On 4/07/2013 3:41 a.m., Stan2k wrote:
Thank you for you replyI think the security is set now : "acl RDS dstdomain .domain.com cache_peer_access gateway allow RDS cache_peer_access gateway deny all http_access allow RDS http_access deny all miss_access allow RDS miss_access deny all" I have no logs in IIS but in cache.log i can see this :
Hmm. Would that be IIS 6.0 ? IIRC there were a few weird issues with that.
RDG_OUT_DATA /remoteDesktopGateway/ HTTP/1.1
Pragma: no-cache
Accept: */*
User-Agent: MS-RDGateway/1.0
RDG-Connection-Id: {74E283C3-FFEC-45E9-A485-FFD941CC1DE7}
Host: Public_domain_name
Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAJYAAABoAWgBrgAAABYAFgBYAAAADgAOAG4AAAAaABoAfAAAAAAAAAAWAgAABYKIogYBsR0AAAAPwb+afd8EjjkbUjKFZt1HiHEAZgB0AHIAaQBhAGwAcwAuAHEAaABjAGwAaQBlAG4AdAAxAFAAQQBSAFEASAAtAE0AQQBMAFYAQQBVAFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8boekSNjA11IMiTqE2UKQEBAAAAAAAA+PYljf53zgHyinHwgL5B9QAAAAACABAAUQBGAFQAUgBJAEEATABTAAEAGABMAE8ATgBUAEgARAAtAEQAQwAtAFEARgAEABYAcQBmAHQAcgBpAGEAbABzAC4AcQBoAAMAMABsAG8AbgB0AGgAZAAtAGQAYwAtAHEAZgAuAHEAZgB0AHIAaQBhAGwAcwAuAHEAaAAFABYAcQBmAHQAcgBpAGEAbABzAC4AcQBoAAcACAD49iWN/nfOAQYABAACAAAACAAwADAAAAAAAAAAAAAAAAAwAAAZbtT5dfEX7qWMO07vsbzKCOkNs/WGhVyexvYLnTmElgoAEAAnBjFQKXCQj40wiZPB6Vp1CQA4AEgAVABUAFAALwBxAGYAdAByAGkAYQBsAHMALgBxAHUAYQBuAHQAaABvAHUAcwBlAC4AYwBvAG0AAAAAAAAAAAAAAAAA
Via: 1.1 lonthd-rprx01 (squid/3.3.5-20130620-r12578)
Surrogate-Capability: lonthd-rprx01="Surrogate/1.0"
X-Forwarded-For: Public_IP_Address
Cache-Control: no-cache
Connection: keep-alive
Front-End-Https: On
That looks suspiciously like a Kerberos token sent as "NTLM". Although it may just be an artifact of how the NTLMv2 security hash is formatted. Other than that the above looks like a valid request.
---------- 2013/07/03 16:04:07.209| http.cc(1172) readReply: local=Reverse_Proxy_Local_IP:59707 remote=Parent_Server_Local_IP:443 FD 10 flags=1: read failure: (104) Connection reset by peer. 2013/07/03 16:04:07.210| forward.cc(609) serverClosed: FD -1 https://Public_domain_name/remoteDesktopGateway/ 2013/07/03 16:04:07.210| errorpage.cc(1281) BuildContent: No existing error page language negotiated for ERR_READ_ERROR. Using default error file. 2013/07/03 16:04:07.210| store.cc(994) checkCachable: StoreEntry::checkCachable: NO: not cachable 2013/07/03 16:04:07.210| client_side_reply.cc(1974) processReplyAccessResult: The reply for RDG_OUT_DATA https://Public_domain_name/remoteDesktopGateway/ is ALLOWED, because it matched 'RDS' 2013/07/03 16:04:07.210| client_side.cc(1377) sendStartOfMessage: HTTP Client local=Reverse_Proxy_Local_IP:443 remote=Public_IP_Address:57042 FD 9 flags=1 2013/07/03 16:04:07.210| client_side.cc(1378) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 502 Bad Gateway Server: squid/3.3.5-20130620-r12578 Mime-Version: 1.0 Date: Wed, 03 Jul 2013 15:04:07 GMT Content-Type: text/html Content-Length: 4218 X-Squid-Error: ERR_READ_ERROR 104 Vary: Accept-Language Content-Language: en X-Cache: MISS from lonthd-rprx01 Via: 1.1 Squid_local_name (squid/3.3.5-20130620-r12578) Connection: close I can see the (104) error connection reset by peer and the 502 error code bad gateway.
Okay so it is the server disconnecting before delivering a response. That sort of hints at one of three things:
* broken server scripts crashing * overloaded server trying to protect itself by dropping connections* network congestion controls trying to recover (some firewall moving into "SYN flood" handling and issuing TCP RESET packets to Squid)
I launched a wireshark on the rds gateway and i can see there is an ssl negotiation when i try to connect. The fact that IIS don't show any logs make me think there is no autentication error. maybe a network issue?
Amos
