Hello, Thank you, but we are using Exchange 2010 SP1 (does that change anything) and the below workaround isn't workable for me. (we now have a running proxy on apache 2.0.54 on the site of our ISP, but they quit the support and maintenance on that one so we now want to do it ourselves). Are there any more suggestions? Regards, Ed Commandeur -----Oorspronkelijk bericht----- Van: Clem [mailto:clemfree@xxxxxxx] Verzonden: woensdag 18 april 2012 9:31 Aan: Commandeur, Ed; squid-users@xxxxxxxxxxxxxxx Onderwerp: RE: Squid Proxy Hello, Squid can't handle ntlm to ntlm exchange 2007, this is the double hop issue, I've found a workaround that is telling to squid to auth in basic then client auth in ntlm, we have to modify exchange IISAuthentication to accept both ntlm and basic, that works, but only with XP clients. For windows7 clients we have to use a lm or ntlm for lanmanserver level configuration on security policies : http://www.sevenforums.com/attachments/network-sharing/99233d1285088277-home group-problem-lanmanserver-lanman-security-options.png And you have to disable msstd option in Outlook : http://2.bp.blogspot.com/_1_AwklpKUEc/SUmbOkOURDI/AAAAAAAAAVk/aoHPPaVVesI/s4 00/msstd.JPG Else outlook anywhere via squid and ntlm will not work on Windows7 clients. You can follow my thoughs over this topic subject : https analyze, squid rpc proxy to rpc proxy ii6 exchange2007 with ntlm I'm still searching for a solution ... Cause I've some external clients with laptops (W7) and I don't want to manually configure them, I want my squid Exchange frontal project to be whole transparent for my clients. Regards Clem -----Message d'origine----- De : Commandeur, Ed [mailto:Ed.Commandeur@xxxxxx] Envoyé : mercredi 18 avril 2012 07:46 À : 'squid-users@xxxxxxxxxxxxxxx' Objet : Squid Proxy Hello, I'm really stuck at the moment using the Squid reverse proxy. I've seen on = the website a config for exchange rpc over HTTPs and I've set those setting= s using my own environment. The reverse proxy works with owa and all the other exchange application exc= ept for RPC over HTTPS. It seems to be that the NTLM negotiating isn't forw= arded to our mailserver. Here's my squid config acl httptohttps myport 80 http_access deny httptohttps deny_info https://<owa url>/ httptohttps # extensions for Exchange RPC over HTTPS extension_methods RPC_IN_DATA RPC_OUT_DATA # Publish the RPCoHTTP service via SSL https_port <server ip>:443 accel cert=3Dc:/squid/etc/ssl/<wildcardcert>.crt= key=3Dc:/squid/etc/ssl/<wildcardcert>.key defaultsite=3D<owa url> cache_peer <mailserver ip> parent 443 0 no-query originserver login=3DPASS = ssl sslflags=3DDONT_VERIFY_PEER sslcert=3Dc:/squid/etc/ssl/<wildcardcert>.c= rt sslkey=3Dc:/squid/etc/ssl/<wildcardcert>.key name=3DexchangeServer access_log c:/squid/var/logs/access.log acl EXCH dstdomain <owa url> acl all src 0.0.0.0/0.0.0.0 cache_peer_access exchangeServer allow EXCH cache_peer_access exchangeServer deny all never_direct allow EXCH # Lock down access to just the Exchange Server! http_access allow EXCH http_access deny all miss_access allow EXCH miss_access deny all I'm running the 2.7Stable8 version on a Windows 2008R2 SP1 server. I get the following error in the access log when I try to open just the web= page to the RPC site <my ip> TCP_DENIED/401 1733 GET https://<owa url>/rpc - NONE/- text/html Someone got any idea? With kind regards, Ed Commandeur information & media technology systemadministrator email: ed.commandeur@xxxxxx Site: http://www.akn.nl
