Forum Discussion
NimbostratusProblem with ClickOnce programs
Any help will be greatly appreciated!
Michel_Belleau_Hi there.
I know this is an ancient thread, but as it still stands unanswered and I came up with exactly the same issue a latter version of the F5 SSL VPN software, I thought that would be good to share my findings.
The exact cause of not being able to install a ClickOnce application when on the SSL VPN, might be because of the way F5 has decided to configure the network proxy settings while on the VPN.
If you are using WPAD (wpad.dat file) to get your proxy configuration to the end-users, at VPN establishement the F5 client will cache a (slightly modified) copy of the wpad.dat file locally. It stores the configuration in the dial-up connection settings and references the file using a file:// URI.
Microsoft issued a security advisory (MS12-074: Vulnerabilities in .NET Framework could allow remote code execution) that disables file:// WPAD parsing for WinINET/.NET components that I believe the ClickOnce installer is using.
Effectively, ClickOnce applications will not work when on a F5 SSL VPN if you are using WPAD-style proxy autoconfiguration.
A possible workaround is to enable this setting in the registry:
Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ Value: EnableLegacyAutoProxyFeatures Type: REG_DWORD Data: 1That will disable the security patch new behavior and let .NET components parse file:// auto-configuration URIs. Microsoft denotes that this should only be a temporary solution.
A better solution would be for F5 to update the way they are publishing the modified wpad.dat file locally, using a local embedded HTTP server in the VPN client would be my idea.