0

I'm setting proxy, then making a POST API call to Azure resource using powershell invoke-restmethod command. Sometimes I'm getting the following error:

The remote server returned an error: (407) Proxy Authentication Required.

I tried different approaches as follows:

Approach 1: Initially I tried to set the proxy settings 'Automatically detect settings: true', 'Use automatic configuration script: true',set auto config PAC server URL using the following code

$key = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
$data = (Get-ItemProperty -Path $key -Name DefaultConnectionSettings).DefaultConnectionSettings
$data[8] = 0x0d
Set-ItemProperty -Path $key -Name DefaultConnectionSettings -Value $data
#$key = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
set-itemproperty -path $key -Name AutoConfigURL -value "http://PacServerURL.pac"

Approach2: Set the proxy settings, then I refreshed the registry key settings using following code

function Update-System
{
  $signature = @'
[DllImport("wininet.dll", SetLastError = true, CharSet=CharSet.Auto)]
public static extern bool InternetSetOption(IntPtr hInternet, int dwOption, IntPtr lpBuffer, int dwBufferLength);
'@

$INTERNET_OPTION_SETTINGS_CHANGED   = 39
$INTERNET_OPTION_REFRESH            = 37
$type = Add-Type -MemberDefinition $signature -Name wininet -Namespace pinvoke -PassThru
$a = $type::InternetSetOption(0, $INTERNET_OPTION_SETTINGS_CHANGED, 0, 0)
$b = $type::InternetSetOption(0, $INTERNET_OPTION_REFRESH, 0, 0)
return $a -and $b
}
$key = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
$data = (Get-ItemProperty -Path $key -Name DefaultConnectionSettings).DefaultConnectionSettings
$data[8] = 0x0d
Set-ItemProperty -Path $key -Name DefaultConnectionSettings -Value $data
#$key = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
set-itemproperty -path $key -Name AutoConfigURL -value "http://PacServerURL.pac"
Update-System

Approach 3: I tried to set proxy settings via different registry paths using below code:

$key = "Registry::HKEY_USERS\<UserSID>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
$data = (Get-ItemProperty -Path $key -Name DefaultConnectionSettings).DefaultConnectionSettings
$data[8] = 0x0d
Set-ItemProperty -Path $key -Name DefaultConnectionSettings -Value $data
#$key = "Registry::HKEY_USERS\<UserSID>\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
set-itemproperty -path $key -Name AutoConfigURL -value "http://PacServerURL.pac"

But still sometimes I get proxy error. I'm not able to understand why I'm getting the proxy error, how to resolve this. Can anyone please help?

Note: I referred below links and tried all these approaches: PowerShell script to tick proxy settings : "Use automatic configuration script" AND "Automatically detect settings" IE Enable/Disable Proxy Settings via Registry

leeharvey1
  • 1,316
  • 9
  • 14
Surya
  • 37
  • 1
  • 10
  • What type of proxy server do you use? What authentication protocol or scheme does the proxy server expect (eg, NTLM, Kerberos, Captive Portal, etc.)? Does your proxy server require system IP addresses to be white-listed? Personally, it sounds like you're running your PowerShell script in an account context that is not permitted for proxy access. – leeharvey1 Jun 05 '22 at 15:09
  • 1
    It's a corporate proxy pac URL used in our office. I opened the same azure resource from web browser, it works fine. I'm using same user account to run this powershell script.The issue occurs only sometimes, not always. However I added `$proxy = [System.Net.WebRequest]::GetSystemWebProxy().GetProxy("API-URL")` `Invoke-RestMethod -Method 'Post' -Uri $url -Body $fileBytes -Headers $headers -UseDefaultCredentials -Proxy $proxy -ProxyUseDefaultCredentials` Didn't face any error from past 2 days. Looks like it worked but unable to find why issue occurs sometimes – Surya Jun 07 '22 at 12:15
  • 1
    I see this problem occasionally when scripts are configured to use GLB round-robin proxy server DNS names, rather than proxy server IP addresses, hostnames, or GLB high-availability DNS names. In essence, it's rather easy to keep a script authenticated against a single proxy server -vs.- all servers in a GLB round-robin pool. Browsers handle that situation much more gracefully than scripts. – leeharvey1 Jun 07 '22 at 12:20

0 Answers0