Unplanned
Last Updated: 16 Mar 2021 07:06 by ADMIN
Mark DeMichele
Created on: 04 Aug 2020 11:39
Type: Bug Report
2
Fiddler refusing to ignore teams.microsoft.com and is causing my MS Teams app on windows to break

I recently am having an issue with MS Teams while running fiddler.  MS Teams keeps giving disconnect errors. That's when I noticed that fiddler it proxying it's traffic even though I have filters set to "Show only the following Hosts", and teams.microsoft.com are not included in the hosts.  I also notice other items in my sessions list that are not in my list of hosts so what is going on?

I don't really want to post my list of hosts publicly.  If you need them, please let me know and maybe I can email them to someone.

 

15 comments
ADMIN
Nick Iliev
Posted on: 16 Mar 2021 07:06

Hello Mark,

 

Thank you for the provided additional information!

Microsoft Teams is part of the Microsoft Office 365 group, and as such, it also has some specific network configuration requirements and restrictions. From this Microsoft documentation page, I saw the following requirements: using a bypass list alongside proxy and any 365 product. Notice the information posted in the next section:

In addition to selecting appropriate configuration for your network perimeter, it is critical that you adopt a change management process for Office 365 endpoints. These endpoints change regularly and if you do not manage the changes, you can end up with users blocked or with poor performance after a new IP address or URL is added.

Changes to the Office 365 IP addresses and URLs are usually published near the last day of each month. Sometimes a change will be published outside of that schedule due to operational, support, or security requirements.

When a change is published that requires you to act because an IP address or URL was added, you should expect to receive 30 days notice from the time we publish the change until there is an Office 365 service on that endpoint. Although we aim for this notification period, it may not always be possible due to operational, support, or security requirements. Changes that do not require immediate action to maintain connectivity, such as removed IP addresses or URLs or less significant changes, do not include advance notification. Regardless of what notification is provided, we list the expected service active date for each change.

The documentation article about the 365 network connectivity principles is also a bit vague but does contain a lot of information that you might find helpful. Still, it looks like that to be able to use MS Teams with a MITM proxy like Fiddler, you will need to know the endpoints used by MS Teams which can be challenging. For the bypass to be successful, you will probably have to list most if not all of the endpoints listed in this documentation article (notice that MS Teams uses multiple different endpoint including those ending in *.skype.com). However, the list is pretty extensive, so that you might reach the OS bypass list size limitation.

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Mark DeMichele
Posted on: 15 Mar 2021 13:41

This is still affecting myself and the rest of my team.  It seems that whenever fiddler is capturing it partially breaks MS Teams.  You can post and receive messages.  However, you no longer get alerted and you can't seem other members statuses.  The worst part is it makes teams thing you are not active on your desktop so every message you get, get's alerted on your mobile app.

I attempted to turn off all my filters so I could see what traffic may be occuring, but I see nothing that indicates it's MS Teams related.

Mark DeMichele
Posted on: 23 Oct 2020 13:03

This is still broken for me.  What happens is when fiddler is capturing traffic, some time shortly afterwards, MS Teams will say it "Lost it's connection".  It actually still works for the most part.  The one thing that breaks that I noticed is that all the user statuses turn to gray as if they are not around.  If I then just deselect Capture Traffic, MS Teams fixes itself shortly afterwards.

To summary my settings so far.

AutoResponse is disabled and Accept all Connects is unchecked.

HHTTPS options set as follows.

Connections tab setup as follows.

Any ideas on how we can get to the bottom of this.  I'm sure others must be having similar issues.

ADMIN
Nick Iliev
Posted on: 28 Sep 2020 05:17

Hey Eric,

 

Thanks for the added details! I will escalate the issue to the dev team so that we could plan a bug fix for the upcoming releases.

 

Regards,
Nick Iliev
Progress Telerik

Five days of Blazor, Angular, React, and Xamarin experts live-coding on twitch.tv/CodeItLive, special prizes, and more, for FREE?! Register now for DevReach 2.0(20).

Eric
Posted on: 22 Sep 2020 14:31

Note: The "Accept all connects" checkbox on the AutoResponder breaks "Skip decryption for".

https://feedback.telerik.com/fiddler/1485753-fiddler-accept-all-connects-option-must-take-skip-decryption-for-list-into-account

ADMIN
Nick Iliev
Posted on: 31 Aug 2020 06:11

Hi Mark,

 

Using the exact same version for Fiddler and adding the enlisted hosts in the skip decryption section of HTTPS tab stopped showing the requests that were made to these hosts (they are just not shown but still being captured underneath) - the MS Teams is working as expected with no issues but notice that I am explicitly stopping the capturing before closing Fiddler.. Regarding the format of the bypass list, refer to the comment that Eric made here.

 

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Mark DeMichele
Posted on: 25 Aug 2020 19:02

Here's some more info.

MS Teams Version: 1.3.00.21759

Fiddler Version: v5.0.20202.18177 5.0.20202.18177 for .NET 4.6.1

On the HTTPS tab in Options I added this.

*.microsoft.com
*.live.com
*.office.net
*.office365.com
*.office.com

On the connections tab under Bypass Filler for URL that start with:  I originally had something similar but when it wasn't working I moved those similar settings to the HTTP tab.  Now, I just have this for Bypass.

<-loopback>;

Should I try to add them there.  I thought having the HTTPs one would be enough, but it's still giving me trouble.  If I do add items to the Bypass part, what format do I use.  That "starts with.." statement seems a little misleading.

Thanks for your help.

Eric
Posted on: 25 Aug 2020 15:39

For what it's worth, changes to the proxy bypass list are applied the next time Fiddler capturing is enabled, so you can just hit F12 twice on Fiddler's main screen to detach Fiddler, then reattach with the new bypass list.

 

ADMIN
Garo
Posted on: 25 Aug 2020 13:47

Hello Mark,

I'm having difficulties with reproducing the reported issue when using Fiddler with Microsoft Teams. In the past, I've had occasions where Outlook would misbehave when Fiddler is running, but this was always resolved by adding the outlook URLs to the bypass list. Also, you are correct that modifying the bypass list requires you to restart Fiddler to take effect.

We attempted to reproduce the issue with different versions of Fiddler and version 1.3.00.19173 of Teams, but without success. Can you tell me which version of Fiddler and Teams are you using? Also, have you tried reinstalling Fiddler? 

Regards,
Garo
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Mark DeMichele
Posted on: 18 Aug 2020 22:37
I'm still having issues with this. When I fiddler is running MS Team gives a "disconnected" error.   However, it seems to work except for showing me updated status of people.  As soon as I stop capturing or close fiddler, the errors fix themselves.
Eric
Posted on: 06 Aug 2020 13:46

The "Show only" is literally a display-only filter; it doesn't change what is captured.

Running Teams though Fiddler ought to work just fine, but if you don't care about Teams' traffic, your best bet is to use Tools > Options > HTTPS and either change the dropdown so that Fiddler only decrypts HTTPS traffic from browsers OR update the box at the bottom so Fiddler skips decryption for the hostnames used by Teams.

Mark DeMichele
Posted on: 05 Aug 2020 14:47
My previous change to bypass the urls may actually  be working.  I think I needed to restart fiddler.  I'll let you know if teams breaks again.
Mark DeMichele
Posted on: 05 Aug 2020 14:47
BTW, this just recently started happening in the last few weeks.  I'm not sure if I updated fiddler within that time.  But something has changed not too recently to cause this.
Mark DeMichele
Posted on: 05 Aug 2020 14:45

So I did discover why I was seeing "yellow" entries for teams.microsoft.com.  I believe it was due to the setting

"If protocol violations are observed: Warn on all errors" setting.  I changed that to "Do nothing" and now I don't see those guys in the list of sessions.  However, that still did not fix MS Teams from losing connection.

I went to the SO link you gave and the last post suggested to add to the list of Bypass Fiddler for URLS that start with....

I modified it to do this,

<-loopback>; *office.com; *office365.com; *live.com;*.microsoft.com;

But that didn't help.  I'll look for other solutions now.

ADMIN
Nick Iliev
Posted on: 05 Aug 2020 11:24

Hello Mark,

 

Indeed Fidler will capture traffic from multiple processes. You could limit that by using one of the solutions suggested here. However, notice that some of the Microsoft products like Teams, Outlook, Office365 are tending to have issues when they have to change the proxy settings dynamically (without explicit restart). This is the very same reason why Fiddler is capturing traffic from those products even if the capturing is turned off (they are still using the old proxy settings). In some cases, those products will start experiencing network issues as they are not changing the proxy setting even when Fiddler has been stopped and capturing is off. In such cases, restarting the Microsoft product in question is one of the viable solutions.

 

Regards,
Nick Iliev
Progress Telerik