[squid-users] squid owa Exchange 2010 / slow load
Hi, this topic came up here quite a while ago however without really finding a solution. We configured a squid reverse proxy for Exchange 2010 (owa, active-sync etc.). All is working quite well with a small exception: The first load of owa takes 2-3 minutes. According to firebug the time is spend in uglobal.js (> 2m). Once all is loaded things seem to work just fine. This happens with every browser I tested (IE, Firefox, Safari, Chrome) at least once during the initial load of the page. If you kill the browser and restart OWA things are ok. This does NOT happen if I address the Exchange server OWA in question directly, at least I was not able to reproduce it. Any idea where/how to look? cache.log does not say anything regarding this. Kind regards, JP -- Seceidos GmbH&Co. KG| Tel: +49 (6151) 66843-43 Pfarrer-Staiger-Str. 39 | Fax: +49 (6151) 66843-52 55299 Nackenheim| Mobil: http://www.seceidos.de/ | Skype: jpkmobil E-Mail: jan-peter.koopm...@seceidos.de HRA 40961, Amtsgericht Mainz persönlich haftende Gesellschafterin: Seceidos Verwaltungs GmbH, Nackenheim HRB 42292, Amtsgericht Mainz Geschäftsführer: Jan-Peter Koopmann
[squid-users] Exchange ActiveSync and squid reverse proxy
Hi, we are using squid as reverse proxy for Outlook RPC over HTTPS without any problems. Today some iPhone users/customers wanted to use Exchange ActiveSync as well so I decided to "simply" allow /Microsoft-Server-ActiveSync/* as well and hoped all is well. Far from it. The Exchange ActiveSync account on the iPhone can be setup without problems and verifies. Sending E-Mails is no problem. However receiving e-mails and e-mail push does not work at all. Whenever the user tries to receive mails I see this in cache.log: 2008/11/25 11:28:26| The request OPTIONS https://outlook.test.de:443/Microsoft-Server-ActiveSync is ALLOWED, because it matched 'url_allow' 2008/11/25 11:28:26| The reply for OPTIONS https://outlook.test.de/Microsoft-Server-ActiveSync is ALLOWED, because it matched 'all' 2008/11/25 11:28:26| Invalid chunk header ' ' 2008/11/25 11:28:26| clientWriteComplete: Object aborted 2008/11/25 11:28:27| The request POST https://outlook.test.de:443/Microsoft-Server-ActiveSync?User=testuser&De viceId=Appl88843DYCY7H&DeviceType=iPhone&Cmd=FolderSync is ALLOWED, because it matched 'url_allow' 2008/11/25 11:28:27| clientReadBody: start fd=12 body_size=13 in.offset=13 cb=0x8088430 req=0x888c000 2008/11/25 11:28:27| clientProcessBody: start fd=12 body_size=13 in.offset=13 cb=0x8088430 req=0x888c000 2008/11/25 11:28:27| clientProcessBody: end fd=12 size=13 body_size=0 in.offset=0 cb=0x8088430 req=0x888c000 2008/11/25 11:28:27| The reply for POST https://outlook.test.de/Microsoft-Server-ActiveSync?User=testuser&Device Id=Appl88843DYCY7H&DeviceType=iPhone&Cmd=FolderSync is ALLOWED, because it matched 'all' 2008/11/25 11:28:27| Invalid chunk header ' ' 2008/11/25 11:28:27| clientWriteComplete: Object aborted This seems to be the root of the problem but how do I fix it if I can fix it at all? Customer is running squid-2.7.4 against Exchange 2003. Any help greatly appreciated. Regards, JP
RE: [squid-users] Strange problem with multiple DNS A Records
On Friday, June 16, 2006 1:46 PM Leonardo Rodrigues Magalhães wrote: > Definitely not !!! DNS shows that we have more than 1 address for > that host, so applications can (and generally will) use a round-robin > kind load-balancing and access all available addresses for that > particular host. > I really dont think squid should 'blacklist' that, because it's > not squid fault things arent working as they suppose to be. Nobody said it is squids fault. :-) But a user expects "things to work" and if one of the servers answers correctly it would be nice of squid to handle this accordingly. I fail to see why this would be a bad idea. And it would be a consistent suer experience since most browsers do the same. I have read about a patch for squid 1.x years ago and assumed it would be in 2.X as well. I take it that the current implementation is not able to handle this scenario? Kind regards, JP
[squid-users] Strange problem with multiple DNS A Records
Hi, I am having strange access problems for the site https://mail.hoegh.com which resolves to mail.hoegh.com has address 194.143.62.25 mail.hoegh.com has address 194.143.62.23 Currently only .23 is accessible. Browsers using squid seem to have problem (at least in our installations): 1150445662.773399 192.168.164.129 TCP_MISS/200 5260 CONNECT mail.hoegh.com:443 - DIRECT/194.143.62.23 - 1150445723.261 60484 192.168.164.129 TCP_MISS/503 0 CONNECT mail.hoegh.com:443 - DIRECT/194.143.62.25 - 1150445723.440158 192.168.164.129 TCP_MISS/200 368 CONNECT mail.hoegh.com:443 - DIRECT/194.143.62.23 - 1150445784.823 61541 192.168.164.129 TCP_MISS/503 0 CONNECT mail.hoegh.com:443 - DIRECT/194.143.62.25 - 1150449455.743456 192.168.164.129 TCP_MISS/200 5260 CONNECT mail.hoegh.com:443 - DIRECT/194.143.62.23 - 1150449516.936 61188 192.168.164.129 TCP_MISS/503 0 CONNECT mail.hoegh.com:443 - DIRECT/194.143.62.25 - 1150449517.121168 192.168.164.129 TCP_MISS/200 368 CONNECT mail.hoegh.com:443 - DIRECT/194.143.62.23 - 1150449576.282 59330 192.168.164.129 TCP_MISS/503 0 CONNECT mail.hoegh.com:443 - DIRECT/194.143.62.25 - Obviously connections to .25 fail (which sometimes results in the user receiving an operation timed out). Sometimes part of the page load, others don't. I would have expected squid to "blacklist" the not working IP for some time and therefore speeding up the access. What am I doing wrong? We are using squid 2.5.6 on FreeBSD. Any help greatly appreciated. Kind regards, JP
