Hello all, Is there someone here who succeed in setting up squid as reverse proxy for MS lync? I'm trying but I'm locked on an issue: Squid seems to block the personnal digital cert the lync server is sending to the remote Client. I mean, when the Client have got this personnal cert ( because, the client was already connecting on our internal network and retrieved the digital cert) urls are accessed , all was fine. But when the client haven't the digital cert It can't get it and failed to access the URLs : I' haven't errors on logs only these 401 return from lync server: ----------------------------------------------------------- 125 90.80.x.x TCP_MISS/200 32633 POST https://lync.toto.com/CertProv/CertProvisioningService.svc/mex - FIRST_UP_PARENT/LyncServer application/soap+xml 3 90.80.x.x TCP_MISS/401 7607 POST https://lync.toto.com/WebTicket/WebTicketService.svc/mex - FIRST_UP_PARENT/LyncServer text/html 3 90.80.x.x TCP_MISS/401 5809 POST https://lync.toto.com/CertProv/CertProvisioningService.svc - FIRST_UP_PARENT/LyncServer text/html 3 90.80.x.x TCP_MISS/401 7607 POST https://lync.toto.com/WebTicket/WebTicketService.svc/mex - FIRST_UP_PARENT/LyncServer text/html 3 90.80.x.x TCP_MISS/401 5809 POST https://lync.toto.com/CertProv/CertProvisioningService.svc - FIRST_UP_PARENT/LyncServer text/html 7 90.80.x.x TCP_MISS/401 7604 POST https://lync.toto.com/groupexpansion/service.svc/mex - FIRST_UP_PARENT/LyncServer text/html 3 90.80.x.x TCP_MISS/401 7604 POST https://lync.toto.com/groupexpansion/service.svc/mex - FIRST_UP_PARENT/LyncServer text/html 3 90.80.x.x TCP_MISS/401 7604 POST https://lync.toto.com/groupexpansion/service.svc/mex - FIRST_UP_PARENT/LyncServer text/html 2040 90.80.x.x TCP_MISS/200 21261 POST https://lync.toto.com/RgsClients/AgentService.svc/mex - FIRST_UP_PARENT/LyncServer application/soap+xml ------------------------------------------------------------- Here is pair of my squid.conf ---------------------------------------------------------- debug_options ALL,1 https_port 10.X.X.X:443 cert=/home/rproxy/certs/certlync.pem key=/home/rproxy/certs/lync.key cafile=/home/rproxy/certs/thawteca.pem vhost ignore_expect_100 on cache_peer lync parent 4443 0 no-query originserver login=PASS connection-auth=off ssl sslflags=DONT_VERIFY_PEER front-end-https=auto name=LyncServer acl LyncAcl dstdomain lync xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx cache_peer_access LyncServer allow LyncAcl ---------------------------------------------------------- I'm suspecting a issue on authentication, but again I'have no proof , no error in logs. If you have an idea on which direction to look , to get more vervbose logs, or better :), the solution with the right squid.conf.. Thanks, Laurent
