I have squid configured and working fine with ntlm authentication, however about once a week access to the throughput will slow and I can be presented with access denied messages. Restarting squid instantly fixes the problem. My configuration is relatively simple as bellow. I don't have a large user base. There's only 60 users and the problem is instantly gone upon restarting squid which suggests to me that it's not simply be a problem of load as the log would suggest. I wondered if it was a single computer or application causing the issue but I'm not sure how to find out. http_port 8080 auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe auth_param ntlm children 30 external_acl_type win_domain_group children=30 ttl=120 %LOGIN c:/squid/libexec/mswin_check_lm_group.exe -G acl all src 0.0.0.0/0.0.0.0 acl nocache dstdomain "C:\squid\etc\nocache_domains.acl" acl unauthenticatednet src "C:\squid\etc\unrestrictedaddresses.acl" acl blocked src "C:\squid\etc\restrictedaddresses.acl" acl inetallowgroup external win_domain_group InternetAllow acl inetrestrictgroup external win_domain_group InternetRestricted acl localhost src 127.0.0.1/255.255.255.255 acl localnet proxy_auth REQUIRED src 192.168.0.0/255.255.255.0 acl denied_domains dstdomain "C:\squid\etc\denied_domains.acl" acl allowed_domains dstdomain "C:\squid\etc\allowed_domains.acl" acl allowed_addresses dst "C:\squid\etc\allowed_addresses.acl" acl manager proto cache_object always_direct allow nocache http_access allow manager monitor http_access deny localhost http_access deny blocked http_access allow unauthenticatednet http_access allow allowed_domains http_access allow allowed_addresses http_access deny inetrestrictgroup denied_domains http_access allow inetrestrictgroup http_access allow inetallowgroup http_access deny all cache_mem 500 MB maximum_object_size_in_memory 1 MB cache_dir ufs c:/squid/var/cache 7000 16 512 access_log C:\squid\var\logs\access.log squid. My cache log would seem to suggest that it's related to the ntlm helper processes. Eg /mswin_check_lm_group.exe Can't find DC for local domain 'asd' 2011/11/14 11:31:57| storeUfsCreate: Failed to create c:/squid/var/cache/01/C2/00058467 ((13) Permission denied) /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' 2011/11/14 12:15:40| clientTryParseRequest: FD 361 (192.168.0.252:2504) Invalid Request 2011/11/14 12:26:41| sslWriteClient: FD 1062: write failure: (10054) WSAECONNRESET, Connection reset by peer.. 2011/11/14 12:37:12| sslReadClient: FD 370: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 12:41:31| WARNING: All ntlmauthenticator processes are busy. 2011/11/14 12:41:31| WARNING: up to 34 pending requests queued /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' 2011/11/14 12:45:11| WARNING: All ntlmauthenticator processes are busy. 2011/11/14 12:45:11| WARNING: up to 30 pending requests queued 2011/11/14 12:45:11| Consider increasing the number of ntlmauthenticator processes to at least 60 in your config file. 2011/11/14 12:45:41| WARNING: All ntlmauthenticator processes are busy. 2011/11/14 12:45:41| WARNING: up to 36 pending requests queued 2011/11/14 12:45:41| Consider increasing the number of ntlmauthenticator processes to at least 66 in your config file. 2011/11/14 12:46:11| WARNING: All ntlmauthenticator processes are busy. 2011/11/14 12:46:11| WARNING: up to 42 pending requests queued 2011/11/14 12:46:11| Consider increasing the number of ntlmauthenticator processes to at least 72 in your config file. /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' 2011/11/14 12:47:06| WARNING: All ntlmauthenticator processes are busy. 2011/11/14 12:47:06| WARNING: up to 55 pending requests queued 2011/11/14 12:47:06| Consider increasing the number of ntlmauthenticator processes to at least 85 in your config file. /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' 2011/11/14 12:52:25| sslReadClient: FD 1062: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:13:51| clientTryParseRequest: FD 907 (192.168.0.148:1812) Invalid Request 2011/11/14 13:13:55| clientTryParseRequest: FD 907 (192.168.0.148:1831) Invalid Request 2011/11/14 13:16:50| clientTryParseRequest: FD 1454 (192.168.0.148:1874) Invalid Request 2011/11/14 13:16:53| clientTryParseRequest: FD 1440 (192.168.0.148:1867) Invalid Request 2011/11/14 13:21:07| clientTryParseRequest: FD 1254 (192.168.0.148:1927) Invalid Request 2011/11/14 13:21:10| clientTryParseRequest: FD 763 (192.168.0.148:1919) Invalid Request 2011/11/14 13:22:30| clientTryParseRequest: FD 621 (192.168.0.148:1958) Invalid Request 2011/11/14 13:22:34| clientTryParseRequest: FD 894 (192.168.0.148:1949) Invalid Request 2011/11/14 13:41:35| clientTryParseRequest: FD 1019 (192.168.0.148:2331) Invalid Request 2011/11/14 13:41:35| clientTryParseRequest: FD 1004 (192.168.0.148:2360) Invalid Request /mswin_check_lm_group.exe Can't find DC for local domain 'asd' 2011/11/14 13:51:23| CACHEMGR: <unknown>@192.168.0.14 requesting 'menu' 2011/11/14 13:51:27| CACHEMGR: <unknown>@192.168.0.14 requesting 'events' 2011/11/14 13:51:32| CACHEMGR: <unknown>@192.168.0.14 requesting 'ipcache' 2011/11/14 13:51:43| CACHEMGR: <unknown>@192.168.0.14 requesting 'fqdncache' 2011/11/14 13:51:50| CACHEMGR: <unknown>@192.168.0.14 requesting 'ntlmauthenticator' 2011/11/14 13:51:59| CACHEMGR: <unknown>@192.168.0.14 requesting 'http_headers' 2011/11/14 13:52:05| CACHEMGR: <unknown>@192.168.0.14 requesting 'info' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' 2011/11/14 13:52:26| CACHEMGR: <unknown>@192.168.0.14 requesting 'server_list' 2011/11/14 13:52:35| CACHEMGR: <unknown>@192.168.0.14 requesting 'pending_objects' 2011/11/14 13:54:38| sslReadClient: FD 454: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 885: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 896: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 977: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 1075: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 1129: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 1132: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 1136: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 1141: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 1142: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 1173: read failure: (10053) WSAECONNABORTED, Software caused connection abort. 2011/11/14 13:54:38| sslReadClient: FD 1176: read failure: (10053) WSAECONNABORTED, Software caused connection abort. /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' /mswin_check_lm_group.exe Can't find DC for local domain 'asd' And the cache authentication statistics seem to sugget the same # FD PID # Requests Flags Time Offset Request 1 7 3204 39410 B R 11.297 0 KK TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAYABgBIAAAACgAKAE4AAAAKAAoAWAAAAAAAAACSAAAABYKIogUBKAoAAAAPQQBTAEQAYwBkAHUAdAB5AEMARABVAFQAWQBFHC2/aZo/+gAAAAAAAAAAAAAAAAAAAABsa0q3oRwyDJx4h7JJa4x2NSj6zv+154c=\n 2 10 216 13610 B R 11.281 0 KK TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAYABgBIAAAACgAKAE4AAAAKAAoAWAAAAAAAAACSAAAABYKIogUBKAoAAAAPQQBTAEQAYwBkAHUAdAB5AEMARABVAFQAWQB5fpurkDCGsgAAAAAAAAAAAAAAAAAAAABmm++jCp3ZZTwnwbbLXOChE19qEhj7GPU=\n 3 14 1124 7279 B R 11.281 0 KK TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAYABgBIAAAACgAKAE4AAAAKAAoAWAAAAAAAAACSAAAABYKIogUBKAoAAAAPQQBTAEQAYwBkAHUAdAB5AEMARABVAFQAWQDjyrQ1V56E6QAAAAAAAAAAAAAAAAAAAABTnsJ8U5vk9Bv05B3wpsMdv08lQZuUHDQ=\n 4 18 204 4915 B R 11.281 0 KK TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAYABgBIAAAACgAKAE4AAAAKAAoAWAAAAAAAAACSAAAABYKIogUBKAoAAAAPQQBTAEQAYwBkAHUAdAB5AEMARABVAFQAWQCy/I80NmbX8wAAAAAAAAAAAAAAAAAAAAB7osVkiKP/y2MwtsKQjHSb/p1dqu0mXSE=\n 5 22 2204 3363 B R 8.500 0 KK TlRMTVNTUAADAAAAGAAYAHgAAAAYABgAkAAAAAYABgBIAAAAEAAQAE4AAAAaABoAXgAAAAAAAACoAAAABYKIogUBKAoAAAAPQQBTAEQAZABjAGgAYQBwAG0AYQBuAEEARAAtAEQALQBEAEMASABBAFAATQBBAE4A9TxKkYJ2NT4AAAAAAAAAAAAAAAAAAAAA9HA9v7TRrIbxZEsELl5CKwJPRL2NkhBB\n 6 26 1348 2353 B R 25.157 0 KK TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAAAYABgBYAAAADgAOAF4AAAAQABAAbAAAAAAAAACsAAAABYKIogYBsB0AAAAPUZKAUw15tyRt85EJs4ds0kEAUwBEAG0AbwBhAGsAbABlAHkATQBBAFIASwBPAC0AUABDAB6mk+ThrF/SAAAAAAAAAAAAAAAAAAAAAJZp8l4RFCai8HhQnbBMbSKJy6rEVxVrmg==\n 7 30 2412 1730 B R 23.266 0 KK TlRMTVNTUAADAAAAGAAYAIwAAABGAUYBpAAAAAYABgBYAAAAFAAUAF4AAAAaABoAcgAAAAAAAADqAQAABYKIogYBsB0AAAAPEx8HE9ghzLxw8YM492xFY0EAUwBEAHIAYQB5AHMAdABlAHcAYQByAHQAUwBMAC0ATAAtAFIAUwBUAEUAVwBBAFIAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAopX4fh1/JVMNZ0jonxv6tAQEAAAAAAAAZwPca1aLMAR6hQgDHC3rAAAAAAAIABgBBAFMARAABABYASQBUAC0AUwAtAFMAUQBVAEkARAAxAAQAEgBhAHMAZAAuAGwAbwBjAGEAbAADACoASQBUAC0AUwAtAFMAUQBVAEkARAAxAC4AYQBzAGQALgBsAG8AYwBhAGwABQASAGEAcwBkAC4AbABvAGMAYQBsAAgAMAAwAAAAAAAAAAAAAAAAMAAA62p3iYcwRL/HfxNTKswtnFEfM725J2cpYkavWW7bK98KABAAAAAAAAAAAAAAAAAAAAAAAAkASABIAFQAVABQAC8AcwBhAGYAZQBiAHIAbwB3AHMAaQBuAGcALgBjAGwAaQBlAG4AdABzAC4AZwBvAG8AZwBsAGUALgBjAG8AbQAAAAAAAAAAAA==\n 8 34 2964 1300 B R 22.985 0 KK TlRMTVNTUAADAAAAGAAYAGwAAAAYABgAhAAAAAYABgBIAAAAEAAQAE4AAAAOAA4AXgAAAAAAAACcAAAABYKIogUBKAoAAAAPQQBTAEQAcABiAHIAYQBtAGEAbABsAFIAUgBJAEwARQBZADIATZjadwxp5tQAAAAAAAAAAAAAAAAAAAAASYd9/R8y5Tob3P//U8SEiryla9F3AuZb\n 9 38 3652 1058 B R 22.266 0 KK TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAAAYABgBYAAAADgAOAF4AAAAQABAAbAAAAAAAAACsAAAABYKIogYBsB0AAAAPPF+U/YqG+gOlBRTXq/IUIUEAUwBEAG0AbwBhAGsAbABlAHkATQBBAFIASwBPAC0AUABDAN5IHWAIqk+YAAAAAAAAAAAAAAAAAAAAABevFlq1IhxtUm4zjn6ilSDN5fS53f7atw==\n 10 42 2200 891 B R 20.579 0 KK TlRMTVNTUAADAAAAGAAYAHgAAAAYABgAkAAAAAYABgBIAAAAEAAQAE4AAAAaABoAXgAAAAAAAACoAAAABYKIogUBKAoAAAAPQQBTAEQAZABjAGgAYQBwAG0AYQBuAEEARAAtAEQALQBEAEMASABBAFAATQBBAE4AE5MB2EGlPgoAAAAAAAAAAAAAAAAAAAAA06USMNi71MJUeIGgpj8Y45bSTt4c5DRk\n 11 46 3364 762 B R 16.016 0 KK TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAYABgBIAAAAEgASAE4AAAAKAAoAYAAAAAAAAACaAAAABYKIogUBKAoAAAAPQQBTAEQAbQB0AGUAYQBzAGQAYQBsAGUARABFAEwATAAyAAlLJQN4/8FyAAAAAAAAAAAAAAAAAAAAALR8q9dPWCz468szg0ij8ssVjBQBmiHyjw==\n 12 50 1876 656 B R 15.829 0 KK TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAMAAwBwAAAAEAAQAHMAAAAKAAoAgwAAAAAAAAAAAAAABoKJAvnEl5trx4H7AAAAAAAAAAAAAAAAAAAAAJcpmgeNuFpm1//rUdZ7RbT6sUAKAAyvd2FzZG5hZ2lvc2NoZWNrcHJveHlJVC1TLVNIRUVO\n 13 54 2704 530 B R 14.969 0 KK TlRMTVNTUAADAAAAGAAYAGYAAAAYABgAfgAAAAYABgBIAAAADAAMAE4AAAAMAAwAWgAAAAAAAACWAAAABYKIogUBKAoAAAAPQQBTAEQAYQBiAGEAdAB0AHkAQQBCAEEAVABUAFkASOSjcHhGApYAAAAAAAAAAAAAAAAAAAAAIsubNiwyVHlZqGHG+QJvxqIO1ULBPlxh\n 14 58 1060 515 B R 14.188 0 KK TlRMTVNTUAADAAAAGAAYAGAAAAAYABgAeAAAAAYABgBIAAAADAAMAE4AAAAGAAYAWgAAAAAAAACQAAAABYKIogUBKAoAAAAPQQBTAEQAZAByAGkAbABlAHkAVABDADEAAEdK3MRR+KEAAAAAAAAAAAAAAAAAAAAAxcqMb9xPGOpeDs4orOHjEqewQS16Hvv+\n 15 62 2120 427 B R 13.657 0 KK TlRMTVNTUAADAAAAGAAYAGAAAAAYABgAeAAAAAYABgBIAAAADAAMAE4AAAAGAAYAWgAAAAAAAACQAAAABYKIogUBKAoAAAAPQQBTAEQAZAByAGkAbABlAHkAVABDADEAzr0FNa2gWNwAAAAAAAAAAAAAAAAAAAAA5EBHL3QEr9B2Vdca+JXQML8lqxUeNtWM\n 16 66 3156 379 B R 11.344 0 KK TlRMTVNTUAADAAAAGAAYAGAAAAAYABgAeAAAAAYABgBIAAAADAAMAE4AAAAGAAYAWgAAAAAAAACQAAAABYKIogUBKAoAAAAPQQBTAEQAZAByAGkAbABlAHkAVABDADEAeO04tPjHJMcAAAAAAAAAAAAAAAAAAAAABoOtvGgkCAOA5b1yN2QgcLGy1GbF4Un7\n 17 70 1536 354 R 0.031 0 (none) 18 74 588 313 B R 1.062 0 KK TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAYABgBIAAAACgAKAE4AAAAKAAoAWAAAAAAAAACSAAAABYKIogUBKAoAAAAPQQBTAEQAcAByAHkAYQBuAEkAVABNAEEATgBSxn2OwQzZcgAAAAAAAAAAAAAAAAAAAACFZr0y7LOdVFHVxrwOQYX2de4LdsCaeSU=\n 19 78 2556 255 B R 0.094 0 KK TlRMTVNTUAADAAAAGAAYAGAAAAAYABgAeAAAAAYABgBIAAAADAAMAE4AAAAGAAYAWgAAAAAAAACQAAAABYKIogUBKAoAAAAPQQBTAEQAZAByAGkAbABlAHkAVABDADEAtntPAUsUb/IAAAAAAAAAAAAAAAAAAAAAqplCMtJqcK4oIRjNEfTOS60s2qFTBEDJ\n 20 82 3428 233 34.970 0 (none) 21 86 1604 222 29.486 0 (none) 22 90 3672 207 29.032 0 (none) 23 94 3276 179 28.267 0 (none) 24 98 1176 148 25.204 0 (none) 25 102 3584 143 18.531 0 (none) 26 106 3948 149 16.344 0 (none) 27 110 288 128 28.564 0 (none) 28 114 2180 102 26.892 0 (none) 29 118 3580 105 26.892 0 (none) 30 122 3268 93 26.876 0 (none) Regards John ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
