HELP! What is causing these "connect to" popups??? (Smartcache issue)

[kennysarmy]

This is driving me nuts....

We are on the SWGfL and use an on-site smartcache box provided by RM/SWGfL/LEA.

The documentation on the box states:

RM SmartTracker allows your users and computers to be identified for auditing purposes. This identification is also used by SafetyNet Universal for user and computer-based filtering. Choose the appropriate identification method below, and then click on the Apply Changes button

I have two choices:
Active Directory authentication (recommended)
&
RM SmartCache Client


RM SmartCache Client works fine but requires me to install a client app on each PC and does have limitations...

RM SmartCache Client is not recommended for use with unmanaged devices or with Windows Terminal Services. RM SmartCache Client is not supported with client computers running operating systems other than Windows.

So we've been trialling the new Active Directory authentication method on our domain...

Users randomly and some constantly get pop-up messages asking them to connect to the IP address of the smartcache and fill in user and password details.

No user is able to replicate the pop-up at will.....

I have a test user and PC on my desk and no amout of websurfing or application opening can force the pop-up to appear - it just does so when it feels like it....sometimes it does nt appear for hours then suddenly it pops-up.

It's more of an annoyance to end users as it does not stop them from surfing the net and the smartcache continues to log their internet activity even if they ignore the pop-up.

I'm looking for some help as to how to troubleshoot this??????

I've now created a new GPO for my test user and applied all the same policies as a standard teacher would get and after much clicking was able to get the pop-up to appear.....
I've now un-linked all the policies to see if it's just one policy that may be causing an issue....

Wondered if there was also a way to somehow see exactly what application it is that is requesting the pop-up?

[kennysarmy]

screenshot attached...

[AngryTechnician]

I am seeing an identical symptom to this with our SmartCache. In my case, it only happens if someone executes an HTTP POST command that is not preceded by a GET within the last minute or so. If the POST is sent very soon after a GET, it works fine.

So, you could load a page with an online form on it, but if you spend more than a minute or two filling it in, you'll get this box when you click Submit.

I have an open case with RM about it, but they're going through the normal support script and I haven't gotten any nearer to solution yet. I would strongly suggest opening a support call, but be prepared to jump through a few hoops to prove to them it's not something simple.

[kennysarmy]

I am seeing an identical symptom to this with our SmartCache. In my case, it only happens if someone executes an HTTP POST command that is not preceded by a GET within the last minute or so. If the POST is sent very soon after a GET, it works fine.

So, you could load a page with an online form on it, but if you spend more than a minute or two filling it in, you'll get this box when you click Submit.

I have an open case with RM about it, but they're going through the normal support script and I haven't gotten any nearer to solution yet. I would strongly suggest opening a support call, but be prepared to jump through a few hoops to prove to them it's not something simple.

Hi

I've used WireShark to try and get to the bottom of this...

can you let me know on affected workstations if you look at taskmanager do you have any processes that start "ISUM" ?

Cheers.

[AngryTechnician]

can you let me know on affected workstations if you look at taskmanager do you have any processes that start "ISUM" ?

Nope, nothing called that.

I'm almost 100% certain that, in my case at least, the workstation configuration has nothing to do with it, as I've been able to reproduce it at will on every workstation I've tried so far.

[pete]

I suspect it'll be java trying to update / check for updates - a new version came out recently.

[kennysarmy]

I suspect it'll be java trying to update / check for updates - a new version came out recently.

Well I've edited the run part of the registry to remove all processes beginning ISUS and the problem seems to have ceased....

I've fed this back to RM to see if they can patch the smartcache in some way....

Now to work out which application installed the damn ISUS* entries...

[Arthur]

Can you let me know on affected workstations if you look at taskmanager do you have any processes that start "ISUM" ?

"ISUM" is the InstallShield Update Manager. That webpage has a program which will uninstall it for you.

[Abaddon]

Thanks for that link.. I've been irritated by that popping up for months!

[kennysarmy]

I've worked out that this:

Patches and Updates - Patches and Updates

was installing the Install Shield Bo**ox....

There is also a section on the smartcache entitled:

Permit Web Access without Identification
Some automatic update processes may not work correctly if either the Active Directory authentication or the RM SmartCache Client with Security option is selected, because the update processes do not support identification.

To overcome this issue, you can allow particularly domains to be visited from any computer without identifying the user, or allow all requests originating from particular servers on your network.

Don't require identification for requests to the following domains



I've analysed some traffic to an affected workstation and found these sites causing requests:
msnportal.112.2o7.net
g.msn.com
estc.msn.com
rad.msn.com
rmd.atdmt.com
go.microsoft.com
c.msn.com
Bing

So have added them in to the list.....