[squid-users] Reverse proxy for Lync from FILHOL Laurent on 2012-08-29 (squid-users)

From: FILHOL Laurent <L.FILHOL_at_seiitra.com>
Date: Wed, 29 Aug 2012 09:53:28 +0000

Hello all,
Is there someone here who succeed in setting up squid as reverse proxy for MS lync?

I'm trying but I'm locked on an issue:
Squid seems to block the personnal digital cert the lync server is sending to the remote Client.
I mean, when the Client have got this personnal cert ( because, the client was already connecting on our internal network and retrieved the digital cert) urls are accessed , all was fine. But when the client haven't the digital cert It can't get it and failed to access the URLs :
I' haven't errors on logs only these 401 return from lync server:
-----------------------------------------------------------
125 90.80.x.x TCP_MISS/200 32633 POST https://lync.toto.com/CertProv/CertProvisioningService.svc/mex - FIRST_UP_PARENT/LyncServer application/soap+xml
     3 90.80.x.x TCP_MISS/401 7607 POST https://lync.toto.com/WebTicket/WebTicketService.svc/mex - FIRST_UP_PARENT/LyncServer text/html
      3 90.80.x.x TCP_MISS/401 5809 POST https://lync.toto.com/CertProv/CertProvisioningService.svc - FIRST_UP_PARENT/LyncServer text/html
      3 90.80.x.x TCP_MISS/401 7607 POST https://lync.toto.com/WebTicket/WebTicketService.svc/mex - FIRST_UP_PARENT/LyncServer text/html
      3 90.80.x.x TCP_MISS/401 5809 POST https://lync.toto.com/CertProv/CertProvisioningService.svc - FIRST_UP_PARENT/LyncServer text/html
      7 90.80.x.x TCP_MISS/401 7604 POST https://lync.toto.com/groupexpansion/service.svc/mex - FIRST_UP_PARENT/LyncServer text/html
      3 90.80.x.x TCP_MISS/401 7604 POST https://lync.toto.com/groupexpansion/service.svc/mex - FIRST_UP_PARENT/LyncServer text/html
      3 90.80.x.x TCP_MISS/401 7604 POST https://lync.toto.com/groupexpansion/service.svc/mex - FIRST_UP_PARENT/LyncServer text/html
   2040 90.80.x.x TCP_MISS/200 21261 POST https://lync.toto.com/RgsClients/AgentService.svc/mex - FIRST_UP_PARENT/LyncServer application/soap+xml
-------------------------------------------------------------

Here is pair of my squid.conf
----------------------------------------------------------
debug_options ALL,1
https_port 10.X.X.X:443 cert=/home/rproxy/certs/certlync.pem key=/home/rproxy/certs/lync.key cafile=/home/rproxy/certs/thawteca.pem vhost
ignore_expect_100 on
cache_peer lync parent 4443 0 no-query originserver login=PASS connection-auth=off ssl sslflags=DONT_VERIFY_PEER front-end-https=auto name=LyncServer
acl LyncAcl dstdomain lync xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
cache_peer_access LyncServer allow LyncAcl
----------------------------------------------------------

I'm suspecting a issue on authentication, but again I'have no proof , no error in logs.
If you have an idea on which direction to look , to get more vervbose logs, or better :), the solution with the right squid.conf..
Thanks,
Laurent

Received on Wed Aug 29 2012 - 09:55:15 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 29 2012 - 12:00:08 MDT