I've been even trying using Squid 3.2.0.2, which I manually compiled. As you know, Squid 3.2.0.2 has better support for HTTP/1.1 (I thought it was something related with that, as Squid 2.6STABLE21 uses HTTP/1.0). Now, with the sniffer I see HTTP/1.1 responses from Live servers through Squid (when with Squid < 3.2 I was getting HTTP/1.0 responses). Furthermore, balance_on_multiple_ip is off by default in 3.2. Nothing changed. I have to use this old software as I have _many_ users with this software already installed, and upgrading would be a pain right now. I don't think the problem is that Live servers are refusing to login old releases. I was able to login in from the same clients using direct connection and through an ISA server 2006 .... :( Thanks! On 05/11/10 02:19, gsandorx@xxxxxxx wrote: > Hi, > > I'm trying to setup a Squid server (Centos 5.5, Squid 2.6-STABLE21, > x64) to help my users to connect to Windows Live (as well as to provide > navigation). They _must_ use Windows Messenger (4.x, 5.x - the ones > shipped by default with Windows XP). > The Windows Messenger app login successfully (if you enter a wrong > username/passw combination it refuses to connect) but cannot complete > the sign in process, displaying (almost indefinitely "Singing in..."). > Looking in access.log, I only see: > > 1288735315.171 6858 172.22.8.202 TCP_MISS/200 8272 CONNECT > login.live.com:443 - DIRECT/65.54.186.17 - > > And then (many times, actually!): > > 1288735321.511 2048 172.22.8.202 TCP_MISS/200 1539 POST > http://64.4.44.76/gateway/gateway.dll? - DIRECT/64.4.44.76 > application/x-msn-messenger > > I tried using Windows Live Messenger (2009) and it worked perfectly. I > even tried using an ISA Server 2006 with Windows Messenger (5.x) and it > worked as well. I don't have yet any special/tricky ACL, only > "http_access allow all" to avoid confusions. > > Does anybody has a similar setup (squid + windows messenger) ? Any help > is appreciated. > Do you have "balance_on_multiple_ip" set to off? It needs to be The problems may be this: security keys validation sent via CONNECT ... DIRECT/65.54.186.17 login actually performed via POST to ... DIRECT/64.4.44.76 An edcated guess is that the Live software uses HTTP/1.1 and persistent connections. Why do you have this strict MUST requirement on using very old versions? Part of the problem may also be that the Live servers refuse login from old releases with known remote-access security vulnerabilities. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.2