Re: [squid-users] Exchange 2010 and 502 Bad Gateway from Bill Houle on 2013-08-30 (squid-users)

From: Bill Houle <bill.houle_at_gmail.com>
Date: Thu, 29 Aug 2013 23:10:50 -0700

On 8/23/2013 2:33 AM, Amos Jeffries wrote:
> On 23/08/2013 8:18 p.m., Bill Houle wrote:
>> For the next in my continuing Exchange saga, let's talk 502 errors.
>> I've got a couple different instances.
>>
>> 1) ActiveSync sends periodic 'Ping' requests to implement its "server
>> push" feature.
>
> potential problem #1: what type of keep-alive request? the old
> HTTP/1.0 "Keep-Alive:" header is deprecated, not supported by Squid
> and does not actually work most places anyway.

Requests are HTTP 1.1 style.

>> It uses a back-off algorithm to eventually settle on a timing value
>> that it knows the network can support:
>
> potential problem #2: are they using HTTP/1.1 1xx status codes from
> the server as this sync ping or HTTP/1.0 simple request/reply pairs?

Keeping in mind that this is Microsoft after all, no, it looks like they
do not do much handling of the status codes. Either a 200 OK is received
and it keeps listening, or all others trigger a sync and a timing
adjustment.

> Squid older than 3.2 do not support the 1xx status response. So is
> there any HTTP/1.0 software along the network path? (including Squid
> up to version 3.1).

Not in this case, but to your point, this is not a guarantee for all cases.

> This is where we come back to the whole design of this being a
> terrible way to operate.

Oh well.

But enough about ActiveSync...

>> 2) Next problem is OWA (WebMail). OWA is designed to mimic Outlook,
>> so if Outlook can support 10Meg attachments, so can OWA. A user tries
>> to send a large attachment...

When I raised this issue, it was basically a repeat of a similar
question posted on this list last year:

http://www.squid-cache.org/mail-archive/squid-users/201209/0272.html

The answer at the time was the expected "Squid doesn't care about size".
And it doesn't. But there was never an actual resolution from the
standpoint of making Exchange work properly. In case anyone else is
interested in the solution, I have to thank kiphat_at_singleuser. He broke
out wireshark and discovered that SSL 2.0 key negotiation was breaking
the connection.

http://singleuser.blogspot.com/2013/05/exchange-owaoutlook-anywhere-proxy-with.html?m=1

When SSL 3.0 was forced on the Squid cache_peer, all was right with the
world. We made the same change and now appear to be in a similar state
of nirvana.

--bill
Received on Fri Aug 30 2013 - 06:11:00 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 30 2013 - 12:00:16 MDT