Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » MS Terminal Server, Proxy, User Statistics not logging (Issue with user statistics)
  •  
mat

Messages: 7
Karma: 0
Send a private message to this user
Hi All

I have been working hard to get MS Terminal Server W2K3, Kerio Control Proxy server and user authentication running. All works fine, the users on the terminal server get authenticated on proxy (ask for domain login info).

Now, looking at the user statistics, they do not log the traffic of individual users, the traffic gets logged as 'all unauthenticated users'.

looking at the web log, I see what each user is doing and which sites has been visited.

Using Kerio Control 7.2.x. We have updated from version 6.4.x at this release was working ok, logging user traffic statistics for terminal server.

I have setup a new test environment, independent from the client site and the issue is the same. Therefore, my best guess is that there is a bug in recording stats for proxy users. BTW, using workstation and authentication works fine (domain authentication)

I am thankful for any thoughts!

Mat
  •  
mat

Messages: 7
Karma: 0
Send a private message to this user
Nobody? hello Kerio Control Support Team Wink
  •  
bengkel

Messages: 7
Karma: 0
Send a private message to this user
Hi mat,
I have tried these settings below:

IN KWF
Under Authentication Options in users and groups,
Check -> Always Require users to be authenticated
Check -> Force non-transparent proxy server authentication
Check -> Apply to these IP Address ( select your terminal host )
Check -> Enabled users authentication automatically performed by web browser.
Under Proxy server in Content Filtering->HTTP Policy
Check -> Enable non transparent proxy server ,with default port is 3128

ON YOUR terminal server - BROWSERS
IF USING Internet EXPLORER
Force all your users to use proxy server, IN INTERNET OPTION,change into proxy server -> proxy address, with 3128 port
check-> bypass proxy server for local address

you can use GPO in terminal server in order to lock IE proxy settings from unauthorized users.

IF USING FIREFOX
try to googling it, how to lock firefox proxy settings, because i haven't try it.

RESULT from my experiment
1. Everytime your terminal users launch browser, it will ask for username and password , either from local user database or windows AD/Domain.
2. for some HTTPS issue might occur in IE, but works in FIREFOX
3. All user activities will be logged for the next 15-30 minutes. not in realtime.
4. If you set quota limit, it might not works.
5. Download will not works on some websites.
6. HTTP Policy->URL RULES is works perfectly.
7. If you found a solutions for above (3-5), let me know, i'm just as curious as you are.

Cheers,
Bengkel
  •  
sychus

Messages: 3
Karma: 0
Send a private message to this user
Hi boys,

I have the following problem. I'm using KWF like transparent proxy but I've a lot of problems with https sites. Example: facebook, the thing is that I can't block https :// www.facebook.com for a group of users.
I was reading a lot and I found that I've to configure KWF like non-transparent proxy, and now everything works fine, but another big problem is that username and password travel through the network in plain text when I log in! How can I solve that big problem?

Please Help!

Cheers!

Hugo
  •  
bengkel

Messages: 7
Karma: 0
Send a private message to this user
CMIIW,
Instead of blocking https: // www. facebook.com , I think you should use wildcard like this: *facebook* ,
that will include https (if any), and this will running either on transparent proxy or non-transparent.

About plain text, which username and password ? facebook or kerio?

Bengkel
  •  
sychus

Messages: 3
Karma: 0
Send a private message to this user
Hi Bengkel,

Thank you for you answer!. I have a rule with wildcard, in fact I have the same rule *facebook* but it doesn't work on transparent proxy.
The problem with plain text is with kerio credentials.

What can I do?

Tks Hugo
  •  
Gabyt

Messages: 2
Karma: 0
Send a private message to this user
Hello, I have the same problem with https pages. Facebook, hotmail, gmail

The filter url https does not work if they are, I found the solution in the politics of traffic, making the https service Internet traffic that does NAT and creating a new rule just for https. Now the problem is that other sites are also blocked me.


new rule no work
name
HTTPS

origin
User Navigation

destination
Groups pages to block

service
http
https

Action
Deny
  •  
Gabyt

Messages: 2
Karma: 0
Send a private message to this user
Here that the solution is somewhat complicated but it works.

demo.kerio.com

will have to create address groups
create a new rule in traffic polices

Comment if it works.
  •  
bengkel

Messages: 7
Karma: 0
Send a private message to this user
Hi Hugo,
I used these settings below, and works for me for long time.
I can block facebook with/without https
please see the attachment in image files.

Bengkel

./fa/2570/0/

  •  
bengkel

Messages: 7
Karma: 0
Send a private message to this user
and this is for block rules

Bengkel

./fa/2571/0/

  • Attachment: facebook.JPG
    (Size: 32.88KB, Downloaded 1834 times)
  •  
sychus

Messages: 3
Karma: 0
Send a private message to this user
Hi Bengkel,

Thank you for your answer! I've the same configuration and rules and works fine in a non-transparent proxy server configuration. But doesn't work when I try to block https sites like (facebook, twitter, etc)in a transparent proxy server.
I read a lot about this issue and apparently kerio control can't see what happend because all the traffic is encripted. So the only possiblity is to use a non-transparent proxy server configuration.

So, I think that I have to change my kerio control configuration to a non-transparent proxy Sad

Regards!
Previous Topic: Reserved IP address Groups
Next Topic: Kerio Control under same Hyper-V Machine
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 23 00:42:37 CEST 2017

Total time taken to generate the page: 0.00476 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.