ProxyClient installation is failing with HTTP 400 or 403 response from client manager.
Affected products and versions
ProxyClient 3.x and later.
On Windows 7, after applying the Microsoft Windows update KB2585542, communication between the Proxy Client workstation and the Client Manager will be impaired resulting in the following observed symptoms:
Microsoft introduced KB2585542 to defeat man in the middle attacks (please refer CVE-2011-3389 for more details). For this patch, Microsoft modified the way that the Windows Secure Channel component sends and receives encrypted network packets. Software and config downloads from client manager stopped working in Proxyclient after the Windows updates since Proxyclient was relying on one of the symmetric ciphers that was found to be vulnerable.
This issue has been fixed in ProxyClient 22.214.171.124, released to limited availability (LA) on January 30th 2012 and 126.96.36.199 on June 19th 2012. At this time since the release is in LA status, please contact Blue Coat Support to obtain a link to download the latest ProxyClient software (currently version 188.8.131.52 and 184.108.40.206 with additional critical fixes, as of the update of this article on 6/21/2012).
Important Note: The issue also resides on the ProxySG (client manager) as well. Utilizing the fix on either side (SG or ProxyClient) will resolve the issue. However, because the issue also affects machines that are not running ProxyClient, it is recommended you apply the SGOS fix as it resolves the issue for both (workstations with ProxyClient installed and not). The fix in the ProxySG has been released to general availability (GA) in SGOS version 220.127.116.11 and in 18.104.22.168 patch release (PR). Please contact Blue Coat Support to obtain the latest PR with this fix (currently version 22.214.171.124, as of the the update of this article on 6/21/2012). The GA fix of 126.96.36.199 has an ETA release date of 7/25/2012. Please check the download page for availability of this release.
Note: You can also subscribe to update notifications of the SGOS releases. See the following article for more information: FAQ155
Note: If clients are protected with Web filtering auto-detection, a reboot of the work station may be required.
If upgrading to apply the fix is not a viable option, at customers' discretion, a known workaround is to uninstall Windows update KB2585542.
The cipher suite that Proxyclient uses has been modified to avoid using the algorithms found vulnerable. This issue has been fixed in ProxyClient 188.8.131.52.
However, since Proxyclient’s software update depends on the SSL communication that is affected by the Windows update, customers will have to roll out the ProxyClient update through other means like GPO or SMS.
If GPO or SMS is not an option then the ProxyclientSetup EXE could be shared to users (using a webpage, windows file share or something similar) and users could be requested to download the setup EXE and run it, which will update the software.
Rate this Page
Please take a moment to complete this form to help us better serve you.