOK.EXE 27772 TCP Receive ComputerName.Domain.local:50077 -> ComputerName.Domain.local:2968 SUCCESS Length: 111, seqnum: 0, connid: 0
3:03:26.9250588 PM OUTLOOK.EXE 27772 TCP Send ComputerName.Domain.local:50033 -> ComputerName.Domain.local:2968 SUCCESS Length: 798, startime: 53588760, endtime: 53588760, seqnum: 0, connid: 0
3:03:26.9251757 PM OUTLOOK.EXE 27772 TCP Send ComputerName.Domain.local:50033 -> ComputerName.Domain.local:2968 SUCCESS Length: 384, startime: 53588760, endtime: 53588760, seqnum: 0, connid: 0
3:03:27.0621392 PM OUTLOOK.EXE 27772 TCP TCPCopy ComputerName.Domain.local:50033 -> ComputerName.Domain.local:2968 SUCCESS Length: 1063, seqnum: 0, connid: 0

3. Confirmed in the registry the value "AutoConfigURL"="http://localhost:2968/proxy.pac"


Question for you:
- Do you have a recommendation or workaround to isolate the issue or even better, to fix it?

Best Regards