Not really sure what to ask for. Here's what it was this time.
When I end up with something like this:
The "failureReason" never seems to be any help at all.
It's especially disappointing when you find that you can proxy with the proxy server's account on backend DSs, no problem:
It's hard enough getting that far.
What next? Try to find the proxy's failed request in the (non-human-readable) logs.
The trouble is, the only indication of the problem is the error on the proxy, and the log message is not helpful. My next guess is access control, but one can spend hours in blind alleys... and that's just to get a demo set up.