Additional Windows proxy configuration

The following sections detail additional ways you might configure the Windows proxy outside of the user interface.

To stop a Windows proxy from the appliance command line

The tw_terminate_winproxy utility, located in the $TIDEWAY/bin/ directory, sends a request to the Windows proxy to terminate. To use the utility, you must have the discovery/slave/write permission. When the utility successfully sends a terminate request to a Windows proxy an audit event is logged. The audit event is called windows_proxy_process_terminate and contains the name of the Windows proxy that the terminate request was sent to.

When using the utility, you must always specify a Windows proxy and a user name. Also, if you do not specify a password, you are prompted for one.

Running proxy as unpriviliged user

If a Windows proxy is not running as either the Local System account or as a member of the Administrators group, tw_terminate_winproxy does not stop the Windows proxy. The following error is logged in the Windows proxy log file:
ERROR: Failed to terminate slave service: [(5, 'OpenSCManager', 'Access is denied.')]

Workaround: Allow the user that the Windows proxy is running to stop the service. This is documented on the Microsoft Support Site.

For more information about the utility and the command line options, see tw_terminate_winproxy.

Windows proxy platform minimum specification

The following specification provides a guide to the minimum recommended specification for the Windows proxy hardware. This specification has been verified on Microsoft Windows 2003 Service Pack 2:




3GHz Intel Pentium® 4 CPU 512k Cache



Hard disk


Windows proxies on Windows XP SP2

A feature introduced in Windows XP SP2 can cause Windows proxies running on that platform to log the following warning in the Windows system log:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

This means there were more than 10 un-ACKed TCP SYNs in a second (normally from attempting to connect to an invalid address). The patched version of Windows XP interprets this as a potential virus and starts to queue connections. This can cause other network activity on the host to be very slow.

More information about the warning can be found on the Microsoft Support Site.

This feature has also been included in Windows Vista and Service Packs for Windows 2003 Server.

Was this page helpful? Yes No Submitting... Thank you