Squid 2.7 STABLE8 (Win2008) can't get my MS Lync 2013 to work?

[Mirza Dedic <mirza.dedic@xxxxxxxxxxx>]

We are using SQUID 2.7 STABLE8 on a Windows 2008 box, it is working except when a user tries to access Microsoft Lync 2013 they get a password prompt.

I've searched the web and spent countless hours on this with no luck, anyone able to shed some light?

When i start my Microsoft Lync 2013 client, on access.log I see the following hit when the proxy dialog box shows up within the Lync application.

1412717278.341    516 172.16.12.110 TCP_MISS/200 11695 CONNECT login.microsoftonline.com:443 - DIRECT/65.52.244.66 -

Here is my squid.conf file:

I've tried to add all of the published URLs and IPs that Microsoft lists for Office 365 and related products, but I still have no luck.. anyone able to assist?

# Port on which Squid will lisen on

http_port 8080

# Authentication

auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe --helper-protocol=squid-2.5-ntlmssp

auth_param ntlm children 5

auth_param ntlm keep_alive on

auth_param basic program c:/squid/libexec/mswin_ntlm_auth.exe --helper-protocol=squid-2.5-basic

auth_param basic children 5

auth_param basic realm Proxy Server

auth_param basic credentialsttl 2 hours

auth_param basic casesensitive off

authenticate_cache_garbage_interval 10 seconds

# Squid Defaults

acl all src all

acl manager proto cache_object

acl localhost src 127.0.0.1

# Class C Internal Subnet - Defaults

acl localnet src 10.0.0.0/8

acl localnet src 172.16.0.0/12

acl localnet src 192.168.0.0/16

# ACLs

# for destination machine

acl lan_dst dst 172.16.0.0/16

# for source machine

acl lan_src src 172.16.0.0/16

# for destination domain

acl lan_domain dstdomain .contoso.com

# SSL Ports

acl SSL_ports port 443 8180 8443 563 1494 2598 8531

# Standard Ports

acl Safe_ports port 80 # http

acl Safe_ports port 81           # http for Pacific Brokerage

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # http

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 8080 8081 8082 8088 8180

acl Safe_ports port 3128         # Squid http server

acl Safe_ports port 1494 2598   # ICA - Citrix

acl Safe_ports port 7000 8000   # Oracle

acl Safe_ports port 9000         # Oracle

acl Safe_ports port 8530 # WSUS

acl Safe_ports port 55905 # WSUS

acl Safe_ports port 1025-65535 # unregistered ports

external_acl_type AD_group %LOGIN c:/squid/libexec/mswin_check_ad_group.exe -G

acl AuthorizedUsers proxy_auth REQUIRED

# ACL - Microsoft

acl msdomains dstdomain .windowsupdate.com 

acl msdomains dstdomain .microsoft.com

acl msdomains dstdomain .windows.com

acl msdomains dstdomain .live.com

acl msdomains dstdomain .msecnd.net

acl msdomains dstdomain .microsoftonline.com

acl msdomains dstdomain .office365.com

acl msdomains dstdomain .lync.com

acl msdomains dstdomain .office.com

acl msdomains dstdomain .onmicrosoft.com

acl msdomains dstdomain .microsoftonline-p.com

acl msdomains dstdomain .microsoftonline-p.net

acl msdomains dstdomain .microsoftonlineimages.com

acl msdomains dstdomain .microsoftonlinesupport.net

acl msdomains dstdomain .msocdn.com

acl msdomains dstdomain .msn.com

acl msdomains dstdomain .msn.co.jp

acl msdomains dstdomain .msn.co.uk

acl msdomains dstdomain .office.net

acl msdomains dstdomain .aadrm.com

acl msdomains dstdomain .cloudapp.net

acl msdomains dstdomain .windowsazure.com

acl msdomains dstdomain .phonefactor.net

acl msdomains dstdomain .symcb.com

# ACL - SSL Providers

acl registars dstdomain .verisign.com

acl registars dstdomain .godaddy.com

# LYNC

acl lync2013 dst 65.54.54.128/25

acl lync2013 dst 65.55.121.128/27

acl lync2013 dst 65.55.127.0/24

acl lync2013 dst 111.221.17.128/27

acl lync2013 dst 111.221.22.64/26

acl lync2013 dst 111.221.76.96/27

acl lync2013 dst 111.221.76.128/25

acl lync2013 dst 111.221.77.0/26

acl lync2013 dst 134.170.0.0/25

acl lync2013 dst 157.55.40.128/25

acl lync2013 dst 157.55.46.0/27

acl lync2013 dst 157.55.46.64/26

acl lync2013 dst 157.55.104.96/27

acl lync2013 dst 157.55.229.128/27

acl lync2013 dst 157.55.232.128/26

acl lync2013 dst 157.55.238.0/25

acl lync2013 dst 207.46.5.0/24

acl lync2013 dst 207.46.7.128/27

acl lync2013 dst 207.46.57.0/25

# OFFICE 365 PORTAL AND IDENTITY

acl 365portal dst 23.96.208.238

acl 365portal dst 23.97.64.252

acl 365portal dst 23.97.68.113

acl 365portal dst 23.97.70.147

acl 365portal dst 23.97.72.158

acl 365portal dst 23.97.72.161

acl 365portal dst 23.97.72.165

acl 365portal dst 23.97.98.128

acl 365portal dst 23.97.99.4

acl 365portal dst 23.97.99.164

acl 365portal dst 23.97.100.76

acl 365portal dst 23.97.100.92

acl 365portal dst 23.97.100.105

acl 365portal dst 23.97.100.152

acl 365portal dst 23.97.102.90

acl 365portal dst 23.97.148.36

acl 365portal dst 23.97.148.228

acl 365portal dst 23.98.66.168

acl 365portal dst 23.98.69.116

acl 365portal dst 23.98.70.90

acl 365portal dst 23.99.129.26

acl 365portal dst 23.99.129.173

acl 365portal dst 23.99.194.77

acl 365portal dst 23.99.196.232

acl 365portal dst 23.99.226.167

acl 365portal dst 23.99.227.124

acl 365portal dst 23.102.64.16

acl 365portal dst 23.102.64.255

acl 365portal dst 23.102.65.171

acl 365portal dst 23.102.65.203

acl 365portal dst 23.102.65.221

acl 365portal dst 65.52.64.61

acl 365portal dst 65.52.64.230

acl 365portal dst 65.52.136.224

acl 365portal dst 65.52.144.125

acl 365portal dst 65.52.148.27

acl 365portal dst 65.52.184.75

acl 365portal dst 65.52.196.64

acl 365portal dst 65.52.228.75

acl 365portal dst 65.52.228.100

acl 365portal dst 65.52.236.160

acl 365portal dst 65.52.244.66

acl 365portal dst 65.54.54.32/27

acl 365portal dst 65.54.55.201

acl 365portal dst 65.54.74.0/23

acl 365portal dst 65.54.80.0/20

acl 365portal dst 65.54.165.0/25

acl 365portal dst 65.55.86.0/23

acl 365portal dst 65.55.233.0/27

acl 365portal dst 65.55.239.168

acl 365portal dst 70.37.56.152

acl 365portal dst 70.37.97.234

acl 365portal dst 70.37.128.0/23

acl 365portal dst 70.37.142.0/23

acl 365portal dst 70.37.150.128/25

acl 365portal dst 70.37.159.0/24

acl 365portal dst 70.37.160.72

acl 365portal dst 70.37.160.202

acl 365portal dst 94.245.68.0/22

acl 365portal dst 94.245.82.0/23

acl 365portal dst 94.245.84.0/24

acl 365portal dst 94.245.86.0/24

acl 365portal dst 94.245.88.223

acl 365portal dst 94.245.88.194

acl 365portal dst 94.245.117.53

acl 365portal dst 94.245.108.85

acl 365portal dst 111.221.16.0/21

acl 365portal dst 111.221.24.0/21

acl 365portal dst 111.221.70.0/25

acl 365portal dst 111.221.71.0/25

acl 365portal dst 111.221.111.196

acl 365portal dst 111.221.127.112/28

acl 365portal dst 132.245.0.0/16

acl 365portal dst 134.170.0.0/16

acl 365portal dst 137.135.47.6

acl 365portal dst 137.135.47.4

acl 365portal dst 137.135.47.28

acl 365portal dst 137.116.32.43

acl 365portal dst 137.116.32.61

acl 365portal dst 137.116.48.66

acl 365portal dst 137.116.48.69

acl 365portal dst 137.116.64.162

acl 365portal dst 137.116.129.62/32

acl 365portal dst 137.117.99.175

acl 365portal dst 137.117.103.21

acl 365portal dst 137.135.41.12/32

acl 365portal dst 137.135.42.195/32

acl 365portal dst 137.135.43.100/32

acl 365portal dst 137.135.44.5/32

acl 365portal dst 137.135.44.73/32

acl 365portal dst 137.135.48.128/32

acl 365portal dst 138.91.17.43

acl 365portal dst 138.91.17.108

acl 365portal dst 138.91.18.52

acl 365portal dst 138.91.2.208

acl 365portal dst 138.91.2.210

acl 365portal dst 138.91.2.212

acl 365portal dst 157.55.45.128/25

acl 365portal dst 157.55.59.128/25

acl 365portal dst 157.55.80.175

acl 365portal dst 157.55.80.182

acl 365portal dst 157.55.84.13/32

acl 365portal dst 157.55.84.19/32

acl 365portal dst 157.55.84.80/32

acl 365portal dst 157.55.84.237/32

acl 365portal dst 157.55.130.0/25

acl 365portal dst 157.55.145.0/25

acl 365portal dst 157.55.155.0/25

acl 365portal dst 157.55.168.18

acl 365portal dst 157.55.176.63

acl 365portal dst 157.55.185.100

acl 365portal dst 157.55.194.46

acl 365portal dst 157.55.208.198

acl 365portal dst 157.55.227.192/26

acl 365portal dst 157.55.252.101

acl 365portal dst 157.56.0.0/16

acl 365portal dst 168.61.33.178/32

acl 365portal dst 168.61.35.252/32

acl 365portal dst 168.61.36.121

acl 365portal dst 168.61.37.63/32

acl 365portal dst 168.61.38.105

acl 365portal dst 168.61.39.14/32

acl 365portal dst 168.61.82.81/32

acl 365portal dst 168.61.83.48/32

acl 365portal dst 168.61.85.180/32

acl 365portal dst 168.61.85.193/32

acl 365portal dst 168.61.144.76

acl 365portal dst 168.61.208.197

acl 365portal dst 168.62.4.28

acl 365portal dst 168.62.11.24

acl 365portal dst 168.62.11.117

acl 365portal dst 168.62.16.112

acl 365portal dst 168.62.16.140

acl 365portal dst 168.62.16.149

acl 365portal dst 168.62.24.104

acl 365portal dst 168.62.24.114

acl 365portal dst 168.62.24.150

acl 365portal dst 168.62.41.25

acl 365portal dst 168.62.42.89

acl 365portal dst 168.62.52.198

acl 365portal dst 168.62.52.203

acl 365portal dst 168.62.60.71

acl 365portal dst 168.62.60.80

acl 365portal dst 168.62.104.146

acl 365portal dst 168.62.176.34

acl 365portal dst 168.62.179.4

acl 365portal dst 168.62.180.151

acl 365portal dst 168.63.16.66/32

acl 365portal dst 168.63.16.112/32

acl 365portal dst 168.63.16.114/32

acl 365portal dst 168.63.16.141

acl 365portal dst 168.63.17.221/32

acl 365portal dst 168.63.25.227

acl 365portal dst 168.63.27.2

acl 365portal dst 168.63.166.200

acl 365portal dst 168.63.165.67

acl 365portal dst 168.63.164.177

acl 365portal dst 168.63.208.73/32

acl 365portal dst 168.63.213.203/32

acl 365portal dst 168.63.214.35/32

acl 365portal dst 168.63.216.117/32

acl 365portal dst 168.63.250.173/32

acl 365portal dst 168.63.252.39/32

acl 365portal dst 168.63.252.71/32

acl 365portal dst 191.232.2.128/25

acl 365portal dst 191.233.32.111

acl 365portal dst 191.233.32.201

acl 365portal dst 191.234.6.0/24

acl 365portal dst 191.235.135.139

acl 365portal dst 191.235.135.222

acl 365portal dst 191.236.192.179

acl 365portal dst 191.237.128.159

acl 365portal dst 191.238.80.160

acl 365portal dst 191.238.81.69

acl 365portal dst 191.238.83.220

acl 365portal dst 207.46.57.128/25

acl 365portal dst 207.46.70.0/24

acl 365portal dst 207.46.73.250

acl 365portal dst 207.46.198.0/25

acl 365portal dst 207.46.206.0/23

acl 365portal dst 207.46.216.54

acl 365portal dst 213.199.128.58

acl 365portal dst 213.199.128.91

acl 365portal dst 213.199.148.0/23

acl 365portal dst 213.199.182.128/25

# OFFICE ONLINE

acl office365 dst 134.170.27.64/26

acl office365 dst 134.170.48.0/26

acl office365 dst 134.170.65.64/26

acl office365 dst 134.170.128.192/26

acl office365 dst 134.170.170.64/26

acl office365 dst 191.232.2.64/26

acl dropbox dstdomain .dropbox.com

acl icloud dstdomain .icloud.com

# Squid Cache

acl PURGE method PURGE

http_access deny manager !localhost

http_access allow PURGE localhost

http_access deny PURGE

# The method ACL type allows you to restrict access based on the request HTTP method, i.e. GET (used for downloading), POST (used for uploading) and CONNECT (used for SSL data transfers)

# It is very important that you stop CONNECT type requests to non-SSL ports. The CONNECT method allows data transfer in any direction at any time, regardless of the transport protocol used.

acl CONNECT method CONNECT

http_access deny CONNECT !SSL_ports

# Deny access to all ports except the ones defined

http_access deny !Safe_ports

# This blocks attempts to request http://localhost on the proxy server via the proxy. 

http_access deny localhost

# Deny caching for everyone so that there is not caching at all

cache deny all

http_access allow msdomains

http_access allow lync2013

http_access allow 365portal

http_access allow office365

http_access allow registars

http_access allow dropbox

http_access allow icloud

http_access allow CONNECT msdomains

http_access allow CONNECT lync2013

http_access allow CONNECT 365portal

http_access allow CONNECT office365

http_access allow CONNECT registars

http_access allow CONNECT dropbox

http_access allow CONNECT icloud

# Deny access to proxy to everyone except Authorized Users group in AD

http_access deny !AuthorizedUsers

# Disable caching

always_direct allow msdomains all

always_direct allow registars all

always_direct allow lync2013 all

always_direct allow 365portal all

always_direct allow office365 all

# Allow direct connection if the destination machine is on LAN

always_direct allow lan_dst

# Allow http access from machines on LAN

http_access allow lan_src

# Default deny

http_access deny all

http_reply_access allow all

icp_access allow all

# Squid should not check with neighbours'/parents' cache and should go to target web-server.

hierarchy_stoplist cgi-bin ?

# Logging

cache_dir ufs c:/squid/var/cache 100 16 256

access_log c:/squid/var/logs/access.log squid

cache_log c:/squid/var/logs/cache.log

cache_store_log none

logfile_rotate 4

log_ip_on_direct on

debug_options ALL,1

log_fqdn off

# SquidGuard

redirect_program c:/squidguard/squidguard.exe -c c:/squidguard/conf/squidguard.conf

redirect_children 5

# Caching

cache_mgr ittechs@xxxxxxxx

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

# Dont cache these pages

acl DYNAMIC_CONTENT urlpath_regex cgi-bin \.cgi \.pl \.php3 \.asp \.php

no_cache deny DYNAMIC_CONTENT 

# Other stuff?

acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]

upgrade_http0.9 deny shoutcast

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

error_directory c:/squid/share/errors/English

# Various features turned off.

snmp_port 0

icp_port 0

htcp_port 0

coredump_dir c:/squid/var/cache

pid_filename c:/squid/var/squid.pid

mime_table c:/squid/etc/mime.conf

unlinkd_program c:/squid/libexec/unlinkd.exe

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users