> > I've already got OWA working and would now like to get RPC 
> over https
> > connections working.  My /etc/pound/pound.cfg file has xHTTP= it but
> > I'm seeing the error messages below in the log file:
> [snip]
> 
> Does anyone have this working yet?  If not them I'm willing to
> troubleshoot to find out what is missing.

Robert, is RPC over HTTPS forwarding to an Exchange 2003 server known to
not work?  I have a packet trace of a connection that worked over a port
forwarded session vs. a packet trace of what transpired when Pound was
involved.

--
Michael St. Laurent
Hartwell Corporation
 

I personnaly used Squid to achieve OWA and RPCoHTTP publication over SSL
since it didn't work with pound
Worked perfectly.

-----Message d'origine-----
De : Michael St. Laurent [mailto:mikes(at)hartwellcorp.com] 
Envoyé : lundi 2 juin 2008 19:39
À : pound(at)apsis.ch
Cc : roseg(at)apsis.ch
Objet : FW: [Pound Mailing List] RPC over https configuration

> > I've already got OWA working and would now like to get RPC 
> over https
> > connections working.  My /etc/pound/pound.cfg file has xHTTP=t but
> > I'm seeing the error messages below in the log file:
> [snip]
> 
> Does anyone have this working yet?  If not them I'm willing to
> troubleshoot to find out what is missing.

Robert, is RPC over HTTPS forwarding to an Exchange 2003 server known to
not work?  I have a packet trace of a connection that worked over a port
forwarded session vs. a packet trace of what transpired when Pound was
involved.

--
Michael St. Laurent
Hartwell Corporation
 

--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.

I'm concerned with the potential for security issues in that scenario as I
don't think Squid is meant to be used as an inbound proxy.

--
Michael St. Laurent
Hartwell Corporation
 

> -----Original Message-----
> From: Jean-Benoit PAUX [mailto:jeanb(at)jeanb-net.com] 
> Sent: Monday, June 02, 2008 11:22 AM
> To: pound(at)apsis.ch
> Cc: roseg(at)apsis.ch
> Subject: RE: [Pound Mailing List] RPC over https configuration
> 
> I personnaly used Squid to achieve OWA and RPCoHTTP 
> publication over SSL
> since it didn't work with pound
> Worked perfectly.
> 
> -----Message d'origine-----
> De : Michael St. Laurent [mailto:mikes(at)hartwellcorp.com] 
> Envoyé : lundi 2 juin 2008 19:39
> À : pound(at)apsis.ch
> Cc : roseg(at)apsis.ch
> Objet : FW: [Pound Mailing List] RPC over https configuration
> 
> > > I've already got OWA working and would now like to get RPC 
> > over https
> > > connections working.  My /etc/pound/pound.cfg file has xHTTP=but
> > > I'm seeing the error messages below in the log file:
> > [snip]
> > 
> > Does anyone have this working yet?  If not them I'm willing to
> > troubleshoot to find out what is missing.
> 
> Robert, is RPC over HTTPS forwarding to an Exchange 2003 
> server known to
> not work?  I have a packet trace of a connection that worked 
> over a port
> forwarded session vs. a packet trace of what transpired when Pound was
> involved.
> 
> --
> Michael St. Laurent
> Hartwell Corporation
>  
> 
> --
> To unsubscribe send an email with subject unsubscribe to 
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> 
> 
> --
> To unsubscribe send an email with subject unsubscribe to 
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> 

Yes, Squid is focused on 3 types of proxy : standard proxy, transparent
proxy and reverse proxy (accelerated mode as they explain).

I'd like to know too, if devs can share, how pound manage security and how
different (if they know) it is handled by squid.

-----Message d'origine-----
De : Michael St. Laurent [mailto:mikes(at)hartwellcorp.com] 
Envoyé : lundi 2 juin 2008 20:56
À : pound(at)apsis.ch
Objet : RE: [Pound Mailing List] RPC over https configuration

I'm concerned with the potential for security issues in that scenario as I
don't think Squid is meant to be used as an inbound proxy.

--
Michael St. Laurent
Hartwell Corporation
 

> -----Original Message-----
> From: Jean-Benoit PAUX [mailto:jeanb(at)jeanb-net.com] 
> Sent: Monday, June 02, 2008 11:22 AM
> To: pound(at)apsis.ch
> Cc: roseg(at)apsis.ch
> Subject: RE: [Pound Mailing List] RPC over https configuration
> 
> I personnaly used Squid to achieve OWA and RPCoHTTP 
> publication over SSL
> since it didn't work with pound
> Worked perfectly.
> 
> -----Message d'origine-----
> De : Michael St. Laurent [mailto:mikes(at)hartwellcorp.com] 
> Envoyé : lundi 2 juin 2008 19:39
> À : pound(at)apsis.ch
> Cc : roseg(at)apsis.ch
> Objet : FW: [Pound Mailing List] RPC over https configuration
> 
> > > I've already got OWA working and would now like to get RPC 
> > over https
> > > connections working.  My /etc/pound/pound.cfg file has xHTTP=t
> > > I'm seeing the error messages below in the log file:
> > [snip]
> > 
> > Does anyone have this working yet?  If not them I'm willing to
> > troubleshoot to find out what is missing.
> 
> Robert, is RPC over HTTPS forwarding to an Exchange 2003 
> server known to
> not work?  I have a packet trace of a connection that worked 
> over a port
> forwarded session vs. a packet trace of what transpired when Pound was
> involved.
> 
> --
> Michael St. Laurent
> Hartwell Corporation
>  
> 
> --
> To unsubscribe send an email with subject unsubscribe to 
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> 
> 
> --
> To unsubscribe send an email with subject unsubscribe to 
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> 

--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.

Squid as an accelerator has been used for ages without any security concerns.



On 6/2/08, Michael St. Laurent <mikes(at)hartwellcorp.com> wrote:
> I'm concerned with the potential for security issues in that scenario as I
> don't think Squid is meant to be used as an inbound proxy.
>
> --
> Michael St. Laurent
> Hartwell Corporation
>
>
>> -----Original Message-----
>> From: Jean-Benoit PAUX [mailto:jeanb(at)jeanb-net.com]
>> Sent: Monday, June 02, 2008 11:22 AM
>> To: pound(at)apsis.ch
>> Cc: roseg(at)apsis.ch
>> Subject: RE: [Pound Mailing List] RPC over https configuration
>>
>> I personnaly used Squid to achieve OWA and RPCoHTTP
>> publication over SSL
>> since it didn't work with pound
>> Worked perfectly.
>>
>> -----Message d'origine-----
>> De : Michael St. Laurent [mailto:mikes(at)hartwellcorp.com]
>> Envoyé : lundi 2 juin 2008 19:39
>> À : pound(at)apsis.ch
>> Cc : roseg(at)apsis.ch
>> Objet : FW: [Pound Mailing List] RPC over https configuration
>>
>> > > I've already got OWA working and would now like to get RPC
>> > over https
>> > > connections working.  My /etc/pound/pound.cfg file has xHTTPbut
>> > > I'm seeing the error messages below in the log file:
>> > [snip]
>> >
>> > Does anyone have this working yet?  If not them I'm willing to
>> > troubleshoot to find out what is missing.
>>
>> Robert, is RPC over HTTPS forwarding to an Exchange 2003
>> server known to
>> not work?  I have a packet trace of a connection that worked
>> over a port
>> forwarded session vs. a packet trace of what transpired when Pound was
>> involved.
>>
>> --
>> Michael St. Laurent
>> Hartwell Corporation
>>
>>
>> --
>> To unsubscribe send an email with subject unsubscribe to
>> pound(at)apsis.ch.
>> Please contact roseg(at)apsis.ch for questions.
>>
>>
>> --
>> To unsubscribe send an email with subject unsubscribe to
>> pound(at)apsis.ch.
>> Please contact roseg(at)apsis.ch for questions.
>>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>

-- 
Sent from Google Mail for mobile | mobile.google.com

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

"Oh My God! They killed init! You Bastards!"
                        --from a /. post

Well, if there is no interest in getting Pound to work with it then I'll look
at Squid.  I'd still prefer to use Pound, however.  ;)

> -----Original Message-----
> From: Odhiambo Washington [mailto:odhiambo(at)gmail.com] 
> Sent: Monday, June 02, 2008 1:03 PM
> To: pound(at)apsis.ch
> Subject: Re: [Pound Mailing List] RPC over https configuration
> 
> Squid as an accelerator has been used for ages without any 
> security concerns.
> 
> 
> 
> On 6/2/08, Michael St. Laurent <mikes(at)hartwellcorp.com> wrote:
> > I'm concerned with the potential for security issues in 
> that scenario as I
> > don't think Squid is meant to be used as an inbound proxy.
> >
> > --
> > Michael St. Laurent
> > Hartwell Corporation
> >
> >
> >> -----Original Message-----
> >> From: Jean-Benoit PAUX [mailto:jeanb(at)jeanb-net.com]
> >> Sent: Monday, June 02, 2008 11:22 AM
> >> To: pound(at)apsis.ch
> >> Cc: roseg(at)apsis.ch
> >> Subject: RE: [Pound Mailing List] RPC over https configuration
> >>
> >> I personnaly used Squid to achieve OWA and RPCoHTTP
> >> publication over SSL
> >> since it didn't work with pound
> >> Worked perfectly.
> >>
> >> -----Message d'origine-----
> >> De : Michael St. Laurent [mailto:mikes(at)hartwellcorp.com]
> >> Envoyé : lundi 2 juin 2008 19:39
> >> À : pound(at)apsis.ch
> >> Cc : roseg(at)apsis.ch
> >> Objet : FW: [Pound Mailing List] RPC over https configuration
> >>
> >> > > I've already got OWA working and would now like to get RPC
> >> > over https
> >> > > connections working.  My /etc/pound/pound.cfg file has xHTTPbut
> >> > > I'm seeing the error messages below in the log file:
> >> > [snip]
> >> >
> >> > Does anyone have this working yet?  If not them I'm willing to
> >> > troubleshoot to find out what is missing.
> >>
> >> Robert, is RPC over HTTPS forwarding to an Exchange 2003
> >> server known to
> >> not work?  I have a packet trace of a connection that worked
> >> over a port
> >> forwarded session vs. a packet trace of what transpired 
> when Pound was
> >> involved.
> >>
> >> --
> >> Michael St. Laurent
> >> Hartwell Corporation
> >>
> >>
> >> --
> >> To unsubscribe send an email with subject unsubscribe to
> >> pound(at)apsis.ch.
> >> Please contact roseg(at)apsis.ch for questions.
> >>
> >>
> >> --
> >> To unsubscribe send an email with subject unsubscribe to
> >> pound(at)apsis.ch.
> >> Please contact roseg(at)apsis.ch for questions.
> >>
> >
> > --
> > To unsubscribe send an email with subject unsubscribe to 
> pound(at)apsis.ch.
> > Please contact roseg(at)apsis.ch for questions.
> >
> 
> -- 
> Sent from Google Mail for mobile | mobile.google.com
> 
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> 
> "Oh My God! They killed init! You Bastards!"
>                         --from a /. post
> 
> --
> To unsubscribe send an email with subject unsubscribe to 
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> 

On Mon, 2008-06-02 at 10:39 -0700, Michael St. Laurent wrote:
> > > I've already got OWA working and would now like to get RPC 
> > over https
> > > connections working.  My /etc/pound/pound.cfg file has xHTTP= it but
> > > I'm seeing the error messages below in the log file:
> > [snip]
> > 
> > Does anyone have this working yet?  If not them I'm willing to
> > troubleshoot to find out what is missing.
> 
> Robert, is RPC over HTTPS forwarding to an Exchange 2003 server known to
> not work?  I have a packet trace of a connection that worked over a port
> forwarded session vs. a packet trace of what transpired when Pound was
> involved.

No, it is not known to not work. Unfortunately it is not known to work
either.

I would like to get this working if it doesn't, but I'll need your help:

1. "Does not work" is a bit vague, some more detail would be good: what
do you see in the client, what do you see in the Pound log, what is
shown in the Exchange log?

2. At least the relevant details of the config file.

3. Does it work over plain HTTP (rather than HTTPS)? Exchange is known
to try some strange authentication modes, so that could make a
difference.

4. Can you sniff the data stream? At best I would like to see a dump of
a direct connection (ideally, if you have tried it with Squid, similar
dumps of the client -> Squid and Squid -> Exchange would be even
better), as opposed to client -> Pound and Pound -> Exchange streams.

It would be very helpful if you could provide this - at least we would
have something to start looking into.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904

> No, it is not known to not work. Unfortunately it is not known to work
> either.
> 
> I would like to get this working if it doesn't, but I'll need 
> your help:

Excellent!  <rubs hands together>

> 1. "Does not work" is a bit vague, some more detail would be 
> good: what
> do you see in the client, what do you see in the Pound log, what is
> shown in the Exchange log?

The client prompts for the login credentials, tries to connect for about
20 seconds then displays a message saying "Outlook cannot log on.  Check
the server name... <blah blah blah>"

The pound log:

Jun  3 10:05:48 hcfw1 pound: 216.237.48.26 RPC_OUT_DATA
/rpc/rpcproxy.dll?owa.hartwellcorp.com:6002 HTTP/1.1 - HTTP/1.0 503 RPC
Error: 6ba (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec
Jun  3 10:05:48 hcfw1 pound: (b7debb90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6002
HTTP/1.1: Success (0.011 sec)
Jun  3 10:05:48 hcfw1 pound: 216.237.48.26 RPC_OUT_DATA
/rpc/rpcproxy.dll?hcdc.hartwellcorp.com:6004 HTTP/1.1 - HTTP/1.0 503 RPC
Error: 6ba (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec
Jun  3 10:05:48 hcfw1 pound: (b7debb90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?hcdc.hartwellcorp.com:6004
HTTP/1.1: Success (0.011 sec)
Jun  3 10:06:09 hcfw1 pound: 216.237.48.26 RPC_OUT_DATA
/rpc/rpcproxy.dll?owa.hartwellcorp.com:6004 HTTP/1.1 - HTTP/1.0 503 RPC
Error: 6ba (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec
Jun  3 10:06:09 hcfw1 pound: (b7debb90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6004
HTTP/1.1: Success (0.011 sec)

The IIS Log file (c:\windows\system32\logfiles\w3svc1\):

2008-06-03 17:05:48 W3SVC1 10.11.10.14 RPC_OUT_DATA /rpc/rpcproxy.dll
owa.hartwellcorp.com:6002 80 adanl(at)hartwellcorp.com 10.127.1.1 MSRPC 200
0 0
2008-06-03 17:05:48 W3SVC1 10.11.10.14 RPC_OUT_DATA /rpc/rpcproxy.dll
hcdc.hartwellcorp.com:6004 80 adanl(at)hartwellcorp.com 10.127.1.1 MSRPC
200 0 0
2008-06-03 17:06:09 W3SVC1 10.11.10.14 RPC_OUT_DATA /rpc/rpcproxy.dll
owa.hartwellcorp.com:6004 80 adanl(at)hartwellcorp.com 10.127.1.1 MSRPC 200
0 0

> 2. At least the relevant details of the config file.

#
# pound configuration file for version 2.4.2
#

User "nobody"
Group "nobody"
RootJail "/usr/share/pound"
LogLevel 2

ListenHTTP
    Address 216.237.48.18
    Port 80
    Service "sslredir"
        HeadRequire "Host: owa.hartwellcorp.com.*"
        Redirect "https://owa.hartwellcorp.com/exchange"
    End
End

ListenHTTPS
    Address 216.237.48.18
    AddHeader "Front-End-Https: on"
    Port    443
    Cert    "/etc/pki/tls/certs/pound-new.pem"
    Ciphers
"ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
    # Allow WebDAV and MS extensions
    xHTTP   4
    Service "exchange"
        URL "^/exchange|^/exchweb"
        HeadRequire "Host: owa.hartwellcorp.com.*"
        BackEnd
            Address 10.11.10.14
            Port    80
        End
    End
    Service "rpc"
        URL "^/rpc"
        HeadRequire "Host: owa.hartwellcorp.com.*"
        BackEnd
            Address 10.11.10.14
            Port    80
            TimeOut 300
        End
    End
    Service "exchangeredir"
        HeadRequire "Host: owa.hartwellcorp.com.*"
        Redirect "https://owa.hartwellcorp.com/exchange"
    End
End

> 3. Does it work over plain HTTP (rather than HTTPS)? Exchange is known
> to try some strange authentication modes, so that could make a
> difference.

No, that doesn't work either.  I changed the config file:

ListenHTTP
    Address 216.237.48.18
    Port 80
#    Service "sslredir"
#        HeadRequire "Host: owa.hartwellcorp.com.*"
#        Redirect "https://owa.hartwellcorp.com/exchange"
#    End
    Service "rpc"
        URL "^/rpc"
        HeadRequire "Host: owa.hartwellcorp.com.*"
        BackEnd
            Address 10.11.10.14
            Port    80
            TimeOut 300
        End
    End
End

The Pound log file contains this:

Jun  3 10:23:38 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_IN_DATA
/rpc/rpcpr
oxy.dll?owa.hartwellcorp.com:6002 HTTP/1.1" from 216.237.48.28
Jun  3 10:23:38 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_OUT_DATA
/rpc/rpcp
roxy.dll?owa.hartwellcorp.com:6002 HTTP/1.1" from 216.237.48.28
Jun  3 10:23:38 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_IN_DATA
/rpc/rpcpr
oxy.dll?hcdc.hartwellcorp.com:6004 HTTP/1.1" from 216.237.48.28
Jun  3 10:23:38 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_OUT_DATA
/rpc/rpcp
roxy.dll?hcdc.hartwellcorp.com:6004 HTTP/1.1" from 216.237.48.28
Jun  3 10:24:00 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_IN_DATA
/rpc/rpcpr
oxy.dll?owa.hartwellcorp.com:6004 HTTP/1.1" from 216.237.48.28
Jun  3 10:24:00 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_OUT_DATA
/rpc/rpcp
roxy.dll?owa.hartwellcorp.com:6004 HTTP/1.1" from 216.237.48.28

> 4. Can you sniff the data stream? At best I would like to see 
> a dump of
> a direct connection (ideally, if you have tried it with Squid, similar
> dumps of the client -> Squid and Squid -> Exchange would be even
> better), as opposed to client -> Pound and Pound -> Exchange streams.

I have packet sniffs but they're large and it's probably not a good idea
to send them to the list.  You can download them from the FTP site
below:

Server: ftp.hartwellcorp.com
Login: pound
Password: pound

The file names should indicate which trace is for what.

> It would be very helpful if you could provide this - at least we would
> have something to start looking into.

Sure.  Let me know if you need anything else.  ;)

Michael St. Laurent wrote:
>> No, it is not known to not work. Unfortunately it is not known to work
>> either.
>>
>> I would like to get this working if it doesn't, but I'll need 
>> your help:
>>     
>
> Excellent!  <rubs hands together>
>
>   
>> 1. "Does not work" is a bit vague, some more detail would be 
>> good: what
>> do you see in the client, what do you see in the Pound log, what is
>> shown in the Exchange log?
>>     
>
> The client prompts for the login credentials, tries to connect for about
> 20 seconds then displays a message saying "Outlook cannot log on.  Check
> the server name... <blah blah blah>"
>
> The pound log:
>
> Jun  3 10:05:48 hcfw1 pound: 216.237.48.26 RPC_OUT_DATA
> /rpc/rpcproxy.dll?owa.hartwellcorp.com:6002 HTTP/1.1 - HTTP/1.0 503 RPC
> Error: 6ba (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec
> Jun  3 10:05:48 hcfw1 pound: (b7debb90) e500 error copy client cont to
> 10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6002
> HTTP/1.1: Success (0.011 sec)
> Jun  3 10:05:48 hcfw1 pound: 216.237.48.26 RPC_OUT_DATA
> /rpc/rpcproxy.dll?hcdc.hartwellcorp.com:6004 HTTP/1.1 - HTTP/1.0 503 RPC
> Error: 6ba (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec
> Jun  3 10:05:48 hcfw1 pound: (b7debb90) e500 error copy client cont to
> 10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?hcdc.hartwellcorp.com:6004
> HTTP/1.1: Success (0.011 sec)
> Jun  3 10:06:09 hcfw1 pound: 216.237.48.26 RPC_OUT_DATA
> /rpc/rpcproxy.dll?owa.hartwellcorp.com:6004 HTTP/1.1 - HTTP/1.0 503 RPC
> Error: 6ba (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec
> Jun  3 10:06:09 hcfw1 pound: (b7debb90) e500 error copy client cont to
> 10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6004
> HTTP/1.1: Success (0.011 sec)
>
>   
I looked into this when I first started using pound.  This is a rather 
simplified explanation of what I discovered (and could be completely 
wrong - I don't know enough about RPC or HTTP).  When Outlook sends the 
first HTTP request it specifies a content-length of 1GB.  I think this 
is so the request stays open and RPC commands get sent via this 
"tunnel".  Pound (being the good proxy that it is) sits and waits for 
the 1GB of data to arrive and does not pass the request to the BE until 
it does.  Pound eventually times out waiting for the promised 1GB of 
data and gives up.

Here's Microsoft's details of the protocol:
http://technet.microsoft.com/en-us/library/aa995784(EXCHG.65).aspx
http://technet.microsoft.com/en-us/library/aa996706(EXCHG.65).aspx

On Tue, 2008-06-03 at 10:35 -0700, Michael St. Laurent wrote:
> > 3. Does it work over plain HTTP (rather than HTTPS)? Exchange is known
> > to try some strange authentication modes, so that could make a
> > difference.
> 
> No, that doesn't work either.  I changed the config file:
> 
> ListenHTTP
>     Address 216.237.48.18
>     Port 80
> #    Service "sslredir"
> #        HeadRequire "Host: owa.hartwellcorp.com.*"
> #        Redirect "https://owa.hartwellcorp.com/exchange"
> #    End
>     Service "rpc"
>         URL "^/rpc"
>         HeadRequire "Host: owa.hartwellcorp.com.*"
>         BackEnd
>             Address 10.11.10.14
>             Port    80
>             TimeOut 300
>         End
>     End
> End
> 
> The Pound log file contains this:
> 
> Jun  3 10:23:38 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_IN_DATA
> /rpc/rpcpr
> oxy.dll?owa.hartwellcorp.com:6002 HTTP/1.1" from 216.237.48.28
> Jun  3 10:23:38 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_OUT_DATA
> /rpc/rpcp
> roxy.dll?owa.hartwellcorp.com:6002 HTTP/1.1" from 216.237.48.28
> Jun  3 10:23:38 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_IN_DATA
> /rpc/rpcpr
> oxy.dll?hcdc.hartwellcorp.com:6004 HTTP/1.1" from 216.237.48.28
> Jun  3 10:23:38 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_OUT_DATA
> /rpc/rpcp
> roxy.dll?hcdc.hartwellcorp.com:6004 HTTP/1.1" from 216.237.48.28
> Jun  3 10:24:00 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_IN_DATA
> /rpc/rpcpr
> oxy.dll?owa.hartwellcorp.com:6004 HTTP/1.1" from 216.237.48.28
> Jun  3 10:24:00 hcfw1 pound: (b7ebdb90) e501 bad request "RPC_OUT_DATA
> /rpc/rpcp
> roxy.dll?owa.hartwellcorp.com:6004 HTTP/1.1" from 216.237.48.28

Please try again - you missed the xHTTP directive, so all requests were
rejected.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904

> Please try again - you missed the xHTTP directive, so all 
> requests were
> rejected.

Whoops, right you are.  Okay, now it does exactly the same thing as the
https connection.  It's prompting for the login credentials then after
about 30 seconds it comes back with a "Your Exchange server is
unavailable" error message.

Pound error log:

Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
/rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1 401
Unauthorized (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.005 sec
Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
/rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1 401
Unauthorized (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.007 sec
Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
/rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1 200 OK
(owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.004 sec
Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
/rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1 200 OK
(owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec
Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
/rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.0 503 RPC
Error: 6ba (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.002 sec
Jun  4 10:45:10 hcfw1 pound: (b7e97b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593
HTTP/1.1: Success (0.004 sec)
Jun  4 10:45:14 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
/rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 401 Unauthorized
(owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.005 sec
Jun  4 10:45:14 hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
/rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 401 Unauthorized
(owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.007 sec
Jun  4 10:45:14 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
/rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 200 OK
(owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.004 sec
Jun  4 10:45:14 hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
/rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 200 OK
(owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec
Jun  4 10:45:24 hcfw1 pound: (b7e97b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1:
Connection timed out (10.000 sec)

Has anyone actually got Pound working between a Linux server and Exchange 2007?
I've been working on this on and off for several weeks and have not yet found a
working configuration example.

I currently have;

ListenHTTPS
        Address         AN.INTERNET.IP.ADDRESS
        Port            443
        Cert            "/opt/pound/ssl/self-signed-cert.net.pem"
        AddHeader       "Front-End-Https: on"
        Ciphers        
"ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
        # Use version 4 as this allows the MS RPCDATAIN, RPCDATAOUT
        xHTTP           4
        Service
                BackEnd
                        Address apps-1.uks.local
                        Port    80
                        Timeout 60
                End
        End
End

Configured using a self-signed cert that has been imported onto the desktops
using group policy and still get nowhere. From my logs I'm seeing the
following;

May 22 09:46:41 edgetransport pound: (b7be6bb0) e500 response error read from
10.0.50.40:443/GET / HTTP/1.1: Connection timed out (60.022 secs)


If I point an outlook client at 10.0.50.40:443 then I can connect to the
RPC/HTTPS service without issue.

Any help is greatly appreciated


Thanks
Gavin

>  -----Original Message-----
>  From: Michael St. Laurent [mailto:mikes(at)hartwellcorp.com]
>  Sent: 04 June 2008 18:52
>  To: pound(at)apsis.ch
>  Subject: RE: FW: [Pound Mailing List] RPC over https configuration
>
>  > Please try again - you missed the xHTTP directive, so all requests
>  > were rejected.
>
>  Whoops, right you are.  Okay, now it does exactly the same thing as
>  the https connection.  It's prompting for the login credentials then
>  after about 30 seconds it comes back with a "Your Exchange server is
>  unavailable" error message.
>
>  Pound error log:
>
>  Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
>  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1 401
>  Unauthorized (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.005 sec
>  Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
>  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1 401
>  Unauthorized (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.007 sec
>  Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
>  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1 200 OK
>  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.004 sec Jun  4 10:45:10
>  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
>  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1 200 OK
>  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec Jun  4 10:45:10
>  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
>  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.0 503
>  RPC
>  Error: 6ba (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.002 sec Jun
>  4 10:45:10 hcfw1 pound: (b7e97b90) e500 error copy client cont to
>  10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593
>  HTTP/1.1: Success (0.004 sec)
>  Jun  4 10:45:14 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
>  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 401 Unauthorized
>  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.005 sec Jun  4 10:45:14
>  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
>  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 401 Unauthorized
>  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.007 sec Jun  4 10:45:14
>  hcfw1 pound: 216.237.48.29 RPC_IN_DATA
>  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 200 OK
>  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.004 sec Jun  4 10:45:14
>  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
>  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 200 OK
>  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec Jun  4 10:45:24
>  hcfw1 pound: (b7e97b90) e500 error copy client cont to
>  10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1:
>  Connection timed out (10.000 sec)
>
>  --
>  To unsubscribe send an email with subject unsubscribe to
>  pound(at)apsis.ch.
>  Please contact roseg(at)apsis.ch for questions.


Gavin Conway
Senior Engineer, Systems Group, UKSolutions

Telephone: 0845 004 1333, option 2
Email: gavin.conway(at)uksolutions.co.uk
Web: http://www.uksolutions.co.uk/
UKS Ltd, Birmingham Road, Studley, Warwickshire, B80 7BG Registered in England
Number 3036806
This email must be read in conjunction with the legal & service notices on
http://www.uksolutions.co.uk/disclaimer

The RPC stuff is still being tweaked to make it compatible with The
Microsoft Way(tm).  ;)

> -----Original Message-----
> From: Gavin Conway [mailto:gavin.conway(at)uksolutions.co.uk] 
> Sent: Monday, June 09, 2008 2:17 AM
> To: pound(at)apsis.ch
> Subject: RE: FW: [Pound Mailing List] RPC over https configuration
> 
> Has anyone actually got Pound working between a Linux server 
> and Exchange 2007? I've been working on this on and off for 
> several weeks and have not yet found a working configuration example.
> 
> I currently have;
> 
> ListenHTTPS
>         Address         AN.INTERNET.IP.ADDRESS
>         Port            443
>         Cert            "/opt/pound/ssl/self-signed-cert.net.pem"
>         AddHeader       "Front-End-Https: on"
>         Ciphers         
> "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
>         # Use version 4 as this allows the MS RPCDATAIN, RPCDATAOUT
>         xHTTP           4
>         Service
>                 BackEnd
>                         Address apps-1.uks.local
>                         Port    80
>                         Timeout 60
>                 End
>         End
> End
> 
> Configured using a self-signed cert that has been imported 
> onto the desktops using group policy and still get nowhere. 
> From my logs I'm seeing the following;
> 
> May 22 09:46:41 edgetransport pound: (b7be6bb0) e500 response 
> error read from 10.0.50.40:443/GET / HTTP/1.1: Connection 
> timed out (60.022 secs)
> 
> 
> If I point an outlook client at 10.0.50.40:443 then I can 
> connect to the RPC/HTTPS service without issue.
> 
> Any help is greatly appreciated
> 
> 
> Thanks
> Gavin
> 
> >  -----Original Message-----
> >  From: Michael St. Laurent [mailto:mikes(at)hartwellcorp.com]
> >  Sent: 04 June 2008 18:52
> >  To: pound(at)apsis.ch
> >  Subject: RE: FW: [Pound Mailing List] RPC over https configuration
> >
> >  > Please try again - you missed the xHTTP directive, so 
> all requests
> >  > were rejected.
> >
> >  Whoops, right you are.  Okay, now it does exactly the same thing as
> >  the https connection.  It's prompting for the login 
> credentials then
> >  after about 30 seconds it comes back with a "Your Exchange 
> server is
> >  unavailable" error message.
> >
> >  Pound error log:
> >
> >  Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
> >  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1 401
> >  Unauthorized (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.005 sec
> >  Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
> >  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1 401
> >  Unauthorized (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.007 sec
> >  Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
> >  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - 
> HTTP/1.1 200 OK
> >  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.004 sec Jun 
>  4 10:45:10
> >  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
> >  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - 
> HTTP/1.1 200 OK
> >  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec Jun 
>  4 10:45:10
> >  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
> >  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.0 503
> >  RPC
> >  Error: 6ba (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 
> 0.002 sec Jun
> >  4 10:45:10 hcfw1 pound: (b7e97b90) e500 error copy client cont to
> >  10.11.10.14:80/RPC_IN_DATA 
> /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593
> >  HTTP/1.1: Success (0.004 sec)
> >  Jun  4 10:45:14 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
> >  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 401 Unauthorized
> >  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.005 sec Jun 
>  4 10:45:14
> >  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
> >  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 401 Unauthorized
> >  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.007 sec Jun 
>  4 10:45:14
> >  hcfw1 pound: 216.237.48.29 RPC_IN_DATA
> >  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 200 OK
> >  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.004 sec Jun 
>  4 10:45:14
> >  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
> >  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 200 OK
> >  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec Jun 
>  4 10:45:24
> >  hcfw1 pound: (b7e97b90) e500 error copy client cont to
> >  10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1:
> >  Connection timed out (10.000 sec)
> >
> >  --
> >  To unsubscribe send an email with subject unsubscribe to
> >  pound(at)apsis.ch.
> >  Please contact roseg(at)apsis.ch for questions.
> 
> 
> Gavin Conway
> Senior Engineer, Systems Group, UKSolutions
> 
> Telephone: 0845 004 1333, option 2
> Email: gavin.conway(at)uksolutions.co.uk
> Web: http://www.uksolutions.co.uk/
> UKS Ltd, Birmingham Road, Studley, Warwickshire, B80 7BG 
> Registered in England Number 3036806
> This email must be read in conjunction with the legal & 
> service notices on http://www.uksolutions.co.uk/disclaimer
> 
> --
> To unsubscribe send an email with subject unsubscribe to 
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> 

Hi Micheal,

Thanks for getting back to me. Are you one of the developers for Pound? If so
what sort of timescales are you looking at for RPC over HTTPS and compatibility
with Exchange. If you aren't a developer from Pound then could I get the same
question answered by them.

Reason being I'm fighting quite hard not to have to setup a Windows Server
running ISA just to proxy the HTTPS/RPC connection from our edge.

Thanks
Gavin

>  -----Original Message-----
>  From: Michael St. Laurent [mailto:mikes(at)hartwellcorp.com]
>  Sent: 11 June 2008 21:34
>  To: pound(at)apsis.ch
>  Subject: RE: FW: [Pound Mailing List] RPC over https configuration
>
>  The RPC stuff is still being tweaked to make it compatible with The
>  Microsoft Way(tm).  ;)
>
>  > -----Original Message-----
>  > From: Gavin Conway [mailto:gavin.conway(at)uksolutions.co.uk]
>  > Sent: Monday, June 09, 2008 2:17 AM
>  > To: pound(at)apsis.ch
>  > Subject: RE: FW: [Pound Mailing List] RPC over https configuration
>  >
>  > Has anyone actually got Pound working between a Linux server and
>  > Exchange 2007? I've been working on this on and off for several
>  weeks
>  > and have not yet found a working configuration example.
>  >
>  > I currently have;
>  >
>  > ListenHTTPS
>  >         Address         AN.INTERNET.IP.ADDRESS
>  >         Port            443
>  >         Cert            "/opt/pound/ssl/self-signed-cert.net.pem"
>  >         AddHeader       "Front-End-Https: on"
>  >         Ciphers
>  > "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
>  >         # Use version 4 as this allows the MS RPCDATAIN, RPCDATAOUT
>  >         xHTTP           4
>  >         Service
>  >                 BackEnd
>  >                         Address apps-1.uks.local
>  >                         Port    80
>  >                         Timeout 60
>  >                 End
>  >         End
>  > End
>  >
>  > Configured using a self-signed cert that has been imported onto the
>  > desktops using group policy and still get nowhere.
>  > From my logs I'm seeing the following;
>  >
>  > May 22 09:46:41 edgetransport pound: (b7be6bb0) e500 response error
>  > read from 10.0.50.40:443/GET / HTTP/1.1: Connection timed out
>  (60.022
>  > secs)
>  >
>  >
>  > If I point an outlook client at 10.0.50.40:443 then I can connect to
>  > the RPC/HTTPS service without issue.
>  >
>  > Any help is greatly appreciated
>  >
>  >
>  > Thanks
>  > Gavin
>  >
>  > >  -----Original Message-----
>  > >  From: Michael St. Laurent [mailto:mikes(at)hartwellcorp.com]
>  > >  Sent: 04 June 2008 18:52
>  > >  To: pound(at)apsis.ch
>  > >  Subject: RE: FW: [Pound Mailing List] RPC over https
>  configuration
>  > >
>  > >  > Please try again - you missed the xHTTP directive, so
>  > all requests
>  > >  > were rejected.
>  > >
>  > >  Whoops, right you are.  Okay, now it does exactly the same thing
>  as
>  > > the https connection.  It's prompting for the login
>  > credentials then
>  > >  after about 30 seconds it comes back with a "Your Exchange
>  > server is
>  > >  unavailable" error message.
>  > >
>  > >  Pound error log:
>  > >
>  > >  Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
>  > >  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1
>  401
>  > > Unauthorized (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.005
>  sec
>  > > Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
>  > >  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.1
>  401
>  > > Unauthorized (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.007
>  sec
>  > > Jun  4 10:45:10 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
>  > >  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 -
>  > HTTP/1.1 200 OK
>  > >  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.004 sec Jun
>  >  4 10:45:10
>  > >  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
>  > >  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 -
>  > HTTP/1.1 200 OK
>  > >  (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec Jun
>  >  4 10:45:10
>  > >  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
>  > >  /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593 HTTP/1.1 - HTTP/1.0
>  503
>  > > RPC
>  > >  Error: 6ba (owa.hartwellcorp.com/rpc -> 10.11.10.14:80)
>  > 0.002 sec Jun
>  > >  4 10:45:10 hcfw1 pound: (b7e97b90) e500 error copy client cont to
>  > > 10.11.10.14:80/RPC_IN_DATA
>  > /rpc/rpcproxy.dll?hcex.hartwellcorp.com:593
>  > >  HTTP/1.1: Success (0.004 sec)
>  > >  Jun  4 10:45:14 hcfw1 pound: 216.237.48.29 RPC_IN_DATA
>  > >  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 401 Unauthorized
>  > > (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.005 sec Jun
>  >  4 10:45:14
>  > >  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
>  > >  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 401 Unauthorized
>  > > (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.007 sec Jun
>  >  4 10:45:14
>  > >  hcfw1 pound: 216.237.48.29 RPC_IN_DATA
>  > >  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 200 OK
>  > > (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.004 sec Jun
>  >  4 10:45:14
>  > >  hcfw1 pound: 216.237.48.29 RPC_OUT_DATA
>  > >  /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1 - HTTP/1.1 200 OK
>  > > (owa.hartwellcorp.com/rpc -> 10.11.10.14:80) 0.003 sec Jun
>  >  4 10:45:24
>  > >  hcfw1 pound: (b7e97b90) e500 error copy client cont to
>  > > 10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?HCEX:6004 HTTP/1.1:
>  > >  Connection timed out (10.000 sec)
>  > >
>  > >  --
>  > >  To unsubscribe send an email with subject unsubscribe to
>  > > pound(at)apsis.ch.
>  > >  Please contact roseg(at)apsis.ch for questions.
>  >
>  >
>  > Gavin Conway
>  > Senior Engineer, Systems Group, UKSolutions
>  >
>  > Telephone: 0845 004 1333, option 2
>  > Email: gavin.conway(at)uksolutions.co.uk
>  > Web: http://www.uksolutions.co.uk/
>  > UKS Ltd, Birmingham Road, Studley, Warwickshire, B80 7BG Registered
>  in
>  > England Number 3036806 This email must be read in conjunction with
>  the
>  > legal & service notices on http://www.uksolutions.co.uk/disclaimer
>  >
>  > --
>  > To unsubscribe send an email with subject unsubscribe to
>  > pound(at)apsis.ch.
>  > Please contact roseg(at)apsis.ch for questions.
>  >
>
>  --
>  To unsubscribe send an email with subject unsubscribe to
>  pound(at)apsis.ch.
>  Please contact roseg(at)apsis.ch for questions.


Gavin Conway
Senior Engineer, Systems Group, UKSolutions

Telephone: 0845 004 1333, option 2
Email: gavin.conway(at)uksolutions.co.uk
Web: http://www.uksolutions.co.uk/
UKS Ltd, Birmingham Road, Studley, Warwickshire, B80 7BG Registered in England
Number 3036806
This email must be read in conjunction with the legal & service notices on
http://www.uksolutions.co.uk/disclaimer

No, I'm in the same boat you are Gavin.  We're getting by using VPN
tunnels right now but are getting a lot of pressure to get RPCoHTTPS
working.  A lot of hotels and ISPs falsely claim that they don't block
VPN connections.

> Hi Micheal,
> 
> Thanks for getting back to me. Are you one of the developers 
> for Pound? If so what sort of timescales are you looking at 
> for RPC over HTTPS and compatibility with Exchange. If you 
> aren't a developer from Pound then could I get the same 
> question answered by them.
> 
> Reason being I'm fighting quite hard not to have to setup a 
> Windows Server running ISA just to proxy the HTTPS/RPC 
> connection from our edge.

I'm not sure my Exchange 2007 RPC over HTTP is working... Because I don't use
it.  But anyway.

In watching the exchange, it looks like the communication limited by both the
Client timeout and the TimeOut on the backend.

It looks to me like the RPC_IN_DATA and RPC_OUT_DATA commands are returning a
Content-Length:1073741824.. Likely so they can keep a persistent connection in
both directions.

Pound limits the incoming (from the client) connection w/ huge content length
by the client timeout.  Which I can fully understand.  But it's causing the
cont errors you see in the log.  So I bumped my Client and TimeOut values to
3600, just to see what would happen.  The cont errors went away.  So you might
want to try that as a short term thing.

Copy_bin appears to be called properly, but I'm not sure if BIO buffering is
adding weird behavior.  (For instance, I see 20 bytes come in from the client,
but nothing goes out on the server side for a bit...)  In other words, it seems
pound is treating this just like any other web request .... Read the request in
bulk and write chunks, then read the response in bulk and write chunks.

I added some flushing to copy_bin and I decreased the BIO_read limit to 10
bytes to see if it would do more interactive transmission but it doesn't seem
to make a difference.  Then again, when I turned off my layers of testing
programs, it didn't work either.  So it's possible I didn't set up
OutlookAnywhere properly.

Testbed - VM -> NAT REDIRECT -> Pound on 443 -> tcpwatch -> stunnel -> OWA on
443

I tried without stunnel (turning off the SSL requirement in IIS) but the
results were the same.

Hope this helps.

Joseph Gooch
Sapphire Suite Product Manager
K12 Systems, Inc.
(866) 366-9540


> -----Original Message-----
> From: Michael St. Laurent [mailto:mikes(at)hartwellcorp.com]
> Sent: Tuesday, June 17, 2008 2:56 PM
> To: pound(at)apsis.ch
> Subject: RE: FW: [Pound Mailing List] RPC over https configuration
>
> No, I'm in the same boat you are Gavin.  We're getting by
> using VPN tunnels right now but are getting a lot of pressure
> to get RPCoHTTPS working.  A lot of hotels and ISPs falsely
> claim that they don't block VPN connections.
>
> > Hi Micheal,
> >
> > Thanks for getting back to me. Are you one of the developers for
> > Pound? If so what sort of timescales are you looking at for
> RPC over
> > HTTPS and compatibility with Exchange. If you aren't a
> developer from
> > Pound then could I get the same question answered by them.
> >
> > Reason being I'm fighting quite hard not to have to setup a Windows
> > Server running ISA just to proxy the HTTPS/RPC connection from our
> > edge.
>
> --
> To unsubscribe send an email with subject unsubscribe to
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>

Hi Joe,

Could you send over your Pound configuration to the group so that it's archived
as a potential working configuration.

Thanks
Gaivn

>  -----Original Message-----
>  From: Joe Gooch [mailto:mrwizard(at)k12system.com]
>  Sent: 18 June 2008 01:09
>  To: pound(at)apsis.ch
>  Subject: RE: FW: [Pound Mailing List] RPC over https configuration
>
>  I'm not sure my Exchange 2007 RPC over HTTP is working... Because I
>  don't use it.  But anyway.
>
>  In watching the exchange, it looks like the communication limited by
>  both the Client timeout and the TimeOut on the backend.
>
>  It looks to me like the RPC_IN_DATA and RPC_OUT_DATA commands are
>  returning a Content-Length:1073741824.. Likely so they can keep a
>  persistent connection in both directions.
>
>  Pound limits the incoming (from the client) connection w/ huge content
>  length by the client timeout.  Which I can fully understand.  But it's
>  causing the cont errors you see in the log.  So I bumped my Client and
>  TimeOut values to 3600, just to see what would happen.  The cont
>  errors went away.  So you might want to try that as a short term
>  thing.
>
>  Copy_bin appears to be called properly, but I'm not sure if BIO
>  buffering is adding weird behavior.  (For instance, I see 20 bytes
>  come in from the client, but nothing goes out on the server side for a
>  bit...)  In other words, it seems pound is treating this just like any
>  other web request .... Read the request in bulk and write chunks, then
>  read the response in bulk and write chunks.
>
>  I added some flushing to copy_bin and I decreased the BIO_read limit
>  to 10 bytes to see if it would do more interactive transmission but it
>  doesn't seem to make a difference.  Then again, when I turned off my
>  layers of testing programs, it didn't work either.  So it's possible I
>  didn't set up OutlookAnywhere properly.
>
>  Testbed - VM -> NAT REDIRECT -> Pound on 443 -> tcpwatch -> stunnel ->
>  OWA on 443
>
>  I tried without stunnel (turning off the SSL requirement in IIS) but
>  the results were the same.
>
>  Hope this helps.
>
>  Joseph Gooch
>  Sapphire Suite Product Manager
>  K12 Systems, Inc.
>  (866) 366-9540
>
>
>  > -----Original Message-----
>  > From: Michael St. Laurent [mailto:mikes(at)hartwellcorp.com]
>  > Sent: Tuesday, June 17, 2008 2:56 PM
>  > To: pound(at)apsis.ch
>  > Subject: RE: FW: [Pound Mailing List] RPC over https configuration
>  >
>  > No, I'm in the same boat you are Gavin.  We're getting by using VPN
>  > tunnels right now but are getting a lot of pressure to get RPCoHTTPS
>  > working.  A lot of hotels and ISPs falsely claim that they don't
>  block
>  > VPN connections.
>  >
>  > > Hi Micheal,
>  > >
>  > > Thanks for getting back to me. Are you one of the developers for
>  > > Pound? If so what sort of timescales are you looking at for
>  > RPC over
>  > > HTTPS and compatibility with Exchange. If you aren't a
>  > developer from
>  > > Pound then could I get the same question answered by them.
>  > >
>  > > Reason being I'm fighting quite hard not to have to setup a
>  Windows
>  > > Server running ISA just to proxy the HTTPS/RPC connection from our
>  > > edge.
>  >
>  > --
>  > To unsubscribe send an email with subject unsubscribe to
>  > pound(at)apsis.ch.
>  > Please contact roseg(at)apsis.ch for questions.
>  >
>
>  --
>  To unsubscribe send an email with subject unsubscribe to
>  pound(at)apsis.ch.
>  Please contact roseg(at)apsis.ch for questions.


Gavin Conway
Senior Engineer, Systems Group, UKSolutions

Telephone: 0845 004 1333, option 2
Email: gavin.conway(at)uksolutions.co.uk
Web: http://www.uksolutions.co.uk/
UKS Ltd, Birmingham Road, Studley, Warwickshire, B80 7BG Registered in England
Number 3036806
This email must be read in conjunction with the legal & service notices on
http://www.uksolutions.co.uk/disclaimer

On Wed, Jun 18, 2008 at 10:59 AM, Gavin Conway
<gavin.conway(at)uksolutions.co.uk> wrote:
> Hi Joe,
>
> Could you send over your Pound configuration to the group so that it's
archived as a potential working configuration.

I, too, vote for this request.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

"Oh My God! They killed init! You Bastards!"
 --from a /. post

Sure!  Might be good to note I was testing with Pound 2.4.3 as well.

===== pound.cfg =========
Client 3600
TimeOut 3600
Alive 60
LogLevel 5
Daemon 0

ListenHTTPS
        Address 0.0.0.0
        Port    443
        Cert    "my.owa.cert.pem"
        AddHeader       "Front-End-Https: on"
        Ciphers
"ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
        xHTTP   4
        Service
                Backend
                        Address my.owa.ip
                        Port    80
                End
        End
End

ListenHTTP
        Address 0.0.0.0
        Port    80
        xHTTP   4
        Service
                Backend
                        Address my.owa.ip
                        Port    80
                End
        End
End
======================

If your exchange server requires ssl and you don't want to change that, you can
add stunnel to the mix.  Just run stunnel on a local port (like 82) and have it
connect to my.owa.ip port 443.  Then change your backend to 127.0.0.1 port 82.

======== stunnel.cfg =======
foreground = yes
client = yes

[https]
  accept=127.0.0.1:82
  connect=my.owa.ip:443
============================

(Of course, in production, you'd likely want to set a user, group, chroot
directory, etc.)

If you want to see the exchange with the server, TCPWatch is invaluable.  You
can get it at http://hathawaymix.org/Software/TCPWatch

Assuming stunnel, run it as:
python tcpwatch.py 81:127.0.0.1:82
Without stunnel
python tcpwatch.py 81:my.owa.ip:80

And set your pound backend to 127.0.0.1:81.

If you're not actually on a machine with X, you can specify the -s flag to
tcpwatch so it does a console output.

Good luck!

Joseph Gooch
Sapphire Suite Product Manager
K12 Systems, Inc.
(866) 366-9540


> -----Original Message-----
> From: Gavin Conway [mailto:gavin.conway(at)uksolutions.co.uk]
> Sent: Wednesday, June 18, 2008 3:59 AM
> To: pound(at)apsis.ch
> Subject: RE: FW: [Pound Mailing List] RPC over https configuration
>
> Hi Joe,
>
> Could you send over your Pound configuration to the group so
> that it's archived as a potential working configuration.
>
> Thanks
> Gaivn
>
> >  -----Original Message-----
> >  From: Joe Gooch [mailto:mrwizard(at)k12system.com]
> >  Sent: 18 June 2008 01:09
> >  To: pound(at)apsis.ch
> >  Subject: RE: FW: [Pound Mailing List] RPC over https configuration
> >
> >  I'm not sure my Exchange 2007 RPC over HTTP is working...
> Because I
> > don't use it.  But anyway.
> >
> >  In watching the exchange, it looks like the communication
> limited by
> > both the Client timeout and the TimeOut on the backend.
> >
> >  It looks to me like the RPC_IN_DATA and RPC_OUT_DATA commands are
> > returning a Content-Length:1073741824.. Likely so they can keep a
> > persistent connection in both directions.
> >
> >  Pound limits the incoming (from the client) connection w/ huge
> > content  length by the client timeout.  Which I can fully
> understand.
> > But it's  causing the cont errors you see in the log.  So I
> bumped my
> > Client and  TimeOut values to 3600, just to see what would happen.
> > The cont  errors went away.  So you might want to try that
> as a short
> > term  thing.
> >
> >  Copy_bin appears to be called properly, but I'm not sure if BIO
> > buffering is adding weird behavior.  (For instance, I see 20 bytes
> > come in from the client, but nothing goes out on the server
> side for a
> >  bit...)  In other words, it seems pound is treating this just like
> > any  other web request .... Read the request in bulk and
> write chunks,
> > then  read the response in bulk and write chunks.
> >
> >  I added some flushing to copy_bin and I decreased the
> BIO_read limit
> > to 10 bytes to see if it would do more interactive
> transmission but it
> > doesn't seem to make a difference.  Then again, when I
> turned off my
> > layers of testing programs, it didn't work either.  So it's
> possible I
> > didn't set up OutlookAnywhere properly.
> >
> >  Testbed - VM -> NAT REDIRECT -> Pound on 443 -> tcpwatch
> -> stunnel
> > ->  OWA on 443
> >
> >  I tried without stunnel (turning off the SSL requirement
> in IIS) but
> > the results were the same.
> >
> >  Hope this helps.
> >
> >  Joseph Gooch
> >  Sapphire Suite Product Manager
> >  K12 Systems, Inc.
> >  (866) 366-9540
> >
> >
> >  > -----Original Message-----
> >  > From: Michael St. Laurent
> [mailto:mikes(at)hartwellcorp.com]  > Sent:
> > Tuesday, June 17, 2008 2:56 PM  > To: pound(at)apsis.ch  >
> Subject: RE:
> > FW: [Pound Mailing List] RPC over https configuration  >  >
> No, I'm in
> > the same boat you are Gavin.  We're getting by using VPN  > tunnels
> > right now but are getting a lot of pressure to get RPCoHTTPS  >
> > working.  A lot of hotels and ISPs falsely claim that they don't
> > block  > VPN connections.
> >  >
> >  > > Hi Micheal,
> >  > >
> >  > > Thanks for getting back to me. Are you one of the
> developers for
> > > > Pound? If so what sort of timescales are you looking at
> for  > RPC
> > over  > > HTTPS and compatibility with Exchange. If you aren't a  >
> > developer from  > > Pound then could I get the same
> question answered
> > by them.
> >  > >
> >  > > Reason being I'm fighting quite hard not to have to setup a
> > Windows  > > Server running ISA just to proxy the HTTPS/RPC
> connection
> > from our  > > edge.
> >  >
> >  > --
> >  > To unsubscribe send an email with subject unsubscribe to  >
> > pound(at)apsis.ch.
> >  > Please contact roseg(at)apsis.ch for questions.
> >  >
> >
> >  --
> >  To unsubscribe send an email with subject unsubscribe to
> > pound(at)apsis.ch.
> >  Please contact roseg(at)apsis.ch for questions.
>
>
> Gavin Conway
> Senior Engineer, Systems Group, UKSolutions
>
> Telephone: 0845 004 1333, option 2
> Email: gavin.conway(at)uksolutions.co.uk
> Web: http://www.uksolutions.co.uk/
> UKS Ltd, Birmingham Road, Studley, Warwickshire, B80 7BG
> Registered in England Number 3036806 This email must be read
> in conjunction with the legal & service notices on
> http://www.uksolutions.co.uk/disclaimer
>
> --
> To unsubscribe send an email with subject unsubscribe to
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>

Hi Joe,

Thanks for sending that out. Could you point an Outlook Client at your
RPCoHTTPS connection and let me know what you receive.

Also, browsing to;

https://yourpoundinstall/rpc/rpcproxy.dll

Should prompt you for a password 3 times and then present a blank page. I'm
asking this as I've replicated your config and whenever I try and call the
/rpcproxy.dll section myself I get an e500 error from Pound.

Cheers,
Gavin

>  -----Original Message-----
>  From: Joe Gooch [mailto:mrwizard(at)k12system.com]
>  Sent: 18 June 2008 11:28
>  To: pound(at)apsis.ch
>  Subject: RE: FW: [Pound Mailing List] RPC over https configuration
>
>  Sure!  Might be good to note I was testing with Pound 2.4.3 as well.
>
>  ==ound.cfg ===
>  Client 3600
>  TimeOut 3600
>  Alive 60
>  LogLevel 5
>  Daemon 0
>
>  ListenHTTPS
>          Address 0.0.0.0
>          Port    443
>          Cert    "my.owa.cert.pem"
>          AddHeader       "Front-End-Https: on"
>          Ciphers
>  "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
>          xHTTP   4
>          Service
>                  Backend
>                          Address my.owa.ip
>                          Port    80
>                  End
>          End
>  End
>
>  ListenHTTP
>          Address 0.0.0.0
>          Port    80
>          xHTTP   4
>          Service
>                  Backend
>                          Address my.owa.ip
>                          Port    80
>                  End
>          End
>  End
>  =======
>  If your exchange server requires ssl and you don't want to change
>  that, you can add stunnel to the mix.  Just run stunnel on a local
>  port (like 82) and have it connect to my.owa.ip port 443.  Then change
>  your backend to 127.0.0.1 port 82.
>
>  ===tunnel.cfg ==foreground =s
>  client =s
>
>  [https]
>    accept7.0.0.1:82
>    connect=.owa.ip:443
>  =========
>  (Of course, in production, you'd likely want to set a user, group,
>  chroot directory, etc.)
>
>  If you want to see the exchange with the server, TCPWatch is
>  invaluable.  You can get it at
>  http://hathawaymix.org/Software/TCPWatch
>
>  Assuming stunnel, run it as:
>  python tcpwatch.py 81:127.0.0.1:82
>  Without stunnel
>  python tcpwatch.py 81:my.owa.ip:80
>
>  And set your pound backend to 127.0.0.1:81.
>
>  If you're not actually on a machine with X, you can specify the -s
>  flag to tcpwatch so it does a console output.
>
>  Good luck!
>
>  Joseph Gooch
>  Sapphire Suite Product Manager
>  K12 Systems, Inc.
>  (866) 366-9540


Gavin Conway
Senior Engineer, Systems Group, UKSolutions

Telephone: 0845 004 1333, option 2
Email: gavin.conway(at)uksolutions.co.uk
Web: http://www.uksolutions.co.uk/
UKS Ltd, Birmingham Road, Studley, Warwickshire, B80 7BG Registered in England
Number 3036806
This email must be read in conjunction with the legal & service notices on
http://www.uksolutions.co.uk/disclaimer

On Tue, 2008-06-03 at 10:35 -0700, Michael St. Laurent wrote:
> I have packet sniffs but they're large and it's probably not a good idea
> to send them to the list.  You can download them from the FTP site
> below:
> 
> Server: ftp.hartwellcorp.com
> Login: pound
> Password: pound
> 
> The file names should indicate which trace is for what.

You seem to have sniffed the HTTPS stream, which is less than helpful.
Could you try again with plain HTTP?

One problem that I did notice: you seem to use Windows authentication
(NTLM). This is almost assured to cause problems, as Exchange thinks it
is talking to the Pound server, while the client sends a different set
of credentials. Search the archive for a detailed solution (using HTTP
authentication in IIS).
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904

On Tue, 2008-06-17 at 09:00 +0100, Gavin Conway wrote:
> Hi Micheal,
> 
> Thanks for getting back to me. Are you one of the developers for Pound? If so
what sort of timescales are you looking at for RPC over HTTPS and compatibility
with Exchange. If you aren't a developer from Pound then could I get the same
question answered by them.
> 
> Reason being I'm fighting quite hard not to have to setup a Windows Server
running ISA just to proxy the HTTPS/RPC connection from our edge.
> 
> Thanks
> Gavin

I can't very well give you any assurance - we are still trying to figure
out what the problem is. Once diagnosis is complete a solution would be
quick to be offered.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904

D'OH!!!  You're right.  Okay, it'll take me a bit to get things set up again. 
I'll reply again once I've got a new set of captures to look at. 

> -----Original Message-----
> From: Robert Segall [mailto:roseg(at)apsis.ch] 
> Sent: Wednesday, June 18, 2008 10:12 AM
> To: pound(at)apsis.ch
> Subject: RE: FW: [Pound Mailing List] RPC over https configuration
> 
> On Tue, 2008-06-03 at 10:35 -0700, Michael St. Laurent wrote:
> > I have packet sniffs but they're large and it's probably 
> not a good idea
> > to send them to the list.  You can download them from the FTP site
> > below:
> > 
> > Server: ftp.hartwellcorp.com
> > Login: pound
> > Password: pound
> > 
> > The file names should indicate which trace is for what.
> 
> You seem to have sniffed the HTTPS stream, which is less than helpful.
> Could you try again with plain HTTP?
> 
> One problem that I did notice: you seem to use Windows authentication
> (NTLM). This is almost assured to cause problems, as Exchange 
> thinks it
> is talking to the Pound server, while the client sends a different set
> of credentials. Search the archive for a detailed solution (using HTTP
> authentication in IIS).
> -- 
> Robert Segall
> Apsis GmbH
> Postfach, Uetikon am See, CH-8707
> Tel: +41-44-920 4904
> 
> 
> --
> To unsubscribe send an email with subject unsubscribe to 
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> 

> You seem to have sniffed the HTTPS stream, which is less than helpful.
> Could you try again with plain HTTP?
> 
> One problem that I did notice: you seem to use Windows authentication
> (NTLM). This is almost assured to cause problems, as Exchange 
> thinks it
> is talking to the Pound server, while the client sends a different set
> of credentials. Search the archive for a detailed solution (using HTTP
> authentication in IIS).

D'OH!!!  You're right.  Okay, it'll take me a bit to get things set up
again.  I'll reply again once I've got a new set of captures to look at.

[Resent because the copy of this email I just got back from the list
looked like it got scrambled for some reason.]

> Thanks for getting back to me. Are you one of the developers for Pound? If so
what sort of timescales are > you looking at for RPC over HTTPS and
compatibility with Exchange. If you aren't a developer from Pound then could I
get the same question answered by them.
>
> Reason being I'm fighting quite hard not to have to setup a Windows Server
running ISA just to proxy the HTTPS/RPC connection from our edge.
>
> Thanks
> Gavin

> I can't very well give you any assurance - we are still trying to figure
> out what the problem is. Once diagnosis is complete a solution would be
> quick to be offered.
> --
> ?Robert Segall
> Apsis GmbH
> Postfach, Uetikon am See, CH-8707
> Tel: +41-44-920 4904



Hi Robert,

That being the case, what do you need to diagnose this? I have a basic
authentication system in place so if you need captures, configuration files,
tcpdumps then please let me know.

Thanks
Gavin

Gavin Conway
Senior Engineer, Systems Group, UKSolutions

Telephone: 0845 004 1333, option 2
Email: gavin.conway(at)uksolutions.co.uk
Web: http://www.uksolutions.co.uk/
UKS Ltd, Birmingham Road, Studley, Warwickshire, B80 7BG Registered in England
Number 3036806
This email must be read in conjunction with the legal & service notices on
http://www.uksolutions.co.uk/disclaimer

> That being the case, what do you need to diagnose this? I 
> have a basic authentication system in place so if you need 
> captures, configuration files, tcpdumps then please let me know.

He would like network sniffer captures of an HTTP (not HTTPS)
connection.  I believe he wants a successful one (so you may need to do
this from inside your proxy server) as well as what happens when Pound
is in the middle.