Hybrid Connection will not connect when proxy is involved

We have installed a Hybrid connection Manager on a VM provided by the customer. Traffic on the VM is routed via a Proxy. On the VM the HCM does not want to connect to the Azure resource.

From any of our personal machines we can connect to the Azure ressource via HCM with no issues and if we do,the status of the connection on the VM will switch to "Connected" as well. So apparently the HCM can fetch the status of the connection from Azure, but cannot connect the HC on it's own. Obviously we want to connect to the customers network via the VM.

When we started troubleshoting we tried Test-Netconnection according to Microsoft troubleshooting instruction which failed (because of the proxy) while Invoke-WebRequest would work. What are the differences when a proxy is involved and how does it affect the HCM? Any ideas what we can do to make it work or is HCM just not an option with a proxy involved?

Solution

You can configure HCM to use a proxy server by modifying the app.config.

Configuring HCM to Use a Proxy

The proxy settings for HCM are configured in the App.Config file located in the HCM installation directory (usually found at C:\Program Files (x86)\Microsoft Hybrid Connection Manager).

Add Proxy Settings:
- Open the App.Config file in a text editor with administrative privileges.
- Locate the <system.net> section. If it doesn’t exist, you will need to add it.
- Add or modify the following section to include your proxy settings:
```
<system.net>
  <defaultProxy enabled="true" useDefaultCredentials="true">
    <proxy autoDetect="false" bypassonlocal="true" proxyaddress="http://proxyserver:port" />
    <proxy bypasslist="localhost;*.yourdomain.local" />
  </defaultProxy>
</system.net>
```
  - proxyaddress: The URL of your proxy server.
  - bypassonlocal: Set to true to bypass the proxy for local addresses.
  - bypasslist: A semicolon-separated list of addresses that should bypass the proxy.
Restart HCM Service:
- After editing and saving the App.Config file, restart the Hybrid Connection Manager service to apply the changes. This can be done via the Services management console or by using the following command in an elevated command prompt:
```
net stop HybridConnectionManager
net start HybridConnectionManager
```

Example Configuration

Here is an example configuration snippet for the App.Config file:

<configuration>
  <system.net>
    <defaultProxy enabled="true" useDefaultCredentials="true">
      <proxy autoDetect="false" bypassonlocal="true" proxyaddress="http://proxy.example.com:8080" />
      <bypasslist>
        <add address="localhost" />
        <add address="*.example.local" />
      </bypasslist>
    </defaultProxy>
  </system.net>
</configuration>

Points to Note

Authentication: If your proxy requires authentication, you may need to provide credentials in the App.Config file. However, storing plaintext credentials in configuration files is not recommended due to security concerns. Use secure methods for managing credentials wherever possible.
Proxy Types: Ensure that your proxy supports the necessary protocols (HTTP/HTTPS) for HCM to communicate with the Azure Relay service.
Testing and Troubleshooting: After configuration, verify the connectivity and troubleshoot any issues by checking HCM logs, network settings, and proxy server configurations.