And there's one more reason for me not to upgrade to MS Exchange 07. I'd love to ditch it. > -----Original Message----- > From: Kale D. Michels [mailto:kmichels@xxxxxxxxxxx] > Sent: Friday, August 13, 2010 2:12 PM > To: Jason Staudenmayer > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: RE: Exchange Server 2007 + Outlook > 2007 + Squid Proxy > > > Thanks. That does sound like a solid explanation to the > issue. I don't recall ever having any issues with msft > exchange 2003 but as soon as we upgraded all of these issues > arose. Thanks for your help on this. > > ~Kale > > -----Original Message----- > From: Jason Staudenmayer [mailto:jasons@xxxxxxxxxxxxxxxxxxxxx] > Sent: Friday, August 13, 2010 1:08 PM > To: Kale D. Michels > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: RE: Exchange Server 2007 + Outlook > 2007 + Squid Proxy > > Do you use ntlm auth for the proxy? If your not set for any > auth then the path the client is using to resolve might be > breaking the link. > > Like this maybe - > Outlook connects to exchange to get your email, the email > contains a web image. Outlook uses IE to render the page, IE > goes through the proxy the outlook types to get the rest of > the mail through IE which is now using the proxy. Exchange > thinks you changed IP's so it need a new token. > > > -----Original Message----- > > From: Kale D. Michels [mailto:kmichels@xxxxxxxxxxx] > > Sent: Friday, August 13, 2010 1:46 PM > > To: Jason Staudenmayer > > Cc: squid-users@xxxxxxxxxxxxxxx > > Subject: RE: Exchange Server 2007 + Outlook > > 2007 + Squid Proxy > > > > > > Thanks a lot for your help on this one Jason. I think we are > > definitely on the right track now. My only concern is that I > > do not have my proxy server setup to require authentication > > to navigate to the web. However I think from the way you are > > describing it to me.. they open the email > attempt to view > > image > navigate through proxy to get image > ... somehow it > > gets back to requiring the network authentication (domain > > authentication) in order to place the found image into the > > email for view.? > > > > Or maybe something like that... > > > > I just wanted to make sure you didn't think that the proxy > > server was requesting for authentication to the proxy server > > which is an optional configuration of the squid. > > > > Thanks again, > > > > Kale > > > > -----Original Message----- > > From: Jason Staudenmayer [mailto:jasons@xxxxxxxxxxxxxxxxxxxxx] > > Sent: Friday, August 13, 2010 11:50 AM > > To: Nick Cairncross > > Cc: squid-users@xxxxxxxxxxxxxxx; Kale D. Michels > > Subject: RE: Exchange Server 2007 + Outlook > > 2007 + Squid Proxy > > > > I use a PAC file for all internals but the issue he's seeing > > is from HTML email from outside the LAN with images being > > pulled from the web (through IE and therefore through the > > proxy server). When you open an email the server doesn't > > parse the content for you over your LAN the client must do > > that on it's own. Each element in that email will need an > > auth for the proxy server. I've been dealing with this > > situation for 8 years. They only way around it is to allow > > outlook/IE to save the password (sometimes the box isn't > > there) or allow users to bypass the proxy which defeats the purpose. > > > > Kale, check to see that this only happen when viewing an HTML > > email with web based images link in it. You shouldn't have > > any issues with RTF or plain text emails asking for auth to > > the proxy since those would be encoded in the email as a > mime section. > > > > Jason > > > > > > > > ..·><((((º> > > > > > > > -----Original Message----- > > > From: Nick Cairncross [mailto:Nick.Cairncross@xxxxxxxxxxxxxxx] > > > Sent: Friday, August 13, 2010 12:33 PM > > > To: Jason Staudenmayer > > > Cc: Kale D. Michels; squid-users@xxxxxxxxxxxxxxx > > > Subject: Re: Exchange Server 2007 + Outlook > > > 2007 + Squid Proxy > > > > > > > > > Not really on topic for squid now but... > > > > > > My setup being different I cant really add much to help you > > > here, other than I would have thought NOT passing your > > > requests through a proxy server if it's your own internal > > > mail servers is the way to go. Send it direct to your CASs. > > > > > > Example: have isa in a DMZ forwarding the > > > autodiscover.domain, OWA etc for your mail.domain for > > > external and a split horizon internal DNS. Clients within > > > your LAN use internal dns servers to resolve the above and > > > hence using a PAC file to say 'if my mail.domain send direct' > > > and don't use proxy. > > > > > > As for the prompting for external HTML that sounds like a > > > browser/auth issue. I don't see that for my ie users. Macs > > > however are a different matter... > > > > > > Nick > > > > > > On 13 Aug 2010, at 16:55, "Jason Staudenmayer" > > > <jasons@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > > > > >> -----Original Message----- > > > >> From: Nick Cairncross [mailto:Nick.Cairncross@xxxxxxxxxxxxxxx] > > > >> Sent: Friday, August 13, 2010 11:28 AM > > > >> To: Kale D. Michels; squid-users@xxxxxxxxxxxxxxx > > > >> Subject: Re: Exchange Server 2007 + Outlook > > > >> 2007 + Squid Proxy > > > >> > > > >> > > > >> By-pass proxy for local/exchange URL/host, no? > > > >> > > > >> Easiest if you use a pac file also and specify the local > > > >> addresses/subnets i.e send direct and don't touch the proxy > > > >> > > > >> Nick > > > >> > > > >> > > > >> On 13/08/2010 14:49, "Kale D. Michels" > > > <kmichels@xxxxxxxxxxx> wrote: > > > >> > > > >> I have my proxy server set to be used by the majority of my > > > >> internal users. The problem I am running into is that now > > > >> that I've upgraded (some time ago) to Exchange Server 2007 I > > > >> am now having issues between the Outlook 2007 client and the > > > >> Exchange 2007 server for those users that are configured to > > > >> pass to the internet through the proxy. The error that shows > > > >> up just requests for the username and password of the person > > > >> like it forgot the users credentials that were used to > > > >> connect to the exchange server. It appears that the emails > > > >> can be sent and received but it will repeatedly ask users for > > > >> their credentials. This is not a virus or anything in > > > >> relation to a malware infection but can be reproduced by > > > >> turning off the use of the proxy (IE Browser - proxy settings > > > >> turned off) and outlook will not ask for credentials, and > > > >> then turn the proxy back on (reverse) and the problem will > > > >> start again. Let me know if there is a quick fix (port, > > > >> protocol, acl rule) that can be put into place or an > > > >> exchange/outlook modification that can be made to resolve > > > this issue. > > > >> > > > >> Thank you, > > > >> > > > >> Kale > > > > > > > > > > > > That sounds like the situation I have here. All users go > > > through a proxy, any email that come in with web based images > > > gets a popup. If IE doesn't have the proxy set then no images > > > are shown in the email. It's only html email that pull images > > > from the web. AFAIK there's no way around this other then > > > allowing users to bypass the proxy, which kinda defeets > the purpose. > > > > > > > > Jason > > > > > > > > > > > > > > > > ..·><((((º> > > > > > > The information contained in this e-mail is of a confidential > > > nature and is intended only for the addressee. If you are > > > not the intended addressee, any disclosure, copying or > > > distribution by you is prohibited and may be unlawful. > > > Disclosure to any party other than the addressee, whether > > > inadvertent or otherwise, is not intended to waive privilege > > > or confidentiality. Internet communications are not secure > > > and therefore Conde Nast does not accept legal responsibility > > > for the contents of this message. Any views or opinions > > > expressed are those of the author. > > > > > > The Conde Nast Publications Ltd (No. 226900), Vogue House, > > > Hanover Square, London W1S 1JU > > > > > >
