EZproxy - Troubleshooting User Problems

EZproxy - Troubleshooting User Problems

What can I tell about user errors in my EZproxy Admin interface?

First, from the main screen, choose View Audit Events - Look up the username here with a reasonable timeframe such as 30 days. Example screenshot:

Screenshot of Audit search screen

You might see that:
  1. They have logged in successfully
  2. They haven't tried to log in to EZproxy (maybe it was Primo or maybe they had a typo in their username)
  3. Wronglibrary.htm, which means they don't have the right permissions coming from the Starid LDAP server. If the person is affiliated with more than one institution, they should log in with their primary institution for best results. Put in a ticket if you want further information about why the LDAP record isn't working with EZproxy. If you are seeing this for concurrent students, check out this discussion item (need to log in).

Second, on the main screen, search the username where it says "View messages.txt lines containing". Example screenshot:

Most commonly you will see:
  1. Result 0 means success
  2. Result 49 usually means password problems and this is very common. Users often have an old password saved in the browser so you could have them use a different browser. Or have the person try this test:
    1. Type your StarID and password into Notepad
    2. Then copy and paste those into D2L, so it is clear it is working
    3. Then copy and paste those into the proxy login to be sure there are no typos or caps lock

Third, though these are pretty rare for our people, next check the three places in EZproxy where there are possible limits and possible blocks.

1 - From the main screen, View and clear intrusion attempts
2 - From the main screen, View usage limits and clear suspensions
3 - From the main screen, View Security Rules > Tripped Security Rules
With the default security rules, only 3 rules block users:
  1. EnforceOCLCByteLimit   
  2. EnforceOCLCCountryLImit                         
  3. EnforceOCLCIPLImit
If they have been blocked, you would ask them to change their password and then unblock them with the button labeled "Expire Checked" on the Tripped Security Rules page.
If they trip a rule that is only logged, they should be able to keep working. In rare cases, they might have to wait to try again once the period is done. For example, if they trip the OCLCLoginFailureLimit, once the 1 hour period is done, they can try to log in again.
If you talk to the user and think their use is reasonable . . .
  1. You can add exemptions in the Admin interface: View security rules > Security Exemptions > Add Exemption
  2. You can make a change to your security rules - put in a ticket.

Basic Tips and Questions

  1. Have the user try an incognito/private browser window
  2. Have the user try more than one browser and device
  3. Are they using old software (browser and/or operating system)?
  4. Get the link that was clicked and where it was from (Primo, D2L, Database A-Z list, etc.)
  5. Get the exact error shown – a screenshot is good and a quick video is ideal
  6. Happening to only 1 user? Can you replicate the problem?
  7. Is it happening on and off campus?
  8. VPN - if it is on, try with it off and vice versa
  9. Firewall and/or anti-virus software can cause problems
  10. Browser security settings in the browser can cause problems

Other Types of Errors Users Might See

Pay close attention to any error messages that the user sees. Get a screenshot if you can. Possible problems:
  1. Cloudflare - "This web property is not accessible via this address." If you see an error like this with Cloudflare down at the bottom, contact the vendor. They might adjust their Cloudflare settings or they could add your proxy IP address to the safelist.
  2. IP error or a vendor login screen after logging in to EZproxy. If you are able to log in through EZproxy, but you then get an IP error or a login screen, the problem is likely on the vendor side. Perhaps the subscription isn't current or the vendor needs to tweak something on their end.
  3. There is a potential problem for patrons using EZProxy when connected to your campus VPN. Put in a ticket if you want help with this.
  4. If you see the Blocked Access error message or safebrowse.io at the beginning of the url, it comes from a protected browsing setting from the internet service provider. Possible workarounds include using VPN or remote desktop, a different ISP or turn off the setting.
  5. Beware of the browser changes and how privacy settings can affect access.
  6. Errors like these tend to be something on the local machine. You can Google these types of errors for things to try. Here are some examples with links:
  1. ERR_NAME_NOT_RESOLVED - https://kinsta.com/knowledgebase/err_name_not_resolved/
  2. ERR_SSL_PROTOCOL_ERROR - https://kinsta.com/knowledgebase/err_ssl_protocol_error/

Official Documentation from OCLC

  1. Troubleshooting
  2. Known issues

    • Related Articles

    • EZproxy - Need Help?

      The following articles are available: New to EZproxy? EZproxy - Troubleshooting User Problems Recap on the Script for StarID Failures Making EZproxy Configuration Updates EZproxy Login Pages EZproxy Statistics Browser Changes and Remote Access Issues ...
    • New to EZproxy?

      What is EZproxy? EZproxy provides secure remote access to e-resources. Users authenticate and then they can access licensed online resources from off-campus. PALS hosts and supports EZproxy for about 40 libraries in Minnesota. Most use LDAP ...
    • EZproxy Statistics

      PALS implemented ReadMETRICS (also known as ezmetrics) and monthly report emails began June 2022 for our PALS-hosted institutions. There are also reports in July and January containing six months of data. For most of our PALS-hosted institutions, ...
    • EZproxy Login Pages

      We generally recommend that people keep these login pages simple, click here for an example. It is possible to get fancy if you want and you have people with HTML and CSS skills (the PALS office does not provide this service). We are hoping to move ...
    • Browser Changes and Remote Access Issues

      Why is this happening? There have been changes to privacy laws. Companies don’t want to get sued, so they need to make browsers more secure. The focus is on the commercial web and ad trackers, but our authentication uses some of the same tools behind ...