HttpSendRequest Fails with Errror 12007 when using PAC files

Discussion:

(too old to reply)

Bhamid

2004-11-14 03:25:01 UTC

I set my PAC file URL in IE. This URL is internal to a corporate n/w.
When my application runs, the first HttpSendRequest is made from a network
that does not have access to the PAC file URL. This is successful.
After that the VPN tunnel is established, the PAC file URL is now valid;
however, the second HttpSendRequest fails with 12007. The PAC file does not
seem to get downloaded.
I released all the handles between the two requests, yet the second request
always fails. Any idea?
IE version is 6.0.2900. The requests are HTTPS (both)

Code snippet.
hOpen = pInternetOpen("MyApp", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
if (dwTimeout > 0)
{
pInternetSetOption(hOpen, INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
sizeof(DWORD));
pInternetSetOption(hOpen, INTERNET_OPTION_SEND_TIMEOUT, &dwTimeout,
sizeof(DWORD));
}
DWORD dw = 20;
pInternetSetOption(hOpen, INTERNET_OPTION_CONNECT_RETRIES, &dw,
sizeof(DWORD));

hConnect = pInternetConnect(hOpen, urlInfo.lpszHostName, urlInfo.nPort, "",
"", INTERNET_SERVICE_HTTP, 0, 0);

CString bstrActionVerb = GET;
if (postDataLength > 0)
{
bstrActionVerb = POST;
}

char szAccept[] = "*/*";
LPSTR AcceptTypes[2]={0};
AcceptTypes[0]=szAccept;
DWORD dwFlag;
if (urlInfo.nScheme == INTERNET_SCHEME_HTTPS)
{
dwFlag = INTERNET_FLAG_SECURE |
INTERNET_FLAG_KEEP_CONNECTION |
INTERNET_FLAG_IGNORE_CERT_CN_INVALID |
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID |
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS |
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP;
}
else
{
dwFlag = INTERNET_FLAG_KEEP_CONNECTION;
}

hRequest = pHttpOpenRequest(hConnect, bstrActionVerb,
urlInfo.lpszUrlPath,
HTTP_VERSION, "", (LPCSTR*) AcceptTypes,
dwFlag ,0);

if (hRequest == NULL) {
DWORD dwErr = GetLastError();
pInternetCloseHandle(hConnect);
pInternetCloseHandle(hOpen);
}

PopulateHeaders(hRequest);

dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;
pInternetSetOption (hRequest,
INTERNET_OPTION_SECURITY_FLAGS, &dwFlags, sizeof (dwFlags) );

if( ! pHttpSendRequest(hRequest, NULL, 0,
bstrPostData.GetBuffer(postDataLength), postDataLength) )
{
bstrPostData.ReleaseBuffer();
DWORD dwError = GetLastError();
DWORD dwFlags;
DWORD dwBuffLen = sizeof(dwFlags);
pInternetCloseHandle(hRequest);
pInternetCloseHandle(hConnect);
pInternetCloseHandle(hOpen);
}
bstrPostData.ReleaseBuffer();
....
pInternetCloseHandle(hRequest);
pInternetCloseHandle(hConnect);
pInternetCloseHandle(hOpen);

Thanks for your help.

Stephen Sulzer

2004-11-15 07:09:15 UTC

Permalink

Where do you set the PAC file in IE?

In the IE connections configuration, under the Tools menu / Internet
Options... / Connections dialog, there should be an entry for the VPN
connection. The PAC URL should be specified in the settings for the VPN
connection, not in the "LAN Settings".

If you believe the VPN connection settings in IE are correct, then try
adding the following code between your two requests:

InternetSetOption(NULL, INTERNET_OPTION_END_BROWSER_SESSION, NULL, 0);

Setting this option will reset various global state within WinInet.

Hope that helps.

Stephen

Post by Bhamid
I set my PAC file URL in IE. This URL is internal to a corporate n/w.
When my application runs, the first HttpSendRequest is made from a network
that does not have access to the PAC file URL. This is successful.
After that the VPN tunnel is established, the PAC file URL is now valid;
however, the second HttpSendRequest fails with 12007. The PAC file does not
seem to get downloaded.
I released all the handles between the two requests, yet the second request
always fails. Any idea?
IE version is 6.0.2900. The requests are HTTPS (both)

Bhamid

2004-11-15 15:38:02 UTC

Permalink

Stephen,
Thanks for your reply.
I am setting the PAC file in the LAN settings.
I cannot set it in the VPN settings in IE because the VPN client we are
using is a third party client Cisco,Nortel,CheckPoint.
What is interesting is that if the PAC file URL is on localhost
(http://localhost/proxy.pac) then, it seems to work, but not
otherwise(http://corp.aa.com/proxy.pac).
Anything else that I should explore ?
Thanks.

Post by Stephen Sulzer
Where do you set the PAC file in IE?
In the IE connections configuration, under the Tools menu / Internet
Options... / Connections dialog, there should be an entry for the VPN
connection. The PAC URL should be specified in the settings for the VPN
connection, not in the "LAN Settings".
If you believe the VPN connection settings in IE are correct, then try
InternetSetOption(NULL, INTERNET_OPTION_END_BROWSER_SESSION, NULL, 0);
Setting this option will reset various global state within WinInet.
Hope that helps.
Stephen

not

Post by Bhamid
seem to get downloaded.
I released all the handles between the two requests, yet the second

request

Post by Bhamid
always fails. Any idea?
IE version is 6.0.2900. The requests are HTTPS (both)

Stephen Sulzer

2004-11-16 00:52:36 UTC

Permalink

Are you sure the VPN connection is working? When the VPN connection becomes
active, can you successfully ping your "corp.aa.com" server (and other local
network servers) from the command-line?

One thing to try is to specify the PAC URL as "http://corp/proxy.pac".

Post by Bhamid
Stephen,
Thanks for your reply.
I am setting the PAC file in the LAN settings.
I cannot set it in the VPN settings in IE because the VPN client we are
using is a third party client Cisco,Nortel,CheckPoint.
What is interesting is that if the PAC file URL is on localhost
(http://localhost/proxy.pac) then, it seems to work, but not
otherwise(http://corp.aa.com/proxy.pac).
Anything else that I should explore ?
Thanks.

Bhamid

2004-11-16 15:19:04 UTC

Permalink

yes. The VPN is sucessfully working. I am able to download the file from IE.

I am able to get around this whole problem by using
InternetInitializeAutoProxyDll function exposed by the JSProxy.dll
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wininet/wininet/autoproxy_support_in_wininet.asp>
Howver, my only concern is if this has any limitation. If yes, what is the
limitation? Can this approach support any PAC file?
Thanks.

Post by Stephen Sulzer
Are you sure the VPN connection is working? When the VPN connection becomes
active, can you successfully ping your "corp.aa.com" server (and other local
network servers) from the command-line?
One thing to try is to specify the PAC URL as "http://corp/proxy.pac".

Stephen Sulzer

2004-11-17 01:39:07 UTC

Permalink

To be clear, you are calling the InternetInitializeAutoProxyDll function in
JSProxy and not WinInet? The InternetInitializeAutoProxyDll function in
WinInet takes a single DWORD parameter. The function in JSProxy takes 5
parameters, including a function pointer table of "autoproxy helper APIs".
Are you also calling JSProxy's InternetGetProxyInfo function to process the
.pac script? (It's easy enough to use the JSProxy interface by copying the
MSDN sample code.)

[If you are just calling JSProxy's InitializeAutoProxyDll function and
nothing else, then I am really confused.]

It should not be necessary to directly use JSProxy's autoproxy
interface--WinInet should be doing this automatically for you. WinInet will
use JSProxy if 1) WinInet knows the PAC URL and can successfully download
the file and 2) it determines that JSProxy is the DLL responsible for
processing the PAC file. JSProxy.dll handles ECMAScript (JavaScript)-based
PAC files, which should be identified with a Content-Type of
"application/x-ns-proxy-autoconfig" or with a file extension of ".js",
".jvs" or ".pac". If WinInet does not recognize the type of the PAC file, it
will try using JSProxy anyway.

So to answer your question about limitations: JSProxy supports only
ECMAScript-based files--and expects the PAC script code to implement a
function called "FindProxyForURL". If you give JSProxy something else--for
example, an ".ins" file (another common type of browser configuration
script), then JSProxy will not work.

But my guess is that something is going wrong during step 1, probably as a
side effect of the network environment changing (e.g, switching from direct
Internet connection to corporate LAN connection via VPN tunnel).

If you want to try to debug this further, here are a couple things to try:

1. Temporarily set the following key in the registry before starting
Internet Explorer:

HKEY_CURRENT_USER \ Software \ Policies \
Microsoft \ Windows \ CurrentVersion \
Internet Settings : DisplayScriptDownloadFailureUI = (DWORD) 1

This will cause WinInet to display an error dialog if it cannot download the
PAC file.

(Note that you may not have the "Windows\CurrentVersion\Internet Settings"
registry subkey path under "HKCU\Software\Policies\Microsoft"; if not, then
create that path.)

If the error dialog displays it means that WinInet at least knew the PAC
URL, but the HTTP request to download the file failed for some reason. (For
example, it could
not resolve the DNS name of the target server.)

2. In your WinInet code, after you make the HTTP request that causes the VPN
connection to become active, close all of your WinInet handles (including
the handle from InternetOpen). Before creating the new WinInet handles to
make the
next HTTP request, call the following WinInet functions, which will reset
most of WinInet's internal cached state:

InternetSetOption(NULL, INTERNET_OPTION_END_BROWSER_SESSION, NULL, 0);
InternetSetOption(NULL, INTERNET_OPTION_SETTINGS_CHANGED, NULL, 0);
InternetInitializeAutoProxyDll( 0 );

Hope that helps.

Stephen

Post by Bhamid
yes. The VPN is sucessfully working. I am able to download the file from IE.
I am able to get around this whole problem by using
InternetInitializeAutoProxyDll function exposed by the JSProxy.dll

<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wininet/wi
ninet/autoproxy_support_in_wininet.asp>

Post by Bhamid
Howver, my only concern is if this has any limitation. If yes, what is the
limitation? Can this approach support any PAC file?
Thanks.