On 4/07/2013 3:41 a.m., Stan2k wrote:
> Thank you for you reply
>
> I think the security is set now :
>
> "acl RDS dstdomain .domain.com
>
> cache_peer_access gateway allow RDS
> cache_peer_access gateway deny all
>
> http_access allow RDS
> http_access deny all
> miss_access allow RDS
> miss_access deny all"
>
> I have no logs in IIS but in cache.log i can see this :
Hmm. Would that be IIS 6.0 ? IIRC there were a few weird issues with that.
> RDG_OUT_DATA /remoteDesktopGateway/ HTTP/1.1
> Pragma: no-cache
> Accept: */*
> User-Agent: MS-RDGateway/1.0
> RDG-Connection-Id: {74E283C3-FFEC-45E9-A485-FFD941CC1DE7}
> Host: Public_domain_name
> Authorization: NTLM
> TlRMTVNTUAADAAAAGAAYAJYAAABoAWgBrgAAABYAFgBYAAAADgAOAG4AAAAaABoAfAAAAAAAAAAWAgAABYKIogYBsR0AAAAPwb+afd8EjjkbUjKFZt1HiHEAZgB0AHIAaQBhAGwAcwAuAHEAaABjAGwAaQBlAG4AdAAxAFAAQQBSAFEASAAtAE0AQQBMAFYAQQBVAFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8boekSNjA11IMiTqE2UKQEBAAAAAAAA+PYljf53zgHyinHwgL5B9QAAAAACABAAUQBGAFQAUgBJAEEATABTAAEAGABMAE8ATgBUAEgARAAtAEQAQwAtAFEARgAEABYAcQBmAHQAcgBpAGEAbABzAC4AcQBoAAMAMABsAG8AbgB0AGgAZAAtAGQAYwAtAHEAZgAuAHEAZgB0AHIAaQBhAGwAcwAuAHEAaAAFABYAcQBmAHQAcgBpAGEAbABzAC4AcQBoAAcACAD49iWN/nfOAQYABAACAAAACAAwADAAAAAAAAAAAAAAAAAwAAAZbtT5dfEX7qWMO07vsbzKCOkNs/WGhVyexvYLnTmElgoAEAAnBjFQKXCQj40wiZPB6Vp1CQA4AEgAVABUAFAALwBxAGYAdAByAGkAYQBsAHMALgBxAHUAYQBuAHQAaABvAHUAcwBlAC4AYwBvAG0AAAAAAAAAAAAAAAAA
> Via: 1.1 lonthd-rprx01 (squid/3.3.5-20130620-r12578)
> Surrogate-Capability: lonthd-rprx01="Surrogate/1.0"
> X-Forwarded-For: Public_IP_Address
> Cache-Control: no-cache
> Connection: keep-alive
> Front-End-Https: On
That looks suspiciously like a Kerberos token sent as "NTLM". Although
it may just be an artifact of how the NTLMv2 security hash is formatted.
Other than that the above looks like a valid request.
> ----------
> 2013/07/03 16:04:07.209| http.cc(1172) readReply:
> local=Reverse_Proxy_Local_IP:59707 remote=Parent_Server_Local_IP:443 FD 10
> flags=1: read failure: (104) Connection reset by peer.
> 2013/07/03 16:04:07.210| forward.cc(609) serverClosed: FD -1
> https://Public_domain_name/remoteDesktopGateway/
> 2013/07/03 16:04:07.210| errorpage.cc(1281) BuildContent: No existing error
> page language negotiated for ERR_READ_ERROR. Using default error file.
> 2013/07/03 16:04:07.210| store.cc(994) checkCachable:
> StoreEntry::checkCachable: NO: not cachable
> 2013/07/03 16:04:07.210| client_side_reply.cc(1974)
> processReplyAccessResult: The reply for RDG_OUT_DATA
> https://Public_domain_name/remoteDesktopGateway/ is ALLOWED, because it
> matched 'RDS'
> 2013/07/03 16:04:07.210| client_side.cc(1377) sendStartOfMessage: HTTP
> Client local=Reverse_Proxy_Local_IP:443 remote=Public_IP_Address:57042 FD 9
> flags=1
> 2013/07/03 16:04:07.210| client_side.cc(1378) sendStartOfMessage: HTTP
> Client REPLY:
> ---------
> HTTP/1.1 502 Bad Gateway
> Server: squid/3.3.5-20130620-r12578
> Mime-Version: 1.0
> Date: Wed, 03 Jul 2013 15:04:07 GMT
> Content-Type: text/html
> Content-Length: 4218
> X-Squid-Error: ERR_READ_ERROR 104
> Vary: Accept-Language
> Content-Language: en
> X-Cache: MISS from lonthd-rprx01
> Via: 1.1 Squid_local_name (squid/3.3.5-20130620-r12578)
> Connection: close
>
> I can see the (104) error connection reset by peer and the 502 error code
> bad gateway.
Okay so it is the server disconnecting before delivering a response.
That sort of hints at one of three things:
* broken server scripts crashing
* overloaded server trying to protect itself by dropping connections
* network congestion controls trying to recover (some firewall moving
into "SYN flood" handling and issuing TCP RESET packets to Squid)
> I launched a wireshark on the rds gateway and i can see there is an ssl
> negotiation when i try to connect. The fact that IIS don't show any logs
> make me think there is no autentication error. maybe a network issue?
Amos
Received on Thu Jul 04 2013 - 00:39:04 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 04 2013 - 12:00:06 MDT