Back with my windows7 test, and failed ... I dunno exactly why, but It times out with a "server is is unavailable". In my IIS httperr log I have : HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?xx.xx.fr:6004 400 1 BadRequest DefaultAppPool HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?xx.xx.fr:6001 400 1 Connection_Dropped DefaultAppPool Ok with XP, not with windows7 and vista I guess Can you help me with this ? Thx Clem -----Message d'origine----- De : Clem [mailto:clemfree@xxxxxxx] Envoyé : jeudi 22 mars 2012 21:40 À : squid-users@xxxxxxxxxxxxxxx Objet : Re: TR: TR: https analyze, squid rpc proxy to rpc proxy ii6 exchange2007 with ntlm For infos, I'm using squid 3.2016 beta, exchange 2007 sp3 and a test client on XP, I'll test a client on windows7. No config for blackberry devices, they don't use activesync but the connection to blackberry server directly connected to our exchange. Le 22/03/2012 15:50, Clem a écrit : > I've tested activesync with this tool > https://store.accessmylan.com/main/diagnostic-tools , all is OK ! I will be > able to put my front-end squid proxy for exchange 2007 in production soon ! > > > -----Message d'origine----- > De : Clem [mailto:clemfree@xxxxxxx] > Envoyé : jeudi 22 mars 2012 14:40 > À : 'Clem'; 'squid-users@xxxxxxxxxxxxxxx' > Cc : 'Amos Jeffries'; 'squid-users@xxxxxxxxxxxxxxx' > Objet : RE: TR: https analyze, squid rpc proxy to rpc proxy > ii6 exchange2007 with ntlm > > Forgot the powershell command : > > get-outlookanywhere | set-outlookanywhere -IISauthentication basic,Ntlm > > Infos there : > http://marckean.wordpress.com/2009/02/06/exchange-2007-sp1-outlook-anywhere- > ntlm-authentication-for-domain-based-and-workgroup-based-computers/ > > -----Message d'origine----- > De : Clem [mailto:clemfree@xxxxxxx] > Envoyé : jeudi 22 mars 2012 14:32 > À : squid-users@xxxxxxxxxxxxxxx > Cc : Amos Jeffries; squid-users@xxxxxxxxxxxxxxx Objet : RE: TR: > https analyze, squid rpc proxy to rpc proxy ii6 exchange2007 > with ntlm > > Hello all > > I'm glad to inform you that's I have found a workaround solution for outlook > anywhere client via NTLM. > I really didn't want to change any config of my clients outlook, who are > actually configured on NTLM auth via Outlook RPC Proxy settings. > > Outlook Anywhere is configured in NTLM. > > Recently I have found that the main problem with squid was the double hop > NTLM. > > So I though a different way : NTLM Clients credentials -> SQUID -> Basic > Squid Auth -> IIS RPC PROXY -> NTLM client Credentials carried by squid -> > Outlook Anywhere > > And that works !! The trick is to enable both "Integrated Windows > Authentication" (NTLM) AND "Basic authentication" on the Rpc virtual > directory of IIS (6 for my own). > On Squid you have to use login:DOMAIN\user:password to send a credential > that can auth (I have used Admin one). Dunno if it's secure to use AD admin > user/pass directly in squid.conf ? > Anyway that works so I'll continue to test now with that config. > > Now I've to test activesync with Iphone, and after with my Blackberry Server > Express. > > I can paste you some of my configurations if you need > > Regards > > Clem > > > > -----Message d'origine----- > De : Guido Serassio [mailto:guido.serassio@xxxxxxxxxxxxxxxxx] > Envoyé : dimanche 18 mars 2012 12:36 > À : clemfree@xxxxxxx > Cc : Amos Jeffries; squid-users@xxxxxxxxxxxxxxx Objet : R: TR: > https analyze, squid rpc proxy to rpc proxy ii6 > exchange2007 with ntlm > > Hi Clem, > > Currently it seems that a fully working reverse Proxy Open Source solution > for Exchange 2007 and 2010 is not available. > > Squid is really near to be fully functional, but there are still some > problems. > Look my comments in this bug: > http://bugs.squid-cache.org/show_bug.cgi?id=3141 > > Currently I'm running a patched Squid 3.1.19 with http 1.1 support enabled > in front of a Exchange 2010 Server. > RPC over HTTPS seems to work fine, while EWS from Apple and BlackBerry > clients is still problematic. > > I have tried also to use 3.2, but things seems to be worse: RPC doesn't work > at all. > > Regards > > Guido Serassio > Acme Consulting S.r.l. > Microsoft Silver Certified Partner > VMware Professional Partner > Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY > Tel. : +39.011.9530135 Fax. : +39.011.9781115 > Email: guido.serassio@xxxxxxxxxxxxxxxxx > WWW: http://www.acmeconsulting.it > > >> -----Messaggio originale----- >> Da: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] >> Inviato: venerdì 16 marzo 2012 11.54 >> A: squid-users@xxxxxxxxxxxxxxx >> Oggetto: Re: TR: https analyze, squid rpc proxy to rpc >> proxy >> ii6 exchange2007 with ntlm >> >> On 14/03/2012 11:32 p.m., Clem wrote: >>> Hello, >>> >>> Ok so I know exactly why squid can't forward ntlm credentials and >>> stop >> at >>> type1. It's facing the double hop issue, ntlm credentials can be >>> sent >> only >>> on one hop, and is lost with 2 hops like : client -> squid (hop1) >>> -> >> IIS6 >>> rpx proxy (hop2) -> exchange 2007 >>> >>> That's why when I connect directly to my iis6 rpc proxy that works >>> and >> when >>> I connect through squid that request login/pass again and again. And >>> we >> can >>> clearly see that on https analyzes. >>> >>> ISA server has a workaround about this double hop issue as I have >>> wrote >> in >>> my last mail, I don't know if squid can act like this. >>> >>> I'm searching atm how to set iis6 perhaps to resolve this problem, >>> but I don't want to "break" my exchange so I've to do my tests very >>> carefully >> Cheers. I've added a mention of this to the NTLM issiues wiki page now >> for others to find along with the archive of these messages. >> >> Amos >
