Proxy issues again .........................................
Well 1Password 6 made me reconfigure all my accounts after the latest update, and absolutely nothing I do will make it use a proxy.
The system proxy settings are set to use an explicit auto config script (pac file). Automatically detect settings (WPAD) is disabled.
I've modified the config file; here's the proxy settings I've attempted:
<system.net> <defaultProxy useDefaultCredentials="true"> <proxy autoDetect="True" usesystemdefault="True" /> </defaultProxy> </system.net>
(that's the default).
When I try to sign in to my teams account, it says to check my details and network connection. According to wireshark and the proxy logs, it does not connect to the proxy. It doesn't fetch the PAC file, either.
<system.net> <defaultProxy> <proxy proxyaddress="http://<hostname>:<port>" /> </defaultProxy> </system.net>
Same result as default settings. Does not attempt to connect to the proxy at all.
<system.net> <defaultProxy enabled="true" useDefaultCredentials="false"> <proxy autoDetect="false" proxyaddress="http://127.0.0.1:3128" usesystemdefault="false" /> </defaultProxy> </system.net>
Same result as default settings. Does not attempt to connect to the proxy at all.
<system.net> </system.net>
Same result as default settings. Does not attempt to connect to the proxy at all.
Any hints?
1Password Version: 6.0.239
Extension Version: NOT INSTALLED
OS Version: Windows 10 Version 1607 (14393.187)
Sync Type: 1Password Teams
Comments
-
Hi @bennett,
Unfortunately, there's no direct support for PAC files at the moment. Microsoft uses WPAD to handle PAC files for the network library we're using now after the 197d update.
Have you tried this:
<defaultProxy useDefaultCredentials="false"> <proxy autoDetect="False" usesystemdefault="False" /> </defaultProxy>
This worked for one user.
Also, the location of the PAC file, is it hosted from a remote server that requires authentication?
If the above one doesn't work either, can you enter this command in the command prompt and tell me what it says:
netsh winhttp show proxy
.0 -
Hi,
Sorry to hijack the thread but it seems that I have the same issue. On our work network, we have to use a proxy (no authentication required). It seems that 1Password does not use the proxy (pushed via GPO to our IE config).
I entered the command and here's the result
Current WinHTTP proxy settings:
Direct access (no proxy server).0 -
Have you tried entering the proxy credentials directly in Settings > Options > Network?
Cheers,
Alex
0 -
Hi @geofox,
It's not that 1Password isn't using it, it's trying to get the proxy config from Windows but Windows is saying there is no proxy server. That's what the command does, shows what Windows is returning to 1Password.
You said you have to give an IP address, is this the address of the proxy server or the address of the server that's hosting a PAC file?
0 -
Hi Matt,
That's the IP address of the server. It seems Others apps use the proxy though (no issue with Chrome, Spotify, ...)
0 -
Hi @geofox,
Most desktop programs have extra coding to handle this, 1Password 6 Beta is still relatively young and uses Microsoft's network library, which doesn't handle proxy really well for us.
Did you try editing the config file manually to do this:
<system.net> <defaultProxy> <proxy proxyaddress="http://<hostname>:<port>" /> </defaultProxy> </system.net>
If you're not sure how to do this, please email us at support+windowsbeta@agilebits.com with the link to this thread and your forum username included, so we can connect the dots.
Let us know here when you've sent the email, so we can confirm we got it.
0 -
@MikeT I've tried
<system.net> <defaultProxy> <proxy proxyaddress="http://<hostname>:<port>" /> </defaultProxy> </system.net>
with both 127.0.0.1:3128 (local cntlm) and also an external host (also cntlm). In both cases, wireshark shows no tcp sessions to the proxy, only direct to the origin server, and tcp ports 80 and 443 are blocked from the corporate network to the internet.
I've tested both of the proxies using other programs (IE, Chrome, Dropbox, Invoke-RestMethod, curl), and they both work fine.
Since wireshark shown no proxy traffic at all, no matter what settings are used, I expect it's actually a regression in the new version of 1Password.
I've also tried turning the proxy off entirely as you suggested, but tcp ports 80 and 443 are blocked from the corporate network to the internet.
0 -
Hi MikeT,
The config file did the trick for me. Maybe AgileBits could make it an option in the app directly (not only the credential but also the IP/FQDN of the proxy)? I'm not sure but I think it was an option before, during the beta.
Anyway, thank you for your help. I was a bit lost without 1Password at work ;)
0 -
Hi guys,
@GeoFox, I'm glad to hear that. We do plan to add it, we just need to make sure it works in the way we expect it. I'm going to send you a private message if you don't mind.
@bennett, Yea, I'm still not sure why you're not picking up any traffic even when there's direct connect enabled, unless you have a new security program or system changes that is blocking the app right from the beginning, before it reaches the network.
I did get your email and I'll reply there soon.
ref: DWC-86625-854
0 -
Great, I've contacted you via PM.
0 -
I'll reply to your email about this, I'm not sure what else it could be.
0 -
Well I've finally had some success.
Initial 1Password version: 6.0.239.
- System proxy settings:
Was using a (valid!) PAC file.
Disabled this and set explicit proxy instead (cntlm on a linux box). - Apply 1Password 6 proxy settings (below).
- Still can't log into 1Password teams account, so create an opvault in 1Password 4, and load that in 1Password 6.
- After logging into a local account, 1Password 6 prompts for update. 6.1.272 installer ran successfully, but after that, 1Password 6 refused to launch (exited before displaying its main window). Event logs below.
- Workaround: delete folder %LOCALAPPDATA%\1Password and relaunch. 1Password 6 launches fine. Quit and re-apply 1Password 6 proxy settings from step 2.
- Can now log into 1Password teams account!!!!! :D
- Revert IE proxy settings (the PAC file is required for other apps).
- Create new item to test sync, all working fine.
Comments:
- Using a cntlm proxy to rule out proxy auth issues.
- Dropbox and Onedrive login both worked fine from 1Password. The entire time. From both 6.0.239 and 6.1.292. But Teams only worked after updating to 6.1.292. So it looks like the issue was with signing in to 1Password teams only.
- When signing in to dropbox on both 6.1.292 and 6.0.239, it briefly shows an error page after authenticating to Dropbox, but then it successfully signs in and shows a list of vaults.
Proxy settings at step 2 (in %LOCALAPPDATA%\1Password\app\6\AgileBits.OnePassword.Desktop.exe.config):
<system.net> <defaultProxy enabled="true" useDefaultCredentials="false"> <proxy autoDetect="false" proxyaddress="http://<cntlm_proxy>:3128" usesystemdefault="false" /> </defaultProxy> </system.net>
First event:
Application: AgileBits.OnePassword.Desktop.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileLoadException at AgileBits.OnePassword.Program.CreateGlobalContainer(System.String[]) at AgileBits.OnePassword.Program.Main(System.String[])
Second event
Faulting application name: AgileBits.OnePassword.Desktop.exe, version: 6.1.272.0, time stamp: 0x57ffbac9 Faulting module name: KERNELBASE.dll, version: 10.0.14393.321, time stamp: 0x57f4c4f0 Exception code: 0xe0434352 Fault offset: 0x0000000000017788 Faulting process ID: 0x82d8 Faulting application start time: 0x01d228070306d5a4 Faulting application path: C:\Users\ez000057\AppData\Local\1Password\app\6\AgileBits.OnePassword.Desktop.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report ID: b42a9fc3-e6b7-4cd9-9a5e-f208e5cec207 Faulting package full name: Faulting package-relative application ID:
0 - System proxy settings:
-
Hi @bennett,
Thanks for taking the time to write all of that for us.
I'm a little confused as to why it continues to work after you reverted back to the original PAC file. Please do keep an eye on this, in case it may be temporary. I would suggest checking the sync after you do a reboot.
Using a cntlm proxy to rule out proxy auth issues.
I've never heard of Cntlm before, we'll add that to our list of tools. Thank you once again.
Dropbox and Onedrive login both worked fine from 1Password. The entire time. From both 6.0.239 and 6.1.292. But Teams only worked after updating to 6.1.292. So it looks like the issue was with signing in to 1Password teams only.
That's always been the case for us as well, no one had any issues using these popular services as they're often whitelisted by default.
When signing in to dropbox on both 6.1.292 and 6.0.239, it briefly shows an error page after authenticating to Dropbox, but then it successfully signs in and shows a list of vaults.
This is a known issue, the authentication process is done via HTTPS on the Dropbox website, so it's essentially using the older IE engine to render the web view to log you in, which is where the errors are coming from.
Once we get the authentication token from Dropbox, we then take you back to our native view.
0 -
I'm having what appears to be the very same experience. I've recently installed the Windows client (6.3.359) running on a Win7 enterprise install and logging into 1P is failing. If I run the command 'netsh winhttp show proxy', I get the same response ("no proxy server"). I see a reference in this thread to a configuration file that may address this problem. If so, could I get specific instructions as to how to implement it?
0 -
Hi @jgoldstein,
We don't use that configuration file anymore, we've made changes to remove the need for it.
First, let's make sure this is a proxy issue. Can you email us the logs from Windows' Event Viewer when you reproduce this issue in 1Password.
- Click on Start Menu, search for Event Viewer and open it
- On the left sidebar, expand Custom Views on the top and then click on Administrative Events
- Reproduce the issue with 1Password
- Go back to the Event Viewer, right-click on the list to refresh. You should see errors from the source .NET Runtime. Right-click on the error to select Copy > Copy Details as text.
- Paste it into a new text file with NotePad, save it and attach it to an email, send that email to us at support+windows@agilebits.com along with your forum username and the link to this thread, so we can connect the dots.
Please let us know here when you sent it, so we can confirm we got the email.
Thanks!
0 -
Hi MikeT,
I first cleared Event Viewer of its Administrative Events so I could start with a clean slate. I reproduced the issue with 1P. Four administrative events were generated, all with the source OPW6. I copied the details of each event to a separate file and emailed all four files to the email address you indicated. The email I received provided me with a support ID of #FIS-64967-481. I suspect you can link my email to this issue with that ID. Let me know what you find!
0 -
0
-
Hi,
I am facing the same issue like jgoldstein.
I mailed the events to the provided mail address.
Ticket ID is #RFY-23431-841BR
Michael
0 -
@ Greg: Sure, I answered your mail already
0 -
So did I. Have a great weekend.
0 -
Leaving this here for my own future reference.
<system.net> <defaultProxy enabled="true" useDefaultCredentials="false"> <proxy autoDetect="false" proxyaddress="http://<cntlm_proxy>:3128" usesystemdefault="false" /> </defaultProxy> </system.net>
6.4 update reverted proxy settings. Could log in, but no sync. Windows settings uses WPAD, no explicit proxy, locked by group policy. The settings above fixed it. (Same as before the update).
When will we get WPAD by default for 1Password?
0 -
Hi @bennett,
Can you update to 1Password 6.5 released today and enter the proxy address in the Proxy settings to see if it works outside of the box. We have seen a few confirmations that this was enough for some PAC/WPAD users but not all cases.
Please let me know.
The issue with WPAD is that .NET network stack we're using from Microsoft doesn't really like it much and so, we have to keep adding workarounds to make it work.
0