I'm having a problem with a lot of timeouts or failures to connect to a particular website. A typical section of the log is as follows: 1229617601.885 156 192.168.1.1 TCP_MISS/200 39 CONNECT web.site.com:443 domain\user DIRECT/170.146.245.34 - 1229617603.854 0 192.168.1.1 TCP_DENIED/407 1740 CONNECT web.site.com:443 - NONE/- text/html 1229617603.869 0 192.168.1.1 TCP_DENIED/407 2016 CONNECT web.site.com:443 - NONE/- text/html 1229617605.619 0 192.168.1.1 TCP_DENIED/407 1740 CONNECT web.site.com:443 - NONE/- text/html 1229617605.619 0 192.168.1.1 TCP_DENIED/407 2016 CONNECT web.site.com:443 - NONE/- text/html 1229617666.368 62499 192.168.1.1 TCP_MISS/200 56565 CONNECT web.site.com:443 domain\user DIRECT/170.146.245.34 - 1229617671.352 65733 192.168.1.1 TCP_MISS/200 8176 CONNECT web.site.com:443 domain\user DIRECT/170.146.245.34 - 1229617683.118 0 192.168.1.1 TCP_DENIED/407 1740 CONNECT web.site.com:443 - NONE/- text/html 1229617683.118 0 192.168.1.1 TCP_DENIED/407 2016 CONNECT web.site.com:443 - NONE/- text/html 1229617689.508 0 192.168.1.1 TCP_DENIED/407 1740 CONNECT web.site.com:443 - NONE/- text/html 1229617689.508 0 192.168.1.1 TCP_DENIED/407 2016 CONNECT web.site.com:443 - NONE/- text/html 1229617756.007 72889 192.168.1.1 TCP_MISS/200 338369 CONNECT web.site.com:443 domain\user DIRECT/170.146.245.34 - 1229617761.007 71499 192.168.1.1 TCP_MISS/200 159880 CONNECT web.site.com:443 domain\user DIRECT/170.146.245.34 - 1229617826.881 0 192.168.1.1 TCP_DENIED/407 1740 CONNECT web.site.com:443 - NONE/- text/html 1229617826.881 0 192.168.1.1 TCP_DENIED/407 2016 CONNECT web.site.com:443 - NONE/- text/html We're using NTLM authentication for outgoing connections and at first I thought perhaps the above was the three connections something I'd heard about NTLM, but if I check again something like google.com then I see only username after username, no multiple denied entries. I've spoken to the vendor and they say there's nothing special about the page, it's an HTTPS logon page. Checking then ntlmauthenticator shows there have been three periods over the course of the day where we had an authentication backlog, but that's it. Is that the likely cause? Performance wise everything is fine with squid. This is under squid 2.7 STABLE5 Paul Cocker TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.