This is a migrated thread and some comments may be shown as answers.

Not all https connections captured

3 Answers 101 Views
Windows
This is a migrated thread and some comments may be shown as answers.
Alan
Top achievements
Rank 1
Alan asked on 09 Jul 2014, 09:55 AM

I am attempting to diagnose an issue with Microsoft's OneDrive for Business sync client and have encountered the problem that Fiddler is not capturing all the https connections made by the client, and I don't understand why.

I am not using a browser here at all, just starting the client manually from the Start menu.

By running Fiddler, Wireshark and Systinternals' Process Monitor simultaneously, I can see clearly that the client process (groove.exe) has https sessions with
nexus.officeapps.live.com, odc.officeapps.live.com, our on-site SharePoint service and O365 - which get captured by Fiddler - and with our ADFS server - which do not.

The process id of the groove.exe process is the same in each case.
There is also an instance of MsoSync.exe, a child of the groove.exe process, which also does not get captured by Fiddler.

Thinking that perhaps the client incorporates more than one http client stack, I have followed the instructions to manually set WinHTTP’s Proxy and also (even though it is not a service) followed the instructions on capturing traffic from .NET services. This made no difference.

Bright ideas on what's going on and how to capture the uncaptured sessions will be gratefully received :-)

Thanks ....


Environment:

Windows 7 (64 bit)
Office 2010 (32 bit)
IE 11
OneDrive for Business client (15.0.4623.1000, 32bit)
Fiddler 4.4.8.4
.NET Framework 4.5.2


3 Answers, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 09 Jul 2014, 05:10 PM
Hello, Alan--

It sounds like the client in question isn't properly picking up the proxy settings; there are a few reasons this can happen:

1> A bug in the client
2> A configuration error in the client
3> The client is running as a different user

It sounds like you're saying that some traffic from Groove.exe is captured and some isn't; that implies that perhaps the Groove client is configured to bypass the proxy for Intranet hosts (e.g. your ADFS server's URL) despite the system proxy being configured otherwise.

If you share a PCAP and SAZ file with me (Help > Send Feedback), I can investigate a bit further.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
Alan
Top achievements
Rank 1
answered on 11 Jul 2014, 08:56 AM
Thanks Eric. Files just sent to the feedback address as requested.

Re item 3: The client is/was running as the same user (me), confirmed by the Process Monitor log.

> that implies that perhaps the Groove client is configured to bypass the proxy for Intranet hosts (e.g. your ADFS server's URL) despite the system proxy being configured otherwise.

I'm not aware of any Groove client configuration options that would have that effect.

Alan.
0
Alan
Top achievements
Rank 1
answered on 18 Jul 2014, 04:18 PM
Just a note that, although I have not solved the problem, I have managed to work around it, i.e. to capture groove's https sessions with our ADFS server - as follows:
  1. Add the ADFS server name to the Windows hosts file, mapping it to 127.0.0.1
  2. Make Fiddler listen on port 443 instead of 8888
  3. In Fiddler's, under Tools | HOSTS map the ADFS server name to its proper IP address

It would be nice not to have to do this though :-)


Tags
Windows
Asked by
Alan
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
Alan
Top achievements
Rank 1
Share this question
or