Not all https connections captured

4 posts, 0 answers
  1. Alan
    Alan avatar
    4 posts
    Member since:
    Jul 2014

    Posted 09 Jul 2014 Link to this post

    I am attempting to diagnose an issue with Microsoft's OneDrive for Business sync client and have encountered the problem that Fiddler is not capturing all the https connections made by the client, and I don't understand why.

    I am not using a browser here at all, just starting the client manually from the Start menu.

    By running Fiddler, Wireshark and Systinternals' Process Monitor simultaneously, I can see clearly that the client process (groove.exe) has https sessions with
    nexus.officeapps.live.com, odc.officeapps.live.com, our on-site SharePoint service and O365 - which get captured by Fiddler - and with our ADFS server - which do not.

    The process id of the groove.exe process is the same in each case.
    There is also an instance of MsoSync.exe, a child of the groove.exe process, which also does not get captured by Fiddler.

    Thinking that perhaps the client incorporates more than one http client stack, I have followed the instructions to manually set WinHTTP’s Proxy and also (even though it is not a service) followed the instructions on capturing traffic from .NET services. This made no difference.

    Bright ideas on what's going on and how to capture the uncaptured sessions will be gratefully received :-)

    Thanks ....


    Environment:

    Windows 7 (64 bit)
    Office 2010 (32 bit)
    IE 11
    OneDrive for Business client (15.0.4623.1000, 32bit)
    Fiddler 4.4.8.4
    .NET Framework 4.5.2


  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 09 Jul 2014 Link to this post

    Hello, Alan--

    It sounds like the client in question isn't properly picking up the proxy settings; there are a few reasons this can happen:

    1> A bug in the client
    2> A configuration error in the client
    3> The client is running as a different user

    It sounds like you're saying that some traffic from Groove.exe is captured and some isn't; that implies that perhaps the Groove client is configured to bypass the proxy for Intranet hosts (e.g. your ADFS server's URL) despite the system proxy being configured otherwise.

    If you share a PCAP and SAZ file with me (Help > Send Feedback), I can investigate a bit further.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  3. Alan
    Alan avatar
    4 posts
    Member since:
    Jul 2014

    Posted 11 Jul 2014 in reply to Eric Lawrence Link to this post

    Thanks Eric. Files just sent to the feedback address as requested.

    Re item 3: The client is/was running as the same user (me), confirmed by the Process Monitor log.

    > that implies that perhaps the Groove client is configured to bypass the proxy for Intranet hosts (e.g. your ADFS server's URL) despite the system proxy being configured otherwise.

    I'm not aware of any Groove client configuration options that would have that effect.

    Alan.
  4. Alan
    Alan avatar
    4 posts
    Member since:
    Jul 2014

    Posted 18 Jul 2014 Link to this post

    Just a note that, although I have not solved the problem, I have managed to work around it, i.e. to capture groove's https sessions with our ADFS server - as follows:
    1. Add the ADFS server name to the Windows hosts file, mapping it to 127.0.0.1
    2. Make Fiddler listen on port 443 instead of 8888
    3. In Fiddler's, under Tools | HOSTS map the ADFS server name to its proper IP address

    It would be nice not to have to do this though :-)


Back to Top