[users@httpd] Reverse Proxy Questions

[Shawn Cannon <sh...@shawncannon.com>]

We have been using Apache 2.2.x with reverse proxy modules for our clients to access their OWA servers for over a year. I want to get us to Apache 2.4.x so I setup a test box with latest 2.4 on it. I fixed the config file issues since 2.4 has changes in it. OWA proxy is working on my test server with Apache 2.4. But with 2.4 I do have an issue I cannot figure out. Note that this does NOT occur with Apache 2.2. I get the following errors when using ActiveSync through reverse proxy: [Thu Oct 17 12:19:11.670665 2013] [proxy_http:error] [pid 748:tid 8440] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : [client x.x.x.x:20311] AH01102: error reading status line from remote server mail.nameredacted.net:443[Thu Oct 17 12:19:11.670665 2013] [proxy:error] [pid 748:tid 8440] [client x.x.x.x:20311] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync So somehow with Apache 2.4 there is some sort of timeout that was not there with 2.2. Any ideas?

Shawn Cannon

IT ProfessionalEMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013
 		 	   		  

RE: [users@httpd] Reverse Proxy Questions

[Shawn Cannon <sh...@shawncannon.com>]

Hang on I did NOT have the flag set.  I forgot the 1 after the variable.

Shawn Cannon

IT ProfessionalEMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013



From: shawn@shawncannon.com
To: users@httpd.apache.org
Date: Fri, 18 Oct 2013 09:15:23 -0400
Subject: RE: [users@httpd] Reverse Proxy Questions




I added the flag mentioned yet I still get the 2 proxy errors mentioned in my initial email.  I also added keep-alive settings to my httpd.conf.  Even with these errors my ActiveSync test seems to be working from my Windows RT tablet.  Of course there is no production load to this server since it is a test box.  I am curious to see if I put a production server back in place with these settings if the end users will have issues.

Shawn Cannon

IT ProfessionalEMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013

Date: Fri, 18 Oct 2013 10:53:04 +0200
From: thomas.r.w.eckert@gmail.com
To: users@httpd.apache.org
Subject: Re: [users@httpd] Reverse Proxy Questions

Try setting the proxy-initial-not-pooled flag with mod_proxy_http, see http://httpd.apache.org/docs/current/mod/mod_proxy_http.html


Apache 2.4 has an issue with the HTTP keep-alive time out which happens quite frequently with ActiveSync. There is an ongoing discussion ("mod_proxy, oooled backend connections and the keep-alive race condition") regarding this problem on the dev list.


Do you happen to use NTLM between the reverse proxy and exchange server ? If you do I would be very much interested in the impact of the above mentioned mod_proxy_http flag with the authentication procedure.



On Thu, Oct 17, 2013 at 10:03 PM, Shawn Cannon <sh...@shawncannon.com> wrote:




Yes it is getting there.  I do not know how long it would take.  my test box only has one machine using Windows RT connecting via ActiveSync through the reverse proxy.  It is working despite seeing the error.  When I tried this in production we had multiple complaints from phone users and I saw these errors so I thought something must have changed from 2.2 to 2.4.


Shawn Cannon

IT ProfessionalEMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013


From: yehuda@ymkatz.net

Date: Thu, 17 Oct 2013 15:57:33 -0400
To: users@httpd.apache.org
Subject: Re: [users@httpd] Reverse Proxy Questions


There is a timeout, but I don't think it has changed in this version: http://httpd.apache.org/docs/2.4/mod/mod_proxy.htmlHow long do you expect the response to take?



Do you know if the request is getting to the Exchange server?
- Y

On Thu, Oct 17, 2013 at 3:48 PM, Shawn Cannon <sh...@shawncannon.com> wrote:






We have been using Apache 2.2.x with reverse proxy modules for our clients to access their OWA servers for over a year. I want to get us to Apache 2.4.x so I setup a test box with latest 2.4 on it. I fixed the config file issues since 2.4 has changes in it. OWA proxy is working on my test server with Apache 2.4. But with 2.4 I do have an issue I cannot figure out. Note that this does NOT occur with Apache 2.2. I get the following errors when using ActiveSync through reverse proxy: 


[Thu Oct 17 12:19:11.670665 2013] [proxy_http:error] [pid 748:tid 8440] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : [client x.x.x.x:20311] AH01102: error reading status line from remote server mail.nameredacted.net:443


[Thu Oct 17 12:19:11.670665 2013] [proxy:error] [pid 748:tid 8440] [client x.x.x.x:20311] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync 


So somehow with Apache 2.4 there is some sort of timeout that was not there with 2.2. Any ideas?




Shawn Cannon

IT ProfessionalEMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013
 		 	   		  

 		 	   		  

 		 	   		   		 	   		  

RE: [users@httpd] Reverse Proxy Questions

[Shawn Cannon <sh...@shawncannon.com>]

I added the flag mentioned yet I still get the 2 proxy errors mentioned in my initial email.  I also added keep-alive settings to my httpd.conf.  Even with these errors my ActiveSync test seems to be working from my Windows RT tablet.  Of course there is no production load to this server since it is a test box.  I am curious to see if I put a production server back in place with these settings if the end users will have issues.

Shawn Cannon

IT ProfessionalEMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013

Date: Fri, 18 Oct 2013 10:53:04 +0200
From: thomas.r.w.eckert@gmail.com
To: users@httpd.apache.org
Subject: Re: [users@httpd] Reverse Proxy Questions

Try setting the proxy-initial-not-pooled flag with mod_proxy_http, see http://httpd.apache.org/docs/current/mod/mod_proxy_http.html


Apache 2.4 has an issue with the HTTP keep-alive time out which happens quite frequently with ActiveSync. There is an ongoing discussion ("mod_proxy, oooled backend connections and the keep-alive race condition") regarding this problem on the dev list.


Do you happen to use NTLM between the reverse proxy and exchange server ? If you do I would be very much interested in the impact of the above mentioned mod_proxy_http flag with the authentication procedure.



On Thu, Oct 17, 2013 at 10:03 PM, Shawn Cannon <sh...@shawncannon.com> wrote:




Yes it is getting there.  I do not know how long it would take.  my test box only has one machine using Windows RT connecting via ActiveSync through the reverse proxy.  It is working despite seeing the error.  When I tried this in production we had multiple complaints from phone users and I saw these errors so I thought something must have changed from 2.2 to 2.4.


Shawn Cannon

IT ProfessionalEMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013


From: yehuda@ymkatz.net

Date: Thu, 17 Oct 2013 15:57:33 -0400
To: users@httpd.apache.org
Subject: Re: [users@httpd] Reverse Proxy Questions


There is a timeout, but I don't think it has changed in this version: http://httpd.apache.org/docs/2.4/mod/mod_proxy.htmlHow long do you expect the response to take?



Do you know if the request is getting to the Exchange server?
- Y

On Thu, Oct 17, 2013 at 3:48 PM, Shawn Cannon <sh...@shawncannon.com> wrote:






We have been using Apache 2.2.x with reverse proxy modules for our clients to access their OWA servers for over a year. I want to get us to Apache 2.4.x so I setup a test box with latest 2.4 on it. I fixed the config file issues since 2.4 has changes in it. OWA proxy is working on my test server with Apache 2.4. But with 2.4 I do have an issue I cannot figure out. Note that this does NOT occur with Apache 2.2. I get the following errors when using ActiveSync through reverse proxy: 


[Thu Oct 17 12:19:11.670665 2013] [proxy_http:error] [pid 748:tid 8440] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : [client x.x.x.x:20311] AH01102: error reading status line from remote server mail.nameredacted.net:443


[Thu Oct 17 12:19:11.670665 2013] [proxy:error] [pid 748:tid 8440] [client x.x.x.x:20311] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync 


So somehow with Apache 2.4 there is some sort of timeout that was not there with 2.2. Any ideas?




Shawn Cannon

IT ProfessionalEMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013
 		 	   		  

 		 	   		  

 		 	   		  

Re: [users@httpd] Reverse Proxy Questions

[Thomas Eckert <th...@gmail.com>]

Try setting the proxy-initial-not-pooled flag with mod_proxy_http, see
http://httpd.apache.org/docs/current/mod/mod_proxy_http.html

Apache 2.4 has an issue with the HTTP keep-alive time out which happens
quite frequently with ActiveSync. There is an ongoing discussion
("mod_proxy, oooled backend connections and the keep-alive race condition")
regarding this problem on the dev list.

Do you happen to use NTLM between the reverse proxy and exchange server ?
If you do I would be very much interested in the impact of the above
mentioned mod_proxy_http flag with the authentication procedure.


On Thu, Oct 17, 2013 at 10:03 PM, Shawn Cannon <sh...@shawncannon.com>wrote:

> Yes it is getting there.  I do not know how long it would take.  my test
> box only has one machine using Windows RT connecting via ActiveSync through
> the reverse proxy.  It is working despite seeing the error.  When I tried
> this in production we had multiple complaints from phone users and I saw
> these errors so I thought something must have changed from 2.2 to 2.4.
>
>
> Shawn Cannon
> IT Professional
> EMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013
>
>
> ------------------------------
> From: yehuda@ymkatz.net
> Date: Thu, 17 Oct 2013 15:57:33 -0400
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Reverse Proxy Questions
>
>
> There is a timeout, but I don't think it has changed in this version:
> http://httpd.apache.org/docs/2.4/mod/mod_proxy.html
> How long do you expect the response to take?
>
> Do you know if the request is getting to the Exchange server?
>
> - Y
>
>
> On Thu, Oct 17, 2013 at 3:48 PM, Shawn Cannon <sh...@shawncannon.com>wrote:
>
> We have been using Apache 2.2.x with reverse proxy modules for our clients
> to access their OWA servers for over a year. I want to get us to Apache
> 2.4.x so I setup a test box with latest 2.4 on it. I fixed the config file
> issues since 2.4 has changes in it. OWA proxy is working on my test server
> with Apache 2.4. But with 2.4 I do have an issue I cannot figure out. Note
> that this does NOT occur with Apache 2.2. I get the following errors when
> using ActiveSync through reverse proxy:
>
> [Thu Oct 17 12:19:11.670665 2013] [proxy_http:error] [pid 748:tid 8440]
> (OS 10060)A connection attempt failed because the connected party did not
> properly respond after a period of time, or established connection failed
> because connected host has failed to respond. : [client x.x.x.x:20311]
> AH01102: error reading status line from remote server
> mail.nameredacted.net:443
>
> [Thu Oct 17 12:19:11.670665 2013] [proxy:error] [pid 748:tid 8440] [client
> x.x.x.x:20311] AH00898: Error reading from remote server returned by
> /Microsoft-Server-ActiveSync
>
> So somehow with Apache 2.4 there is some sort of timeout that was not
> there with 2.2. Any ideas?
>
> Shawn Cannon
> IT Professional
> EMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013
>
>
>

RE: [users@httpd] Reverse Proxy Questions

[Shawn Cannon <sh...@shawncannon.com>]

Yes it is getting there.  I do not know how long it would take.  my test box only has one machine using Windows RT connecting via ActiveSync through the reverse proxy.  It is working despite seeing the error.  When I tried this in production we had multiple complaints from phone users and I saw these errors so I thought something must have changed from 2.2 to 2.4.

Shawn Cannon

IT ProfessionalEMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013


From: yehuda@ymkatz.net
Date: Thu, 17 Oct 2013 15:57:33 -0400
To: users@httpd.apache.org
Subject: Re: [users@httpd] Reverse Proxy Questions

There is a timeout, but I don't think it has changed in this version: http://httpd.apache.org/docs/2.4/mod/mod_proxy.htmlHow long do you expect the response to take?


Do you know if the request is getting to the Exchange server?
- Y

On Thu, Oct 17, 2013 at 3:48 PM, Shawn Cannon <sh...@shawncannon.com> wrote:





We have been using Apache 2.2.x with reverse proxy modules for our clients to access their OWA servers for over a year. I want to get us to Apache 2.4.x so I setup a test box with latest 2.4 on it. I fixed the config file issues since 2.4 has changes in it. OWA proxy is working on my test server with Apache 2.4. But with 2.4 I do have an issue I cannot figure out. Note that this does NOT occur with Apache 2.2. I get the following errors when using ActiveSync through reverse proxy: 

[Thu Oct 17 12:19:11.670665 2013] [proxy_http:error] [pid 748:tid 8440] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : [client x.x.x.x:20311] AH01102: error reading status line from remote server mail.nameredacted.net:443

[Thu Oct 17 12:19:11.670665 2013] [proxy:error] [pid 748:tid 8440] [client x.x.x.x:20311] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync 

So somehow with Apache 2.4 there is some sort of timeout that was not there with 2.2. Any ideas?



Shawn Cannon

IT ProfessionalEMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013
 		 	   		  

 		 	   		  

Re: [users@httpd] Reverse Proxy Questions

[Yehuda Katz <ye...@ymkatz.net>]

There is a timeout, but I don't think it has changed in this version:
http://httpd.apache.org/docs/2.4/mod/mod_proxy.html
How long do you expect the response to take?

Do you know if the request is getting to the Exchange server?

- Y


On Thu, Oct 17, 2013 at 3:48 PM, Shawn Cannon <sh...@shawncannon.com> wrote:

> We have been using Apache 2.2.x with reverse proxy modules for our clients
> to access their OWA servers for over a year. I want to get us to Apache
> 2.4.x so I setup a test box with latest 2.4 on it. I fixed the config file
> issues since 2.4 has changes in it. OWA proxy is working on my test server
> with Apache 2.4. But with 2.4 I do have an issue I cannot figure out. Note
> that this does NOT occur with Apache 2.2. I get the following errors when
> using ActiveSync through reverse proxy:
>
> [Thu Oct 17 12:19:11.670665 2013] [proxy_http:error] [pid 748:tid 8440]
> (OS 10060)A connection attempt failed because the connected party did not
> properly respond after a period of time, or established connection failed
> because connected host has failed to respond. : [client x.x.x.x:20311]
> AH01102: error reading status line from remote server
> mail.nameredacted.net:443
>
> [Thu Oct 17 12:19:11.670665 2013] [proxy:error] [pid 748:tid 8440] [client
> x.x.x.x:20311] AH00898: Error reading from remote server returned by
> /Microsoft-Server-ActiveSync
>
> So somehow with Apache 2.4 there is some sort of timeout that was not
> there with 2.2. Any ideas?
>
> Shawn Cannon
> IT Professional
> EMC Elect 2013 | Dell TechCenter Rockstar 2013 | VMware vExpert 2013
>