Tuesday, May 6, 2014

Generalizing Proxy Globally



Situation:
We have quite some branches worldwide and most of them using a proxy. The problem is; most proxy servers have different host names, so when end users travel to other branches, the wrong proxy setting is applied and either surfing is slow or not working at all
Now we need to standardize the proxies. One way would be to change all the host names globally, but this is not preferred. First of all: DNS would go mad, administrating isn’t going to be any easier + users might end up connecting to a wrong proxy after all. We chose to generalize the proxy settings through GPO’s and a local DNS zone.
First of all: all our sites with internet break outs do have DNS integrated domain controllers in place. This made life a lot easier! I’ve started with setting up a local forward lookup zone on ALL domain controllers worldwide. For the sake of explaining: let’s just say we have 3 sites: Holland (with proxy holland-proxy.work-around.it), US (with proxy us-proxy.work-around.it) and Japan (with proxy japan-proxy.work-around.it)
To add a forward lookup zone using the Windows interface
1. Open DNS Manager.
2. In the console tree, right-click a DNS server, and then click New Zone to open the New Zone Wizard.
3. Follow the instructions to create a new primary zone, secondary zone, or stub zone. –> In this case we would need a primary zone, non-AD integrated (we do not want local zones to replicate, this would go against the whole principal of a local zone!). The zone name here would be: local.work-around.it
Next thing we need is a CNAME record in our brand new local zone: that points towards our proxy host:
To add an alias (CNAME) resource record to a zone using the Windows interface
1. Open DNS Manager.
2. In the console tree, right-click the applicable forward lookup zone (local.work-around.it), and then click New Alias.
3. In Alias name, type the alias name: proxy
4. In Fully qualified domain name (FQDN) for target host, type the FQDN of the DNS host computer for which this alias is to be used: In this example:
Holland: proxy-holland.work-around.it.
US: proxy-US.work-around.it.
Japan: proxy-japan.work-around.it
5. As an option, you can click Browse to search the DNS namespace for hosts in this domain that have host (A) resource records already defined.
6. Click OK to add the new record to the zone.
These two steps needs to be done on ALL domain controllers, so it’s a bit of work. But it will be worth it!
After this step, we need another A record in the normal forward lookup zone pointing to the local.work-around.it cname record:
1. Open DNS Manager.
2. In the console tree, right-click the applicable forward lookup zone (work-around.it), and then click New Alias.
3. In Alias name, type the alias name: proxy
4. In Fully qualified domain name (FQDN) for target host, type the FQDN of the DNS host computer for which this alias is to be used: In this example: proxy.local.lmsintl.com.
5. Click OK to add the new record to the zone.
…And finally:
We need to set up a GPO to enforce the proxy settings:
1. Click Start – All programs – Administrative Tools – Group Policy Management.
2. Create or Edit Group Policy Objects.
3. Expand User configuration – Policies – Windows Settings – Internet Explorer Maintenance – Connection.
4. In right Pane, open Proxy Settings
5. Use proxy.local.work-around-it as your proxy setting with your own preferred port
undefined










If the issue is still not fixed, it can be a very critical problem with your computer affecting your personal data and the Windows Operating System. You will have to chat with our Experts or you can check with your local technician to get the problems fixed with very high priority.

                                                         undefined

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

DMCA.com Protection Status