Answer
PROBLEM
Microsoft product activation will not work with GFI WebMonitor enabled.
ENVIRONMENT
- GFI WebMonitor
- All supported environments
SOLUTION
Solution 1
The easiest way to resolve this is to add the following URL's individually to the whitelist in the GFI WebMonitor configuration:
- Open GFI WebMonitor - Management Console
- Select the Manage drop down > Policies
- Click the Whitelist tab, then Edit
- Add the following URLS to the Websites section.
- http://go.microsoft.com/
- https://sls.microsoft.com/
- https://sls.microsoft.com:443
- http://crl.microsoft.com/pki/crl/products/MicrosoftRootAuthority.crl
- http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
- http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
- http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
- http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
- https://activation.sls.microsoft.com
- http://officecdn.microsoft.com.edgesuite.net/
- Hit Save to apply changes to the whitelist.
Solution 2
- Navigate to the ...\GFI\Webmonitor\Data
- Open the file proxyconfig.xml using Notepad
- Locate the following xml node: <HostsThatWillNotBeAuthenticated />
- Replace that line with the block in the example below
<HostsThatWillNotBeAuthenticated>
<string>YOURDOMAIN.com</string>
<string>autodiscover-s.outlook.com</string>
<string>outlook.com</string>
<string>fcb365-my.sharepoint.com</string>
<string>outlook.office365.com</string>
<string>*.officeapps.live.com</string>
<string>live.com</string>
<string>autodiscover-s.outlook.com</string>
<string>outlook.com</string>
<string>fcb365-my.sharepoint.com</string>
<string>outlook.office365.com</string>
<string>*.officeapps.live.com</string>
<string>live.com</string>
<string>officecdn.microsoft.com</string>
</HostsThatWillNotBeAuthenticated>
- Inside the "string" tags enter the domains that should not authenticate with the proxy.
- Save the content of the xml file and restart the GFI WebMonitor services.
- Please note that this resolution is only applicable from GFI WebMonitor build 20141121 or later
Note: In the line <string>YOURDOMAIN.com</string> YOURDOMAIN.com should be replace with your actual domain name.
If the account used to activate belongs to any other domain that is not your domain, live.com or outlook.com, that domain should be added to the list as well.
Note: A full list of all Microsoft URLS and IP addresses can be found via the following URL: https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges
CAUSE
GFI WebMonitor blocks Microsoft activation sites.