Additional Windows proxy configuration

The following sections detail additional ways you might configure the Windows proxy outside of the user interface.

To stop a Windows proxy from the appliance command line

The tw_terminate_winproxy utility, located in the $TIDEWAY/bin/ directory, sends a terminate request to the Windows proxy. To use the utility, you must have the discovery/slave/write permission. When the utility successfully sends a terminate request to a Windows proxy, an audit event is logged. The audit event is called windows_proxy_process_terminate and contains the name of the Windows proxy that the terminate request was sent to.

When using the utility, you must always specify a Windows proxy and a user name. If you do not specify a password, you are prompted for one.

Running proxy as unpriviliged user

If a Windows proxy is not running as either the Local System account or as a member of the Administrators group, tw_terminate_winproxy does not stop the Windows proxy. The following error is logged in the Windows proxy log file:
ERROR: Failed to terminate slave service: [(5, 'OpenSCManager', 'Access is denied.')]

Workaround: Allow the user that the Windows proxy is running to stop the service. For more information, see the Microsoft Support Site.

For more information about the utility and the command line options, see tw_terminate_winproxy.

Windows proxy platform minimum specification

The following specification provides a guide to the minimum recommended specification for the Windows proxy hardware. This specification has been verified on Microsoft Windows 2003 Service Pack 2:

Component

Specification

CPU

3GHz Intel Pentium® 4 CPU 512k Cache

Memory

2GB

Hard disk

60GB

Windows proxies on Windows XP SP2

A feature introduced in Windows XP SP2 can cause Windows proxies running on that platform to log the following warning in the Windows system log:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

This message means there were more than 10 un-ACKed TCP SYNs in a second (normally, from attempting to connect to an invalid address). The patched version of Windows XP interprets this as a potential virus and starts to queue connections. This can cause other network activity on the host to be very slow.

For more information about the warning, see the Microsoft Support Site.

This feature has also been included in Windows Vista and Service Packs for Windows 2003 Server.

Related topics

Was this page helpful? Yes No Submitting... Thank you

Comments