RESOLUTION
To resolve this issue, use Proxycfg.exe to configure the settings for the serverXMLHTTP object.
NOTE: Proxycfg.exe is a command-line utility that is located in the SharePoint Portal Server\Bin folder, which is located in the folder that you installed the program files in during server Setup.
To use Proxycfg.exe to configure the settings for the serverXMLHTTP object
- Open a command prompt on the server.
- Go to the SharePoint Portal Server\Bin folder.
- Type the command using the following syntax:
proxycfg -d -p proxy_name:port_number
"domain_name;<local>"
If you are using a proxy server, you can also use the -u
switch that is described in the "Examples of Command-line Syntax"
section in this article.
- Restart the server.
The Bypass Address List Parameter
In step three, the last parameter (the one that is enclosed in quotation marks [" "]) is the proxy bypass address list. You can specify a wildcard character (*) to indicate all servers, or you can list the actual domain names as bypass addresses. You can separate multiple bypass addresses by typing a semicolon (;) between addresses. The bypass address uses the "*domain" format, (for example, *adventure-works.com), and local addresses are specified as "<local>". You must always specify <local> in the bypass address list so that requests to intranet servers do not go to the proxy server. If you are directly connected to the Internet, and you configured a fake proxy, you need a bypass address for any servers that have Web part catalogs that you want to import from. Examples of this configuration are described in the following section.
Examples of Command-Line Syntax
This section describes examples of the appropriate command line that you can use for your environment. If you type
proxycfg without command switches, the current proxy settings are displayed.
IMPORTANT: You must follow the command line syntax described in this section exactly. If you make a typographic error, such as a missing space, you may not be able to access the dashboard site. After you configure the proxy settings, and you try to access the dashboard site, if you receive the error message that is described in the "Symptoms" section of this article, retype the
proxycfg command line, and make sure that you type it exactly as it is described in this article.
You Are Using a Proxy Server
If you are using a proxy server, use Microsoft Internet Explorer to configure proxy settings correctly (when you use this method, you are less likely to make typing errors). Type
proxycfg -u at the command prompt. If you use the
-u switch, make sure that you have enabled the
Use a proxy server option, and that you have configured the proxy server, port and bypass list in Internet Explorer. If you have selected either the
Automatically detect settings check box or the
Use automatic configuration script check box, you cannot use the
-u switch.
You can also manually enter your proxy settings. When you use the syntax described in the resolution procedure described earlier in this article, type the server name, port and bypass list. For example, if your proxy server name is "Proxy1", and the port number is "80", type the following command:
proxycfg -d -p Proxy1:80 "<local>"
You Are Not Using a Proxy Server
NOTE: If you are not using a proxy server, you must specify a fake proxy and include a bypass list. You must do so because of the way client requests are handled and authenticated in the dashboard site. Client requests that are sent to the dashboard site are received by Internet Information Services (IIS), which uses serverXMLHTTP to connect again by using IIS to pass the request to the Web Storage System (WSS). The client request is authenticated by either Basic authentication or NTLM authentication. On a workspace virtual directory, only NTLM authentication is enabled. If the client uses NTLM, serverXMLHTTP also uses NTLM to access the WSS. When NTLM is used, you must use Proxycfg.exe to configure the proxy server to prevent NTLM from being used to servers directly on the Internet. If you do not configure the proxy server, serverXMLHTTP assumes it is directly connected to the Internet and always uses Basic authentication. Therefore, if NTLM is enabled on the workspace virtual directory, use Proxycfg.exe to configure the proxy server (or a fake proxy if a proxy server is not present) so that serverXMLHTTP uses NTLM authentication.
If the client uses Basic authentication, serverXMLHTTP also uses Basic authentication to access the WSS. In this configuration, you do not have to use Proxycfg.exe to configure the proxy server. To enable Basic authentication on the workspace, it is strongly recommended that you create a new virtual server that points the workspace virtual directories. For more information about how to configure a virtual server, refer to the white paper that is listed in the "More Information" section of this article.
If you are not using a proxy server, run one of the following commands:
- proxycfg -d -p
fake-proxy-name:80 "<local>"
When you run this command, NTLM is enabled on the intranet. You
cannot download Web Parts from any external site, including the
Microsoft Web Part Gallery.
- proxycfg -d -p
fake-proxy-name:80
"http://*.microsoft.com;<local>"
When you run this command, NTLM is enabled on the intranet. You can
download Web Parts from the Microsoft Web Part Gallery that is
located on www.microsoft.com; however, you cannot download Web Parts
from any other site.
Security issues: When you use this setting, security vulnerability
may increase because traffic going to www.microsoft.com may send NTLM
packets. This behavior depends on the Internet Service Provider (ISP)
configuration and if the ports are enabled to allow NTLM packets to
be sent and received.
- proxycfg -d -p
fake-proxy-name:80 "*;<local>"
When you run this command, NTLM is enabled on the intranet. You can
download Web Parts from any Web site.
Security issues: NTLM traffic may be sent to any site on the
Internet. This behavior depends on the ISP configuration and if
ports are enabled to allow NTLM packets to be sent and received.