A lot of applications which run as a service under Windows System account use settings from that profile. Lately, I encountered a problem with 2 pieces of software: Symantec Endpoint Protection and some Xerox application. Both of them run as a service under system account. They require communication with central server. I encountered that communication was failing. Upon my investigation we found that applications were trying to connect through the proxy server (which we, of course, didn’t specify in the application or standard LAN Setting within Internet Explorer).
Just to give you a small overview about our infrastructure setup:
We use wpad, automatic proxy configuration, which is distributed by our internal DHCP server. On the clients we force “Automatically detect settings”, so they have no choice but to use it. Everyone is allowed to NAT outbound but with this setup they are forced to go through the proxy for many applications, such as Internet Explorer which is a standard browser. As a proxy server we use Microsoft Forefront TMG which is configured to allow access for authenticated clients from our LDAP directory.
Anyway, going back to our application with failed communication: Problem was that application was trying to access remote server through the proxy using System account. Of course proxy was denying requests, since System account couldn’t authenticate. And guess what? System account had “Automatically detect settings” on which was causing the whole ordeal.
Download PsExec tool from the following website: http://technet.microsoft.com/en-us/sysinternals/bb897553
and execute internet explorer under System Account.
The following command should do:
C:\>psexec -i 0 -s “C:\Program Files\Internet Explorer\iexplore.exe”
It will open internet explorer window. Just go into LAN settings and remove automatic configuration and proxy.
Close internet explorer.