Microsoft KB Archive/160672

= Using the Proxy Server 1.0 Port Investigation Mode Feature =

Article ID: 160672

Article Last Modified on 8/11/1999

-

APPLIES TO


 * Microsoft Proxy Server 1.0 Standard Edition

-



This article was previously published under Q160672



SUMMARY
Proxy Server 1.0 contains an "undocumented" feature called Investigation Mode that allows you to log the TCP ports requested by WinSock applications. With this information, you can add a port range for WinSock applications that are not common or require multiple ranges of ports to the WinSock Proxy service.

Because this feature has not been fully tested for general use, it is unsupported and has no warranties from Microsoft concerning the performance of Proxy Server while this feature is enabled. The results will vary depending on the WinSock application that is being tested. Multiple logs may have to be created to find a range of ports for a troublesome application.



To Set Up Investigation Mode
 Grant the user of the WinSock application "unlimited access" in the WinSock Proxy service permissions tab.

The unlimited access permission allows users access to ALL ports through the proxy server. Make sure other "unlimited users" do not use the Winsock proxy during testing otherwise multiple ports will be logged.  Enable investigation mode.

WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

Investigation mode is invoked and controlled via the registry. Add the following two values in the Parameters section of WSPSrv registry key:      Hkey Local Machine\System\CurrentControlSet\Services\ WSPSrv\Parameters NOTE: Unlike most registry entries, a space should be between Investigation Mode and Investigation Log. Be sure to include the space.

Entry 1
  Investigation Mode REG_DWORD: 1 Changing the Investigation Mode value to 1 will toggle investigation mode on. You do not need to restart WinSock Proxy service. Changing the value back to 0 will toggle the mode off.

Entry 2
  Investigation Log REG_SZ: The path to the investigation log must include the file name. For example: c:\logs\investigate.txt

When the Investigation Mode is on, the log file is denied for write, so some editors may not be able to open the file. You can use Notepad or the "type" command to view the log file while Investigation Mode is turned on. After you toggle the Investigation Mode off, you can load the log file into any text editor.  Work with the application. Toggle Investigation Mode off and remove yourself from the Unlimited Access list. Check the investigation log for the ports that should be opened.

The first entry in the log is the primary connection. The rest of entries are secondary connections.</li></ol>

Examples
HTTP - Using Web browser will leave only one entry in the investigation log: <pre class="fixed_text">  <TCP OUT 80> FTP - Using FTP will leave two entries: <pre class="fixed_text">  <TCP OUT 21> <TCP IN 0> The secondary TCP inbound range should be enabled for PORT_ANY.

VDOLive - VDOLive client will leave two entries in the log: <pre class="fixed_text">  <TCP OUT 7000> <UDP IN 0> The secondary UDP inbound range should be enabled for PORT_ANY.

AlphaWorld - AlphaWorld will create several entries in the log. Between them there will be two entries similar to the following: <pre class="fixed_text">  <UDP OUT 3000> <UDP IN 3000> The secondary ranges must be added. However, this will only work for a short time. Sooner or later users will report that they cannot talk to each other in the AlphaWorld (AW), but they are able to communicate with other AW citizens. Once again, the first thing you should try is to enable Investigation Mode. This time, add several users to Unlimited Access group and ask them to try a connection. Because the users have access to all ports, they will be able to connect to AlphaWorld with no trouble. When you analyze the investigation log, you will see additional entries similar to the following were in use: <pre class="fixed_text">  <UDP OUT 3001> <UDP IN 3001> <UDP OUT 3002> <UDP IN 3002> In this case, ranges of ports should be enabled. If you want to allow 10 people to use AlphaWorld at the same time, you can add the following ranges to the secondary list: <pre class="fixed_text">  <UDP OUT 3000-3009> <UDP IN 3000-3009>

Keywords: kbinfo KB160672

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.