This morning I received a call from an admin notifying me that our Outlook client was not connecting to our email host. Also, we could not access email web portal of email.domainname/owa. The browser was coming back with internal error: Missing template err_connect_fail. We had tried everything including tracert, ping, capturing packets and such. The strange thing was that some could connect out of 35.
So, I google it and found this link.
The strange think is from an external source everything worked outside of our network. So, I disabled the setting under the content filtering section as instructed by the link above and waited 5-10 minutes once MX84 rebooted and all was working fine. Has anyone else received this error? I want to rule this out to make sure this is what caused it.
Thank you. I'll look and see what our current build is and schedule the firmware upgrade.
I had the Unauthorized error on MX 12.24 and after upgrading to MX 13.23, I ended up with this "INTERNAL ERROR: Missing Template ERR_CONNECT_FAIL" error message. Removing all content filtering and reboot does not fix the issue. Not sure what else can be done. Traffic from outside of the network managed to get to the destination, but traffic from behind the MX100 receives this error. Obvious it is something to do with the setup of the MX100. Anyone has other suggestions?
There seem to be a number of different issues that cause "INTERNAL ERROR: Missing Template ERR_CONNECT_FAIL"" to be displayed, as noticed, it's generated by the the MX when you have "web caching" turned on.
The meraki "web caching" feature is just a squid transparent proxy server, the actual error just means that squid can't find the template error file to display (Meraki should have configured a branded HTML file to display for each situation), but ERR_CONNECT_FAIL is just the equivalent of "Page cannot be displayed" in a web browser.
In some situations, this error is just replacing a browser "Page cannot be displayed" error!
Check the URL actually works on a device or mobile that is not on your LAN before blaming the meraki! Sometimes our IT guys jump too quick to assume something is wrong because they know this error is generated by meraki and as they have a user complaining at them, they forget to check the obvious!
We also found externally hosted IIS sites where we are using NTLM authentication, the MX is breaking the authentication process. We haven't managed to get this resolved. At some point i'll call meraki support and get them to do a packet capture and look into it. As a workaround you can change the sites to use "basic authentication" in IIS, or just enable SSL which the MX can't intercept.
Also worth noting that in newer releases (MX 13.x and 14.x), the use of squid is largely gone; it's only for HTTP Content Caching at this point. Reason being is that for things like web search filtering, almost everyone only supports searches over SSL now, and thus we cannot rely on the old method of rewriting searches to include safe-search parameters in them.
Thank you everyone for the help. We figured out once the HTTP Content Caching is disabled, it worked. Since we have fibre connection, HTTP Content Caching is somewhat unnecessary.
Are there any plans to implement SSL proxying? A number of features the MX advertises are virtually useless without that these days. Especially "URL logging", which can't even see the URLs of most websites, and is only going to become more useless as more and more sites move to SSL.
On competing products Websense you have to deploy a SSL certificate via group policy so that the browser trusts their appliance. Meraki could make SSL proxying incredibly deploy, by setting up the certificate through the Systems Manager agent.