SharePoint 2010 sandboxed code solutions and web proxy.
Recently I was working on an escalation where my customer has a sandbox code solution deployed into his site collection, the sandbox site collection was calling an external URL to fill in some data into the webpage and it is not working. The same code was working in production and customer was having issues with making this work in the internal environment. The only difference between production and internal environments were external environments could directly connect to the internet while the internal environments was behind a web proxy. Thinking this was as no brainer I started tweaking the C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config" proxy nodes (assuming this was SharePoint used asp.net) with no luck. Tried even inserting the proxy nodes "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\UserCode\web.config" and "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\UserCode\SPUCWorkerProcessProxy.exe.config" with no success. Looking at the ulslogs I could actually see the sandboxed code services was trying to spin up a new worker process and sleeping and finally dying with the following exception
Error activating the worker process manager instance within the worker process. - Inner Exception: System.InvalidOperationException: Unable to activate worker process proxy object within the worker process: ipc://8ce29399-c3b3-4c1f-aec8-2e1bf132b0dd:7000 at Microsoft.SharePoint.UserCode.SPUserCodeWorkerProcess.CreateWorkerProcessProxies
Trying to find out if it was really connecting to the web proxy, I fired up netmon that is when I found the interesting trace below, even though the proxy node is set up in the config files the sandboxed solution is not honoring it, it is directly trying to connect and retransmitting again and again till we reach the maximum TCP retransmits
Now I am sure what the cause of the issue is but still not sure about the solution, turned to my fav search engine (www.bing.com) J .Reading multiple sources on how applications can use proxies I reached at the following conclusion any .net applications on IIS will use .net proxy in the web.config, but there is also a case where some applications can use Winhttp settings for proxies. Having ruled out the .net proxy, I decided to set up some winhttptracing to see if I can find anything. Here is an excellent resource on how to do it https://blogs.msdn.com/b/jpsanders/archive/2009/05/28/how-to-enable-winhttp-tracing-on-vista-2008-and-windows-7.aspx. What I am expecting at this point to see any signs of the external URL call in the winhttptrace, you can use netmon to read through an etl trace slick isn't it? Looking at the WINHTTP_MicrosoftWindowsWinHttp conversation that has a WEBIO_MicrosoftWindowsWebIO branch I could see
.
Now convinced that the sandboxed code solution is using Winhttp proxy to make outbound URL calls I set the winhttp using netsh referring https://technet.microsoft.com/en-us/library/cc731131(WS.10).aspx
netsh winhttp proxy>set proxy-server="http=<internal proxy>:80" bypass-list= "*.<machine domain>.com"
PS: Make sure that you add the bypass list for all the internaldomains that needs to bypassproxy otherwise you will have a situation where your backend communication will go through proxy which you may not want.
After setting the winhttpproxy the sandboxcodesolutions was working as expected. One more issue resolved many to come.