When accessing Gmail via the ProxySG appliance, authentication issues occur with error "Gmail is having authentication problems. Some features may not work"
Last Updated May 13, 2017
Google has introduced new or changed coding that causes the following error to occur if the transaction goes via the Blue Coat appliance when proxy authentication is enabled. The error message appears in red on the Gmail page:
"Gmail is having authentication problems. Some features may not work"
To determine if the issue is related to this error, run a Policy trace and look for the following:
set response header 'Cache-Control' value='private, max-age=0, proxy-revalidate' Transaction timing: total-transaction-time 35 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms scan-request-completed: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 34 elapsed 0 ms access-logging: start 35 elapsed 0 ms stop-transaction: start 35 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization not completed server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 34 last_byte 35 client connection: first-response-byte 35 last-response-byte 35
Total time added: 0 ms Total latency to first byte: 1 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 1 ms Response latency (last byte): 0 ms stop transaction --------------------
To resolve the issue, do one of the following. Both solutions are valid and will work in any environment, but you can opt to use either the VPM or CPL approach.
In the VPM: Edit the main Web Authentication Layer and add a rule within the Destination for Request URL "clients6.google.com". For the Action, add "Do Not Authenticate".
Note: This rule will bypass authentication for the Request URL to "clients6.google.com" and may in some cases fail to match any group-based allow rules and hence be blocked. For this reason, in addition to bypassing authentication, you may need to add a specific allow rule for this URL.
In the CPL: Because the problem is happening with the POST, the following CPL could also be used to narrow down the authentication bypass process: