Hi All,
Hoping for some information/assistance. Currently testing Windows 8 Ent x64 in our Domain Environment. All works well for the built in apps and certainly looks promising. Hoping to get quite a few Surface or other W8 Tablets in the organisation if I can fix this final issue.
I currently cannot install any Apps via the App Store through or Microsoft TMG 2010 SP2 product. I can change rules on the TMG to help make this work if necessary.
This is the message I am currently experiencing when I attempt to install an App:
"Your purchase couldn't be completed. Something happened and your purchase can't be completed"
I hit Try Again and immediately I get the same message. I have traced it to WindowsUpdate.log in the Windows dir which shows:
2012-11-01 12:12:30:243 852 47cc Agent *************
2012-11-01 12:12:30:243 852 47cc Agent ** START ** Agent: Finding updates [CallerId = WSAcquisition]
2012-11-01 12:12:30:243 852 47cc Agent *********
2012-11-01 12:12:30:243 852 47cc Agent * Include potentially superseded updates
2012-11-01 12:12:30:243 852 47cc Agent * Online = Yes; Ignore download priority = No
2012-11-01 12:12:30:243 852 47cc Agent * Criteria = "AppCategoryIDs contains '5e19cc61-8994-4797-bdc7-c21263f6282b'"
2012-11-01 12:12:30:243 852 47cc Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2012-11-01 12:12:30:243 852 47cc Agent * Search Scope = {Current User}
2012-11-01 12:12:30:243 852 47cc Agent * Caller SID for Applicability: S-1-5-21-1390067357-746137067-1202660629-26658
2012-11-01 12:12:30:243 852 47cc EP Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "http://fe1.ws.microsoft.com/w8/2/redir/storeauth.cab"
2012-11-01 12:12:30:244 852 47cc EP Got 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 redir Client/Server URL: "https://fe1.ws.microsoft.com/v6/ClientWebService/client.asmx"
2012-11-01 12:12:30:247 852 47cc PT Skipping StartCategoryScan, no categories require server checks.
2012-11-01 12:12:30:248 852 47cc PT +++++++++++ PT: Synchronizing server updates +++++++++++
2012-11-01 12:12:30:249 852 47cc PT + ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}, Server URL = https://fe1.ws.microsoft.com/v6/ClientWebService/client.asmx
2012-11-01 12:12:30:256 852 47cc WS WARNING: Nws Failure: errorCode=0x803d0006
2012-11-01 12:12:30:256 852 47cc WS WARNING: There was an error communicating with the endpoint at 'https://fe1.ws.microsoft.com/v6/ClientWebService/client.asmx'.
2012-11-01 12:12:30:256 852 47cc WS WARNING: The operation timed out after 60000 (0xEA60) milliseconds.
2012-11-01 12:12:30:256 852 47cc WS WARNING: The operation could not be completed because the channel has been aborted.
2012-11-01 12:12:30:256 852 47cc WS WARNING: Web service call failed with hr = 8024401c.
2012-11-01 12:12:30:256 852 47cc WS WARNING: Current service auth scheme='None'.
2012-11-01 12:12:30:256 852 47cc WS WARNING: Proxy List used: 'PROXYIPHERE:8080', Bypass List used: '(null)', Last Proxy used: 'PROXYIPHERE:8080', Last auth Schemes used: 'None'.
2012-11-01 12:12:30:256 852 47cc WS FATAL: OnCallFailure(hrCall, m_error) failed with hr=0x8024401c
2012-11-01 12:12:30:256 852 47cc PT WARNING: PTError: 0x8024401c
2012-11-01 12:12:30:256 852 47cc PT WARNING: SyncUpdates_WithRecovery failed.: 0x8024401c
2012-11-01 12:12:30:256 852 47cc PT WARNING: Sync of Updates: 0x8024401c
2012-11-01 12:12:30:256 852 47cc PT WARNING: SyncServerUpdatesInternal failed: 0x8024401c
2012-11-01 12:12:30:256 852 47cc Agent * WARNING: Failed to synchronize, error = 0x8024401C
2012-11-01 12:12:30:256 852 47cc Agent * WARNING: Exit code = 0x8024401C
2012-11-01 12:12:30:256 852 47cc Agent *********
2012-11-01 12:12:30:257 852 47cc Agent ** END ** Agent: Finding updates [CallerId = WSAcquisition]
2012-11-01 12:12:30:257 852 47cc Agent *************
The key line here being: Last auth Schemes used: 'None'
Which gives the error: hr=0x8024401c - Authentication error?
This leads me to the TMG live Proxy log. Which shows all as Allowed Connection but the HTTP Status Code is 407 Proxy Authentication Required:
| Status: 407 Proxy Authentication Required | |
| Rule: Allow Unfiltered Internet | |
| Source: Internal (172.16.2.23:64163) | |
| Destination: External (172.23.0.10:443) | |
| Request: fe1.ws.microsoft.com:443 | |
| Filter information: Req ID: 0f74228b; Compression: client=No, server=No, compress rate=0% decompress rate=0% | |
| Protocol: SSL-tunnel | |
|
User: anonymous Is there a rule that needs to be added to the TMG/Web Access Policy to allow Unauthenticated traffic to certain domains or is there something on Windows 8 (without having to install anything as this is not an easy solution to roll out to RT tablets for example) Many Thanks for any assistance. I may crosspost this to the Windows 8 forum too. Regards, Dan. |
|