Cannot Sync through a corporate proxy

I am connecting via a corporate proxy that performs TLS connection inspection. This means that the client gets a non-trusted intermediate certificate. The 1Password client will successfully login and retrieve the configuration but will not sync changes back to my account. I created a side-by-side configuration file to point to a cntlm proxy to see if this resolved the issue but it is still occurring.

I am seeing the following lines repeated in the log file (I have masked out the identifiers):

I176926msThreadId(20)1Password::api:1673 │ 176927ms │ network connection ok
I176928msThreadId(4)1Password::api:1673 │ 176928ms │ Using proxy configuration, address: True, valid address: True, username: False, password: False
I176935msThreadId(4)1Password::api:1673 │ 176935ms │ proxy is in use
I176935msThreadId(4)1Password::api:1673 │ 176935ms │ network configured in 317ms
I179604msThreadId(4)1Password::api:1673 │ 179605ms │ > authorize account #1; account uuid: xxxxxxxxxxxxxxxxxxx; device uuid: xxxxxxxxxxxxxxxxxxxxx; user uuid: xxxxxxxxxxxxxxxxx
sessionId: xxxxxxxxxxxxxxxxxxxx
time: 2,669ms

I171366msThreadId(4)1Password::api:1673 │ 171366ms │ watchtower update started
I171368msThreadId(4)1Password::api:1673 │ 171368ms │ watchtower update completed
W175302msThreadId(11)1Password::notifier:153 │ 175302ms │ notifier connection failed for account 1: Io(Os { code: 10061, kind: ConnectionRefused, message: "No connection could be made because the target machine actively refused it." })
W176617msThreadId(4)1Password::api:1679 │ 176617ms │ Network request #120 failed in 1,090ms, status ConnectionClosed (The underlying connection was closed: The connection was closed unexpectedly.)
I176617msThreadId(4)1Password::api:1673 │ 176617ms │ checking network and applying any changes
I176701msThreadId(4)1Password::api:1673 │ 176701ms │ > sync
account id: 1; type: I; session id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> HTTP overview
> HTTP account/attrs
> HTTP PATCH vault/h4aspiuqwfblda36pfl7ktfcta/19/items
batch push complete; updated: 0; failed: 0; new vault content version: 0; success: False
time: 2,334ms

1Password Version: 7.3.67
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided

Comments

  • bundtkatebundtkate

    Team Member

    Hey, @hurdlea! TLS inspection will be a problem. Do you have the option to whitelist applications and exempt them from inspection? I'm assuming not or you'd likely have just done that, but better to ask. I'm happy to provide any info you need from us in order to accomplish that, if it's an option. If not, there won't be a way to make 1Password for Windows work in your environment, so I'd suggest using 1Password X instead:

    https://support.1password.com/getting-started-1password-x/

    1Password X is browser extension that doesn't require a desktop app and, in my experience, things that run in your browser tend to work better in this situation. If you decide to give it a go, let me know how it works for you. And, of course, any questions (whether about 1Password X or whitelisting), just ask. :chuffed:

  • Thank you for the Password X suggestion as this seems to give me what I need. The desktop app was so close to working though it was just missing the capability to push changes back to the server.

  • I spoke too soon the 1Password X client can't write back to the server either. I get the following error when I try to save a login:
    "We were unable to reach the server. Please check your internet connection and try again." Is the client trying to reach a server interface on any port other than 80 or 443 as these are explicitly blocked by our firewall/proxy rules? It doesn't seem to be a TLS cert issue as that is generally reported as a trust issue rather than a straight connection refused problem. Any ideas?

  • GregGreg

    Team Member

    Hi @hurdlea,

    For 1Password to have full access to 1Password.com servers, you will need to whitelist the access to 1Password.com domains on secure HTTPS port (443). Are you able to do that? Please let us know. Thanks!

    Cheers,
    Greg

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file