Cannot Sync through a corporate proxy
I am connecting via a corporate proxy that performs TLS connection inspection. This means that the client gets a non-trusted intermediate certificate. The 1Password client will successfully login and retrieve the configuration but will not sync changes back to my account. I created a side-by-side configuration file to point to a cntlm proxy to see if this resolved the issue but it is still occurring.
I am seeing the following lines repeated in the log file (I have masked out the identifiers):
I176926msThreadId(20)1Password::api:1673 │ 176927ms │ network connection okI176928msThreadId(4)1Password::api:1673 │ 176928ms │ Using proxy configuration, address: True, valid address: True, username: False, password: False
I176935msThreadId(4)1Password::api:1673 │ 176935ms │ proxy is in use
I176935msThreadId(4)1Password::api:1673 │ 176935ms │ network configured in 317ms
I179604msThreadId(4)1Password::api:1673 │ 179605ms │ > authorize account #1; account uuid: xxxxxxxxxxxxxxxxxxx; device uuid: xxxxxxxxxxxxxxxxxxxxx; user uuid: xxxxxxxxxxxxxxxxx
sessionId: xxxxxxxxxxxxxxxxxxxx
time: 2,669ms I171366msThreadId(4)1Password::api:1673 │ 171366ms │ watchtower update started
I171368msThreadId(4)1Password::api:1673 │ 171368ms │ watchtower update completed
W175302msThreadId(11)1Password::notifier:153 │ 175302ms │ notifier connection failed for account 1: Io(Os { code: 10061, kind: ConnectionRefused, message: "No connection could be made because the target machine actively refused it." })
W176617msThreadId(4)1Password::api:1679 │ 176617ms │ Network request #120 failed in 1,090ms, status ConnectionClosed (The underlying connection was closed: The connection was closed unexpectedly.)
I176617msThreadId(4)1Password::api:1673 │ 176617ms │ checking network and applying any changes
I176701msThreadId(4)1Password::api:1673 │ 176701ms │ > sync
account id: 1; type: I; session id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> HTTP overview
> HTTP account/attrs
> HTTP PATCH vault/h4aspiuqwfblda36pfl7ktfcta/19/items
batch push complete; updated: 0; failed: 0; new vault content version: 0; success: False
time: 2,334ms
1Password Version: 7.3.67
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided
Comments
-
Hey, @hurdlea! TLS inspection will be a problem. Do you have the option to whitelist applications and exempt them from inspection? I'm assuming not or you'd likely have just done that, but better to ask. I'm happy to provide any info you need from us in order to accomplish that, if it's an option. If not, there won't be a way to make 1Password for Windows work in your environment, so I'd suggest using 1Password X instead:
https://support.1password.com/getting-started-1password-x/
1Password X is browser extension that doesn't require a desktop app and, in my experience, things that run in your browser tend to work better in this situation. If you decide to give it a go, let me know how it works for you. And, of course, any questions (whether about 1Password X or whitelisting), just ask. :chuffed:
0 -
Thank you for the Password X suggestion as this seems to give me what I need. The desktop app was so close to working though it was just missing the capability to push changes back to the server.
0 -
I spoke too soon the 1Password X client can't write back to the server either. I get the following error when I try to save a login:
"We were unable to reach the server. Please check your internet connection and try again." Is the client trying to reach a server interface on any port other than 80 or 443 as these are explicitly blocked by our firewall/proxy rules? It doesn't seem to be a TLS cert issue as that is generally reported as a trust issue rather than a straight connection refused problem. Any ideas?0 -
The first two of those are, I believe, needed for Watchtower to work, @mgrad92. The first for the Compromised Passwords list and the second for Vulnerable Passwords powered by Troy Hunt's Pwned Passwords. Theoretically, neither is needed (for 1Password X or 1Password for Windows) if Watchtower is disabled in the apps. App Center is for automated anonymized crash reporting for the Windows app and most likely not needed for 1Password X. If you can't tell, I'm not totally certain about that last one, so I'm gonna tag in @cecelia to confirm for me as I'm almost certain she'll know off-hand if I'm off base. :+1:
0