Author Topic: Avast Update Problems  (Read 24793 times)

0 Members and 1 Guest are viewing this topic.

maleas

  • Guest
Re: Avast Update Problems
« Reply #15 on: May 29, 2007, 12:54:44 PM »

If you use no-proxy or you manually specify proxy settings (using normal RFC obeying proxy), everything works.
This is indeed a case where everything works.

Quote
If you have proxy which checks user credentials using NTLM (MS proprietary gizmo) it will refuse local SYSTEM account.
I'm afraid I was misunderstood here: in the problematic case, no NTLM is used! In fact the exact same proxy as above (a normal RFC obeying proxy) is used. No user authentication is performed whatsoever! The only thing is that instead of specifying the proxy address and port manually, via the WPAD mechanism this information is automatically discovered. And, furthermore, WPAD and avast worked perfectly up to some months before and that is also what is really confusing me.

kubecj

  • Guest
Re: Avast Update Problems
« Reply #16 on: May 29, 2007, 02:12:51 PM »
If you're confident that there is no user-checking mechanism employed while going thru proxy, I can't see what may cause the problem.

The last option would be taking someone with the knowledge of tcp/ip to the machine and having him inspect the traffic by wireshark/tcpdump/whatever.

BTW: 0x2EFD is CANNOT_CONNECT.

Another request:
Could you please put here the content of your WPAD.DAT? If not, can you send it to me (PM)? We'll make some tests and we want as close as possible behaviour.
« Last Edit: May 29, 2007, 02:45:07 PM by kubecj »

maleas

  • Guest
Re: Avast Update Problems
« Reply #17 on: May 30, 2007, 07:19:34 AM »
If you're confident that there is no user-checking mechanism employed while going thru proxy, I can't see what may cause the problem.
Same here, this one got me really confused.

Quote
The last option would be taking someone with the knowledge of tcp/ip to the machine and having him inspect the traffic by wireshark/tcpdump/whatever.
Tried with wireshark, but unfortunately I do not know the exact time the program tries to update so it's a bit difficult to "catch" the avast traffic.

Quote
Another request:
Could you please put here the content of your WPAD.DAT?
No problem here, thank you for asking me :) The wpad.dat is as follows:
Code: [Select]
function FindProxyForURL(url, host)
{
if (isInNet(host, "192.168.0.0", "255.255.255.0") ||
  isInNet(host, "192.168.1.0", "255.255.255.0") ||
  dnsDomainIs(host, ".our.domain") ||
  isInNet(host, "127.0.0.0", "255.0.0.0") ||
  shExpMatch(host, "localhost"))
    return "DIRECT";
else
    return "PROXY 192.168.0.1:3128";
}
In the above, 192.168.0.1 is the proxy ip address. I've been using the same wpad.dat for about 4 years now.

For the WPAD mechanism to work, the dhcpd.conf file contains:
Code: [Select]
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
default-lease-time 604800;
max-lease-time 604800;
option local-proxy-wpad code 252 = string;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# ad-hoc DNS update scheme - set to "none" to disable dynamic DNS updates.
ddns-update-style none;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;


subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.32 192.168.0.254;
  option routers 192.168.0.1;
  option domain-name "our.domain";
  option domain-name-servers 192.168.0.1;
  option broadcast-address 192.168.0.255;
  option local-proxy-wpad "http://wpad.our.domain/wpad.dat";
  option router-discovery false;
  option subnet-mask 255.255.255.0;

Additionally, our LAN name server resolves wpad.our.domain as follows:
Code: [Select]
$ttl    86400
$ORIGIN our.domain.

@       IN      SOA     our.domain.gr. postmaster.our.domain. (
                        200209101       ; serial, todays date + todays serial #
                        24H             ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
      IN        NS      ns.our.domain.

our.domain.      A       192.168.0.1

localhost       A       127.0.0.1
gw              A       192.168.0.1
wpad            A       192.168.0.1
                TXT     "service: wpad:http://wpad.our.domain/wpad.dat"

An apache server hosted on firewall/proxy machine, at port 80, serves the wpad.dat file.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Avast Update Problems
« Reply #18 on: May 30, 2007, 08:30:09 AM »
maleas

a couple of thoughts ....

1) I am very impressed that you have engaged the thoughtful interest of kubecj ... definitely a plus

2) With wireshark ... perhaps some opportunity to run it by command line at start up.   I recently talked with one of my folks about using an avast4.ini setting (which delays the avast automated VPS update) and we wanted to know if it was real or "fluff".  So he set up a command line wireshark (ok to be completely honest he is still using ethereal - now renamed wireshark) and demonstrated that the avast4.ini delay in VPS auto update is as true as its word.

So if you care for any assistance with wireshark at startup ... just say.   

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Avast Update Problems
« Reply #19 on: May 30, 2007, 02:51:36 PM »
1) I am very impressed that you have engaged the thoughtful interest of kubecj ... definitely a plus
When we're loosing a battle, some soldiers ask for the general to come here 8)

I recently talked with one of my folks about using an avast4.ini setting (which delays the avast automated VPS update) and we wanted to know if it was real or "fluff".
It works for sure... Change the option and check to see an icon on task bar.
Make the logon and see when the icon appears.
The best things in life are free.

kubecj

  • Guest
Re: Avast Update Problems
« Reply #20 on: May 30, 2007, 03:06:36 PM »
Maleas, from our tests it looks like the Internet Explorer settings are not taken in account when running under system account - according to my colleague it seems like there is no download of WPAD file. Oh my.  :-\

Is Windows Update running on such a machine without any additional settings?

maleas

  • Guest
Re: Avast Update Problems
« Reply #21 on: May 31, 2007, 08:47:34 AM »
1) I am very impressed that you have engaged the thoughtful interest of kubecj ... definitely a plus
When we're loosing a battle, some soldiers ask for the general to come here 8)
I can feel for kubecj (and the gang here) actually: interesting problems do tend to attract sysadmins/developers like honey attracts bears :)

Maleas, from our tests it looks like the Internet Explorer settings are not taken in account when running under system account - according to my colleague it seems like there is no download of WPAD file. Oh my.  :-\
Thanks for checking this mate! So the issue is confirmed.

Quote
Is Windows Update running on such a machine without any additional settings?
Yes, perfectly (and I do presume you are talking about the automatic windows update, the one showing up as the globe/yellow shield in the system tray when running).

Still, I believe you'll tackle the problem in no time, considering that this used to work just fine some months ago.

PS: I do have a newbie and a bit off-topic question, being a non-coder (at least for the last 10 years). Where does one change the way a Windows 2000/XP system connect to the Internet, when a SYSTEM (or other special Windows service) account is used? I mean, when in my account I set auto-proxy, or proxy script or manually specify proxy address and port, obviously that affects programs running under my own account, not the programs running under the SYSTEM (or other special service) account is used.

Extending the previous thought, avast gives the user the option to specify the way to connect to the internet. I presume though that whatever is entered there, is used regardless of the currently logged in user. For example if user abcd configures avast to use proxy xxxx:ppp, then user efgh will also see the same proxy selected in avast config. A systemwide setting, for that matter. What happens though when the "Use IE settings" is selected? I always presumed it meant "Use my account's IE settings". Or does it mean (or it should mean) "Use System internet options settings"? Sorry if I managed to confuse you, this is not clear to me as well :)

kubecj

  • Guest
Re: Avast Update Problems
« Reply #22 on: May 31, 2007, 12:56:45 PM »
I think your questions are perfectly legal and if we'd know the reply, we'd solve the issue quickly.

The problem is that we don't know and we can't find it in the docs  :-\

The avast's proxy settings are definitely global.
IE settings are most probably per-user - they reside in HKEY_CURRENT_USER.

What settings are used while running under local system account - don't know (yet).

maleas

  • Guest
Re: Avast Update Problems
« Reply #23 on: May 31, 2007, 01:16:43 PM »
kubecj, perhaps the following MS KB article might be of help, although I admit I didn't have time to read it, so it may not be relevant at all: How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site

kubecj

  • Guest
Re: Avast Update Problems
« Reply #24 on: June 01, 2007, 11:59:25 AM »
Read it, found nothing interesting.

We're now sure problem lies in Wininet library using .DEFAULT user's settings while running under local system account, whereas user's internet settings are saved in user's profile. We'll make some additional hocus pocus regarding that autoscript setting.

maleas

  • Guest
Re: Avast Update Problems
« Reply #25 on: June 06, 2007, 09:20:44 AM »
We'll make some additional hocus pocus regarding that autoscript setting.
Good hunting! And feel free to PM me (or just reply here, auto-notification is enabled for this thread) if I can help with extra data, or some sort of beta-testing :)

Shayk1951

  • Guest
Re: Avast Update Problems
« Reply #26 on: June 06, 2007, 10:52:47 PM »
I have been using Avast for more that 3 years and this is the first time I have ever had problems updating. I deleted the old program, uploaded a new one and even with the box checked in my firewall center, I still cannot update. I even try to manually update and still get the same error message - that it cannot contact my server. Since I am on cable Internet service, I don't understand this. Can anyone help???

Shay

maleas

  • Guest
Re: Avast Update Problems
« Reply #27 on: January 16, 2008, 01:13:20 PM »
Hello all (and a happy new year to the avast team :) )

Any update perhaps on the issue?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Avast Update Problems
« Reply #28 on: January 16, 2008, 05:46:23 PM »
I even try to manually update and still get the same error message - that it cannot contact my server.
Which firewall do you use? Is avast.setup allowed to connect?

Any update perhaps on the issue?
Which is exactly your problem now?
The best things in life are free.

maleas

  • Guest
Re: Avast Update Problems
« Reply #29 on: January 17, 2008, 07:05:02 AM »
Any update perhaps on the issue?
Which is exactly your problem now?
The same problem I had last year of course :) The issue is unresolved. That is, autoupdate with avast configured with proxy information (ip & port) works, whereas autoupdate with avast configured to automatically find the proxy, does not...

EDIT: Corrected text above
« Last Edit: January 22, 2008, 07:44:32 AM by maleas »