Outlook Anywhere & RDS gateway squid proxy reverse https - TAG_NONE_ABORTED/000



  • Hello.
    I'm trying to publish Outlook Anywhere and RDS gateway through proxy Squid reverse. I have apparently correct. The majority web sites https me work correctly. However, Outlook Anywhere and RDS gateway, both using RPC over HTTPS, do not work me. I appear in the register of squid:

    TAG_NONE_ABORTED / 000 https://owa.dominio.com/rpc/rpcproxy.dll?

    The message appears to me the RDS gateway is the same but changing URL's.

    I suspect the problem comes because I had to activate the "Ignore Internal Certificate Validation" option, because if I turn, I do not load any pages published in https server. The message I get in the browser when this option is unmarked:

    (92) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
    Certficate SSL error: certificate issuer (CA) not known: /DC=com/DC=dominio/CN=cert.dominio.com

    PFsense 2.2.5
    Squid3 package: 0.4.6

    I would appreciate any ideas anyone might suggest.
    Thank you.
    Regards.



  • Hi.

    I had a similar problem with Outlook Anywhere (RPC) and Proxy Antivirus.

    If you use ClamAV with Squid try disabling it.

    If that helps, add these 2 lines to
    Squid Advanced features - Custom ACLS (Before Auth):

    
    adaptation_access service_avi_req deny OWA_URI_pfs
    adaptation_access service_avi_resp deny OWA_URI_pfs
    
    

    These tell Squid to not scan the Outlook Reverse Proxy URLs with Antivirus!


    Regards
    Dennis



  • @dneuhaeuser:

    These tell Squid to not scan the Outlook Reverse Proxy URLs with Antivirus!

    I know it's an ancient topic but I just wanted to say I love you and confirm that your solution does indeed work. At last I got Outlook Anywhere working with pfSense+Squid!

    Without this, Microsoft's https://testconnectivity.microsoft.com/ was failing with "An RPC error was thrown by the RPC Runtime process. Error 1818 CallCancelled". The rpcping tool failed with "Exception 1722 (0x000006BA)". (I am adding this hoping that this topic will now appear when googling for these specific errors).

    Anyway, I fine-tuned the lines a little so only RPC is excluded from antivirus while still having it filtering all other Exchange related URLs:

    
    acl my_OWA_RPC url_regex -i ^https://my.domain.com/rpc.*$
    adaptation_access service_avi_req deny my_OWA_RPC
    adaptation_access service_avi_resp deny my_OWA_RPC
    
    


  • If you change pFSense / Services / Squid Proxy Server / GEneral tab Then check the SSL Man In The Middle Filtering area and change the SSL/MITM Mode from Splice WhiteList, Bumb OtherWise to the Splice ALL

    the problem can be solve with a this shape.

    OR

    With a default value of the SSL/MITM Mode with Splice WhiteList, Bumb OtherWise you can goto ACLs atb and add desıred web site url to the WhiteList area ie: online.kktcmaliye.com



  • @jok:

    I'm trying to publish Outlook Anywhere and RDS gateway through proxy Squid reverse.

    @myselfo:

    Anyway, I fine-tuned the lines a little so only RPC is excluded from antivirus while still having it filtering all other Exchange related URLs:

    
    acl my_OWA_RPC url_regex -i ^https://my.domain.com/rpc.*$
    adaptation_access service_avi_req deny my_OWA_RPC
    adaptation_access service_avi_resp deny my_OWA_RPC
    
    

    Hi guys,

    I understand that Outlook Anywhere works great with squid reverse after these changes (I got it working too, using a different solution).

    But any luck with RDS?
    Did any of you manage to get Remote Desktop Services (RDweb, RD gateway, RemoteApps, etc.) to work with Squid Reverse Proxy?

    Last time I tried it wasn't possible at all. The explanation I found it's quite reasonable: since the RDS traffic is not pure HTTP/HTTPS, it's also RDP encapsulated, it can't be easily managed by a proxy that is not aware of this.

    But maybe things have changed. Any idea on this?

    Thank you!


Log in to reply