ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Schemus LDAP Synchronization Tool and Web Security.cloud Client Site Proxy

book

Article ID: 161527

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

You are using the Web Security.cloud Client Site Proxy and the Schemus LDAP Synchronization Tool and are experiencing issues with the Schemus sync.

Resolution

Schemus should not be run through the Client Site Proxy (CSP) as the CSP relies on NTLM Authentication for anything connecting to it sending information. Schemus does not support NTLM Authentication therefore cannot process the Schemus upload. Please do not select the location of your CSP machine as a proxy within the Schemus Wizard set up as uploads will fail.

If you must have port 3128 only for all traffic and therefore have to send the Schemus upload through the CSP the ONLY work around for this is to remove the NTLM Authentication for Schemus within the Schemus Squid configuration file, which looks like this:

 #Bypass for streaming.'customer'.com
 acl schemus dstdomain api.messagelabs.com
 #TAG: Bypass NTLM & Trip
 http_access allow schemus
 always_direct allow schemus

This bypass has to be placed above the following line in the squid file:

 http_access allow authproxy http_access deny all

Please note that this can cause other issues. For instance, if the file is large, the upload may time out and fail.

If you are using the Microsoft Internet Security and Acceleration (ISA) Server you must create the NTLM auth bypass on the ISA.