Sync works only once at Corporate Network

jsandb
My company uses a PAC(proxy/certificate something.
Previously i just set the security.enterprise_roots.enabled to true and copied the cert.8, secumod.db and key3.db to the Zotero profile directory and it worked.

Now i can only sync once and when i restart zotero it complains about wrong username or password and i can never get it working again.

It seems to stop working as soon as the cert.8 and key3 files are modified, is there any solution to this?
  • dstillman
    Now i can only sync once and when i restart zotero it complains about wrong username or password and i can never get it working again.
    Which username and password? For the proxy or for Zotero syncing?

    This shouldn't have anything to do with security.enterprise_roots.enabled (which is set to true by default in current versions) or cert8.db/etc. (which no longer need to be changed on Windows with security.enterprise_roots.enabled). Those affect the ability of Zotero to make secure network connections, but if you're getting an authentication prompt you're already past that.
  • jsandb
    Thank you for the quick reply!
    It is for the Zotero syncing.

    I tried a reinstall yesterday (5.0.67) and cleared all settings but the security.enterprise_roots.enabled was set to false from the start for me, any ideas?
    I installed Firefox 52 ESR too.

    security.enterprise_roots.enabled = true solves the SEC_ERROR_UNKNOWN_ISSUER problem but i still get a message that i use the wrong username and password. That can be solved once by copying the cert8 etc., at least i think that is the solution or it is just a coincidence that it starts working. This worked yesterday until i restarted the computer and then the "wrong username and password" pops up again.
  • dstillman
    What do you mean by "cleared all settings"? Current builds certainly default to true, so it should only be false if you have a prefs.js file where that's set to false.

    You should close Zotero, delete cert8.db/key8.db/secmod.db, restart Zotero, and then set up syncing again in the Zotero preferences. If you're still having trouble after that, provide a Debug ID for a sync attempt that gives you an authentication error. Don't copy in the cert8/etc. files from Firefox again — security.enterprise_roots.enabled obviates the need for the cert-override step on Windows, and those files are also involved in Zotero's storing of the syncing credentials, so by overwriting them you'd be interfering with the normal sync operation.
  • jsandb
    I mean that i checked the box to remove settings and manually deleted the database, but tried another reinstall now and it defaults to true as you say so not sure what i did there, sorry about that.

    I reinstalled again and sent a debug log to support@zotero.org with a link to this thread since the submit failed due to the network settings here i guess.
  • dstillman
    OK, so you're getting a 403 ("Forbidden") from your company's internet gateway for all web requests. This doesn't have anything to do with syncing — you're getting the same even for unauthenticated requests. So you'll need to talk to your IT department and ask why all your proxied requests are returning 403s.

    (And, to clarify, while these are normally secure requests to Zotero servers, your IT department has configured your computer to allow them to intercept them and pretend to be Zotero servers using a custom certificate authority, and the security.enterprise_roots.enabled setting causes Zotero to inherit the system trust settings. That's why this looks to Zotero like it's getting an authentication failure from the Zotero sync service, even though you're not actually reaching the Zotero servers.)
  • jsandb
    Thank you for the detailed reply! I will take this information to the IT department.
Sign In or Register to comment.