'Re: [squid-users] Exchange 2010 and 502 Bad Gateway'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] Exchange 2010 and 502 Bad Gateway
From:       Bill Houle <bill.houle () gmail ! com>
Date:       2013-08-30 6:10:50
Message-ID: 5220376A.5060307 () gmail ! com
[Download RAW message or body]


On 8/23/2013 2:33 AM, Amos Jeffries wrote:
> On 23/08/2013 8:18 p.m., Bill Houle wrote:
>> For the next in my continuing Exchange saga, let's talk 502 errors. 
>> I've got a couple different instances.
>>
>> 1) ActiveSync sends periodic 'Ping' requests to implement its "server 
>> push" feature.
>
> potential problem #1: what type of keep-alive request? the old 
> HTTP/1.0 "Keep-Alive:" header is deprecated, not supported by Squid 
> and does not actually work most places anyway.

Requests are HTTP 1.1 style.

>> It uses a back-off algorithm to eventually settle on a timing value 
>> that it knows the network can support:
>
> potential problem #2: are they using HTTP/1.1 1xx status codes from 
> the server as this sync ping or HTTP/1.0 simple request/reply pairs?

Keeping in mind that this is Microsoft after all, no, it looks like they 
do not do much handling of the status codes. Either a 200 OK is received 
and it keeps listening, or all others trigger a sync and a timing 
adjustment.

> Squid older than 3.2 do not support the 1xx status response. So is 
> there any HTTP/1.0 software along the network path? (including Squid 
> up to version 3.1).

Not in this case, but to your point, this is not a guarantee for all cases.

> This is where we come back to the whole design of this being a 
> terrible way to operate.

Oh well.

But enough about ActiveSync...

>> 2) Next problem is OWA (WebMail). OWA is designed to mimic Outlook, 
>> so if Outlook can support 10Meg attachments, so can OWA. A user tries 
>> to send a large attachment... 

When I raised this issue, it was basically a repeat of a similar 
question posted on this list last year:

http://www.squid-cache.org/mail-archive/squid-users/201209/0272.html

The answer at the time was the expected "Squid doesn't care about size". 
And it doesn't. But there was never an actual resolution from the 
standpoint of making Exchange work properly. In case anyone else is 
interested in the solution, I have to thank kiphat@singleuser. He broke 
out wireshark and discovered that SSL 2.0 key negotiation was breaking 
the connection.

http://singleuser.blogspot.com/2013/05/exchange-owaoutlook-anywhere-proxy-with.html?m=1

When SSL 3.0 was forced on the Squid cache_peer, all was right with the 
world. We made the same change and now appear to be in a similar state 
of nirvana.

--bill


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic