<div>Charles,</div>
<div> </div>
<div>I switched over to testing a regular OWA 2003 implementation, so that it wouldn't have any weird configuration the Webshield's (SCM) might have but I can't get it to work and this one times out. I tried to mimic IE with the browser= setting as well with no effect. I enabled debug on the bbnet-test and collected the following information which doesn't give many hints as to the issue. I can still use WGET though to get the webpage requested by Hobbit, so I really feel the issue is somewhere in Hobbit. Any help from anyone would be appreciated.
</div>
<div> </div>
<div>Logs:</div>
<div> </div>
<div>
<p>###[ BB-NETWORK.LOG ]###</p>
<p>2006-12-19 10:43:02 Adding hostname '<a href="http://webmail.uhn.on.ca">webmail.uhn.on.ca</a>' to resolver queue</p>
<p>2006-12-19 10:43:02 Got DNS result for host <a href="http://webmail.uhn.on.ca">webmail.uhn.on.ca</a> : <a href="http://205.211.160.83">205.211.160.83</a></p>
<p>------------------------------------------------------<br>URL : <a href="https://webmail.uhn.on.ca/exchweb/bin/auth/owalogon.asp">https://webmail.uhn.on.ca/exchweb/bin/auth/owalogon.asp</a><br>HTTP status : 0
<br>HTTP headers<br>(NULL)<br>HTTP output<br>(NULL)</p>
<p>2006-12-19 11:00:17 Calc http color host WEBSHIELD-83 : 2006-12-19 11:00:17 <a href="https://webmail.uhn.on.ca/exchweb/bin/auth/owalogon.asp(red">https://webmail.uhn.on.ca/exchweb/bin/auth/owalogon.asp(red</a>) 2006-12-19 11:00:17 --> red
</p>
<p>###[ WGET OUTPUT ]###</p>
<p>bigbrother:/hobbit/server/etc # wget <a href="https://webmail.uhn.on.ca/exchweb/bin/auth/owalogon.asp">https://webmail.uhn.on.ca/exchweb/bin/auth/owalogon.asp</a></p>
<p>--10:55:50-- <a href="https://webmail.uhn.on.ca/exchweb/bin/auth/owalogon.asp">https://webmail.uhn.on.ca/exchweb/bin/auth/owalogon.asp</a><br> => `owalogon.asp'<br>Resolving webmail.uhn.on.ca... <a href="http://205.211.160.83">
205.211.160.83</a><br>Connecting to webmail.uhn.on.ca|205.211.160.83|:443... connected.<br>HTTP request sent, awaiting response... 200 OK<br>Length: 9,532 (9.3K) [text/html]</p>
<p>100%[===================================================================================================================================>] 9,532 8.34K/s </p>
<p>10:55:51 (8.33 KB/s) - `owalogon.asp' saved [9532/9532]</p><br><br> </div>
<div><span class="gmail_quote">On 12/18/06, <b class="gmail_sendername">Charles Jones</b> <<a href="mailto:jonescr@cisco.com">jonescr@cisco.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div text="#000000" bgcolor="#ffffff">Geoff,<br><br>Take my advice with a grain of salt, but my next steps would be:<br><br>1. Attempt using other SSL protocols (you can specify in bb-hosts). Your Webshield appliance may be expecting something other than the default method that Hobbit uses. Here is a snippet from the bb-hosts man page:
<br><br><tt>Some SSL sites will only allow you to connect, if you use specific "dialects" of HTTP or SSL. Normally this is auto-negotiated, but experience shows that this fails on some systems. </tt>
<p><tt>bbtest-net can be told to use specific dialects, by adding one or more "dialect names" to the URL scheme, i.e. the "http" or "https" in the URL: </tt></p>
<p><tt>* "2", e.g. https2://<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.sample.com/" target="_blank">www.sample.com</a>/ : use only SSLv2 <br>* "3", e.g. https3://<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.sample.com/" target="_blank">
www.sample.com</a>/ : use only SSLv3 <br>* "m", e.g. <a>httpsm://www.sample.com/</a> : use only 128-bit ciphers <br>* "h", e.g. <a>httpsh://www.sample.com/</a> : use only >128-bit ciphers <br>* "10",
e.g. http10://<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.sample.com/" target="_blank">www.sample.com</a>/ : use HTTP 1.0 <br>* "11", e.g. http11://<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.sample.com/" target="_blank">
www.sample.com</a>/ : use HTTP 1.1 </tt></p>
<p><tt>These can be combined where it makes sense, e.g to force SSLv2 and HTTP 1.0 you would use "https210".</tt> </p>I suspect that one of the options above will fix your problem. My only other advice if none of that works would be to check the hobbit logs, especially
bb-network.log. I would also consider editing the [bbnet] section of hobbitlaunch.cfg, adding the --debug flag to the CMD options, and then restarting hobbit and then watch stdout and/or the bb-network.log to see if it indicates what the problem is.
<div><span class="e" id="q_10f97f2afc64c0a2_1"><br><br>-Charles<br><br>Geoff Hallford wrote:
<blockquote cite="http://mid78ca5ea20612181229j7c96cb6m5f48bfddb5a44ac0@mail.gmail.com" type="cite">Hi Charles,<br><br>I just used wget w/ SSL to download the file fine but it did complain about the certificate name. Would an invalid certificate affect Hobbit use of HTTPS?:
<br><br>bigbrother:/hobbit/server/www # wget <a onclick="return top.js.OpenExtLink(window,event,this)" href="https://142.224.108.83/apps/SCMClientWin32.exe" target="_blank">https://142.224.108.83/apps/SCMClientWin32.exe</a>
--no-check-certificate<br>--15:27:35-- <a onclick="return top.js.OpenExtLink(window,event,this)" href="https://142.224.108.83/apps/SCMClientWin32.exe" target="_blank">https://142.224.108.83/apps/SCMClientWin32.exe</a><br>
=> `SCMClientWin32.exe' <br>Connecting to <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://142.224.108.83:443/" target="_blank">142.224.108.83:443</a>... connected.<br>WARNING: Certificate verification error for
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://142.224.108.83/" target="_blank">142.224.108.83</a>: self signed certificate<br>WARNING: certificate common name `Webshield.uhn.ca' doesn't match requested host name `142.224.108.83'.
<br>HTTP request sent, awaiting response... 200 OK<br>Length: 12,905,984 (12M) [application/octet-stream]<br><br>100%[===========================================================================================================>] 12,905,984
3.51M/s ETA 00:00<br><br>15:27:41 (3.48 MB/s) - `SCMClientWin32.exe' saved [12905984/12905984]<br><br><br>
<div><span class="gmail_quote">On 12/18/06, <b class="gmail_sendername">Charles Jones</b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:jonescr@cisco.com" target="_blank"> jonescr@cisco.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<div text="#000000" bgcolor="#ffffff">Geoff,<br><br>I guess the next thing to try would be another tool using HTTPs from the hobbit server itself. Either elinks-ssl, curl, or wget w/ SSL support. The goal being to narrow it down to definitely a problem with Hobbit.
<br><br>P.S. I noticed in the Apache banner it says it is on port 1443 instead of the usual 443, so there may be some proxy server or vhost that Hobbit has to go through, which could potentially be part of the problem.<br>
<br>Good luck and let us know if you find the answer.<span><br><br>-Charles<br><br>Geoff Hallford wrote:
<blockquote cite="http://mid78ca5ea20612181120w58b61eccq8ab1ba42b8e66db@mail.gmail.com" type="cite">Hi Charles,<br><br>This is a McAfee Webshield appliance, so I can't go in and check the Apache log. I know the URL is good though because I can access it via any browser from my PC. It's only Hobbit that has an issue with it.
<br><br>Any other thoughts?<br><br>Thanks.<br><br>
<div><span class="gmail_quote">On 12/18/06, <b class="gmail_sendername">Charles Jones</b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:jonescr@cisco.com" target="_blank">jonescr@cisco.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<div text="#000000" bgcolor="#ffffff">HTTPS is definitely working, or else you would not get the Apache banner at the end. It looks like you are simply checking an invalid URL. Check your apache error log and see if it indicates that
SCMClientWin32.exe is being requested from an incorrect path or something.<br><span><br>-Charles</span>
<div><span><br><br>Geoff Hallford wrote:
<blockquote cite="http://mid78ca5ea20612181105q40342db6tf9aeecaccdfaf0be@mail.gmail.com" type="cite">Hi Everyone,<br><br>I still have problems getting Hobbit to check URL's that are HTTP*S*. I have compiled with SSL support and the testing does work on items such as LDAPS and SSH but it will not work for HTTPS. Does anyone have any thoughts? I get the following message:
<br><br>---<br><br>Mon Dec 18 14:01:59 2006: <pre><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://142.224.108.83/apps/SCMClientWin32.exe" target="_blank">https://142.224.108.83/apps/SCMClientWin32.exe
</a> -
Not Found
The requested URL /error/HTTP_BAD_REQUEST.html.var was not found on this server.
Additionally, a 404 Not Found
<p>error was encountered while trying to use an ErrorDocument to handle the request.</p><p>
</p><hr><address>Apache/2.0.55 (Unix) Server at localhost Port 1443</address>
Seconds:
0.00
</pre></blockquote><br></span></div></div></blockquote></div><br><br clear="all"><br>-- <br>'If my answers frighten you then you should cease asking scary questions.' --Sam Jackson from Pulp Fiction </blockquote>
<br></span></div></blockquote></div><br><br clear="all"><br>-- <br>'If my answers frighten you then you should cease asking scary questions.' --Sam Jackson from Pulp Fiction </blockquote><br></span></div></div></blockquote>
</div><br><br clear="all"><br>-- <br>'If my answers frighten you then you should cease asking scary questions.' --Sam Jackson from Pulp Fiction