Re: [squid-users] Squid TCP_MISS/502

Dawie Pretorius wrote:
> Hello Amos
>
> "I'm afraid you may need to rebuild your Squid with a newer ntlmssp
> Library"
>
> Where would I find this library, is this a rpm form the Centos repo's or something I have to compile ?
>
> Ok going to upgrade to squid-3.0.STABLE19
>
> Dawie Pretorius

Can't help I'm afraid. That datum is the edge limit of my knowledge in
the area other than several replies to that suggestion of "got it working".

Amos

> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: 27 January 2010 01:01 PM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Squid TCP_MISS/502
>
> Dawie Pretorius wrote:
>> Hello Amos
>>
>> Here is the output that you required, please accept my apologies for sending this so late.
>
> <snip>
>> 2010/01/27 11:49:28.770| httpBuildRequestHeader: Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAIgAAAAYABgAoAAAABAAEABIAAAAHgAeAFgAAAASABIAdgAAAAAAAAC4AAAABYKIogUBKAoAAAAPVABCAEEARgBSAEkAQwBBAGQAYQB3AGkAZQAuAHAAcgBlAHQAbwByAGkAdQBzAEQAQQBXAEkARQBQAC0ATABUAJAlDcVFx5d7AAAAAAAAAAAAAAAAAAAAAGbCKlx2YoJXXKoFml2B890s8ifalh6QmA==
>> 2010/01/27 11:49:28.770| httpSendRequest: FD 174:
>> GET http://old.nabble.com/Linux-mod_auth_ntlm_winbind-and-TortoiseSVN-td19756507.html HTTP/1.0
>> Host: old.nabble.com
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> Accept-Language: en-gb,en;q=0.5
>> Accept-Encoding: identity,gzip,deflate
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive: 300
>> Referer: http://www.google.co.za/url?sa=t&source=web&ct=res&cd=7&ved=0CBkQFjAG&url=http%3A%2F%2Fold.nabble.com%2FLinux-mod_auth_ntlm_winbind-and-TortoiseSVN-td19756507.html&rct=j&q=libsmb%2Fntlmssp.c%3Antlmssp_update(334)+++got+NTLMSSP+command+3%2C+expected+1&ei=RgtgS8nyC5Cx4Qad54j1Cw&usg=AFQjCNFRdfKkzLzhmxGgQpNDXJs-jiOwNg
>> Cookie: __qca=P0-1811217371-1264161407178; anonymousId=joe-181842; tview=classic; customStyle=10677; searchterms=libsmb%7Cntlmssp%7Cc%7Cntlmssp_update%7C334%7Cgot%7CNTLMSSP%7Ccommand%7C3%7Cexpected%7C1; JSESSIONID=127r1nirx8s9t; prev=%3Cbig%3E%3Ca%20id%3D%22nabble.prev_search%22%20href%3D%22/forum/Search.jtp%3Fquery%3Dlibsmb%252Fntlmssp.c%253Antlmssp_update%28334%29%2520%2520%2520got%2520NTLMSSP%2520command%25203%252C%2520expected%25201%22%3ESearch%20Nabble%20for%20%22%3Cb%3Elibsmb/ntlmssp.c%3Antlmssp_update%28334%29%20%20%20got%20NTLMSSP%20command%203%2C%20expected%201%3C/b%3E%22%3C/a%3E; channels=4893802913; __utma=151598183.1597776309.1264578545.1264578545.1264585654.2; __utmc=151598183; __utmz=151598183.1264585654.2.2.utmccn=(organic)|utmcsr=google|utmctr=libsmb%2Fntlmssp.c%3Antlmssp_update(334)+++got+NTLMSSP+command+3%2C+expected+1|utmcmd=organic; tview=dump; __utmb=151598183; v=x
>> If-Modified-Since: Wed, 27 Jan 2010 08:37:19 GMT
>> If-None-Match: 11:19756507~1:10677~1:10676~1:10547
>> Via: 1.0 ZATBIMPROXY02 (squid/3.0.STABLE10)
>> X-Forwarded-For: unknown
>> Cache-Control: max-age=0
>>
>>
>> 2010/01/27 11:49:28.770| httpSendComplete: FD 174: size 1879: errflag 0.
>> [2010/01/27 11:51:28, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
>> got NTLMSSP command 3, expected 1
>>
>>
>> I have noticed that I'm getting this error in my cache.log:
>>
>> [2010/01/27 11:53:40, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
>> got NTLMSSP command 3, expected 1
>>
>> Please can you tell me what this is and how to correct this ?
>
> Aha. Yes.
> The NTLM/SSPI library built into the NTLM helper is dying when receiving
> that NTLM blob. I've seen that command 3, expected 1 before and think
> its related to NTLMv1/NTLMv2 support.
>
> I'm afraid you may need to rebuild your Squid with a newer ntlmssp
> library. While you are doing that you may as well build a current
> release and get away from some of the NTLM handling bugs we solved in
> 3.0.STABLE19+.
>
> Amos
>
>> Dawie Pretorius
>>
>>
>> -----Original Message-----
>> From: Dawie Pretorius
>> Sent: 21 January 2010 07:28 AM
>> To: 'Amos Jeffries'; squid-users_at_squid-cache.org
>> Subject: RE: [squid-users] Squid TCP_MISS/502
>>
>> Hello Amos
>>
>> We have a windows internal DNS server, I used those DNS servers to resolve my IP's
>>
>> I changed the dns_nameserver to my ISP dns servers, and the problem went away, loaded ads and the complete page.
>>
>> I tried this morning eary before most of the staff came in to replicate the problem, but to no avail.
>>
>> I will try again when the office is busy again. Will send you the logs asap.
>>
>> Regards,
>>
>> Dawie Pretorius wrote:
>>> Hello Amos
>>>
>>> The problem was DNS, my apologies for wasting your time.
>> ? how so?
>>
>>> "Meanwhile can you add debug_options 11,9 to your squid.conf and run a
>>> test please. The resulting cache.log file will have a lot of garbage,
>>> but amongst that some messages about what headers were received back
>>> and what happened in the processing"
>>>
>>> I can still run this for you and send you the output?
>> I think yes. I'm intrigued how that came out of a DNS problem.
>> I'd expect connection or DNs errors to show up.
>>
>> Amos.
>>
>>> Again thanks! :D
>>>
>>> Regards
>>> Dawie
>>>
>>>
>>>
>>>
>>> Dawie Pretorius wrote:
>>>> Hello Amos
>>>>
>>>> Thanks for coming back to me,
>>>>
>>>> I upgraded to squid Beta Squid 3.1.0.15, /var/log/squid/access.log now has this error:
>>>>
>>>> 1263975667.799 92 172.16.9.158 TCP_MISS/302 1361 GET http://googleads.g.doubleclick.net/pagead/ads? Xxxxxxxxxxxxxxx DIRECT/72.14.204.154 text/html
>>> <snip repeats>
>>>
>>> 302 with that content? Thats a not-modified response from the server.
>>>
>>>> Here is the cache.log
>>>>
>>> <snip>
>>>
>>> Not even a hint of problems.
>>>
>>>> Here is the page that I get back from the browser:
>>>>
>>>> ERROR
>>>> The requested URL could not be retrieved
>>>>
>>>> Invalid Response error was encountered while trying to process the request:
>>>>
>>>> GET
>>>> /pagead/ads?client=ca-pub-7266757337600734&format=336x280_as&output=h
>>>> tml&h=280&w=336&lmt=1199983288&channel=5629109116%2B6771450170%2B2275
>>>> 486144&ad_type=text_image&alternate_ad_url=http%3A%2F%2Fwww.mail-arch
>>>> ive.com%2Fblank.png&color_bg=FFFFFF&color_border=FFFFFF&color_link=00
>>>> 6792&color_text=000000&color_url=006792&flash=10.0.32&url=http%3A%2F%
>>>> 2Fwww.mail-archive.com%2Fsquid-users%40squid-cache.org%2Fmsg51945.htm
>>>> l&dt=1263975312151&correlator=1263975312153&frm=0&ga_vid=866186005.12
>>>> 63975312&ga_sid=1263975312&ga_hid=523487483&ga_fc=0&u_tz=120&u_his=1&
>>>> u_java=0&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=32&u_nplug=8&u_nm
>>>> ime=24&biw=1280&bih=862&ref=http%3A%2F%2Fwww.google.co.za%2Furl%3Fsa%
>>>> 3Dt%26source%3Dweb%26ct%3Dres%26cd%3D1%26ved%3D0CAcQFjAA%26url%3Dhttp
>>>> %253A%252F%252Fwww.mail-archive.com%252Fsquid-users%2540squid-cache.o
>>>> rg%252Fmsg51945.html%26rct%3Dj%26q%3DTCP_MISS%252F502%2Bsquid%26ei%3D
>>>> V7tWS7yqK4S9lAeP-dz3Aw%26usg%3DAFQjCNGZUlUd4iFBeTKD1KXThtG3w31cLQ&fu=
>>>> 0&ifi=1&dtd=3
>> 1
>>> &xpc=WgwVHxdvOD&p=http%3A//www.mail-archive.com HTTP/1.1
>>>> Host: googleads.g.doubleclick.net
>>>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
>>>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>>> Accept-Language: en-gb,en;q=0.5
>>>> Accept-Encoding: gzip,deflate
>>>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>>>> Keep-Alive: 300
>>>> Proxy-Connection: keep-alive
>>>> Referer: http://www.mail-archive.com/squid-users@squid-cache.org/msg51945.html
>>>> Cookie: test_cookie=CheckForPermission; id=22ac216e0800009b||t=1263975130|et=730|cs=mr_u8kmr
>>>> Proxy-Authorization: NTLM
>>>> TlRMTVNTUAADAAAAGAAYAIgAAAAYABgAoAAAABAAEABIAAAAHgAeAFgAAAASABIAdgAAA
>>>> AAAAAC4AAAABYKIogUBKAoAAAAPVABCAEEARgBSAEkAQwBBAGQAYQB3AGkAZQAuAHAAcg
>>>> BlAHQAbwByAGkAdQBzAEQAQQBXAEkARQBQAC0ATABUACncpJrZCLgCAAAAAAAAAAAAAAA
>>>> AAAAAAOpZoYZfwwoauJ0u1F2AVKjAm/c35ZRlVw==
>>>>
>>>> The HTTP Response message received from the contacted server could not be understood or was otherwise malformed. Please contact the site operator.
>>>>
>>>> Your cache administrator may be able to provide you with more details about the exact nature of the problem if needed.
>>>>
>>>> Your cache administrator is webmaster.
>>>>
>>>> Generated Wed, 20 Jan 2010 08:19:13 GMT by XXXXXXXXXXXXX
>>>> (squid/3.1.0.15)
>>>>
>>>> Is this something in squid causing this? Or is this something on the network?
>>> > If you are not getting this errors, then this has to be something
>>> on my side?
>>>
>>> I'm not sure at this point.
>>> There is no indication yet what error Squid thinks exists in the reply.
>>>
>>> Comparing the two error pages it looks like 3.0 was barfing on the
>>> Cookie. 3.1 seems to find something else.
>>>
>>> I'm adding some debug to Squid permanently that should help track
>>> these down in future.
>>>
>>> Meanwhile can you add debug_options 11,9 to your squid.conf and run a
>>> test please. The resulting cache.log file will have a lot of garbage,
>>> but amongst that some messages about what headers were received back
>>> and what happened in the processing.
>>>
>>> Amos
>>
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
>> Current Beta Squid 3.1.0.15
>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
   Current Beta Squid 3.1.0.15