Suraj Singh's ISA server Blog

For people who work on ISA server.

WPAD is working or not

WPAD is working or not

  • Comments 5
  • Likes

Issue: Autodetect opton in proxy settings in browser does not work, when configured users can not access internet through TMG server.

As per http://technet.microsoft.com/en-us/library/cc713344.aspx

ISA Server uses the Web Proxy Automatic Discovery (WPAD) protocol, which allows automatic discovery of Web Proxy servers. ISA Server uses WPAD to provide a mechanism for clients to locate a WPAD entry containing a URL that points to a server on which the Wpad.dat and Wspad.dat files are generated. The Wpad.dat file is a Java script file containing a default URL template, constructed by Internet Explorer. The Wpad.dat file is used by Web Proxy clients for automatic discovery information. The ISA Server WinSock Proxy Autodetect (WSPAD) implementation uses the Wpad.dat file, and creates a Wspad.dat file to provide automatic discovery information to Firewall clients. For more information about the WPAD protocol, see the Web Proxy Auto-Discovery Protocol document.

 

Above article also explains how WPAD option is configured in DHCP as well as in DNS and how browser uses WPAD to get wpad.dat which had the script that tells the browser who is the proxy server and how to route the web requests through proxy server and when to by pass the proxy server.

This post is about when you know that you have configured your DHCP server with option 252 and whenever you use autodetect as proxy setting in your  browser its not able to access internet(in case the client machine is not secureNAT client).

In order to find out if WPAD option is configured properly and the client machine is able to get the option 252 from the DHCP server we can use FWC tool that comes TMG/ISA firewall client and its located at "C:\Program Files (x86)\Forefront TMG Client"

above is the sample when we are able find WPAD and WSPAD. Lets also have a look at this Scenario when Browser is not able to detect the WPAD and we can use FWCtool to find out whats going on

If we take network monitor trace while doing this test we will see following DHCP inform packet with request for WPAD

 

and reply from DHCP server does not have the option 252 for WPAD

Resolution

In this particular scenario we had to reconfigure DHCP option 252 and after that issue got resolved.

Comments
  • Well done Suraj, I'm proud of you my friend :)

  • Thanks Yuri

  • Great article!

  • pretty much a very poor recycle of another MS whitepaper why did you bother.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment