HTTP Downloads / Proxy Server / Terminal Server - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Lounge » HTTP Downloads / Proxy Server / Terminal Server

Page 1 of 2

1

Topic Options

#163138 - 2006-06-09 11:29 PM HTTP Downloads / Proxy Server / Terminal Server
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	Okay nothing to do with KiX, but... Recently deployed a proxy server for our Terminal Server users. The Proxy server is Squid. Since it's installation we have extremely slow download speeds >1Kb per sec. If we remove the proxy server, it works fine. But to muddy the waters.... When a desktop uses the proxy the server, the slowdown on downloads is not there. So it is something with either the configuration of IE (yes I know) or with Squid (but the desktop test sort of rules it out). And to throw one more issue out there to confuse the waters even more.... While it is a proxy server, it is building NO cache, it is only used to authenticate the users via Samba so that we can report via WebSense. Any ideas where to look? (Oh and we thought the easy fix was going to be to check the box in IE Advanced options to allow HTTP 1.1 when used with proxy, but that did not help) Thanks all _________________________ Today is the tomorrow you worried about yesterday.
Top

#163139 - 2006-06-10 02:03 AM Re: HTTP Downloads / Proxy Server / Terminal Server
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Does the TS use WPAD to get the settings? Is WPAD served by DNS or DHCP option 252? How is the squid referenced, by IP or DNS name? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#163140 - 2006-06-10 05:57 AM Re: HTTP Downloads / Proxy Server / Terminal Server
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	Currently the Squid DNS name is set via GPO setting of the Proxy Server in the Internet Options Connection panel. _________________________ Today is the tomorrow you worried about yesterday.
Top

#163141 - 2006-06-10 07:53 AM Re: HTTP Downloads / Proxy Server / Terminal Server
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Does the squid have a PTR in DNS? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#163142 - 2006-06-10 08:06 AM Re: HTTP Downloads / Proxy Server / Terminal Server
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	Had to look, but yes the record does exist. _________________________ Today is the tomorrow you worried about yesterday.
Top

#163143 - 2006-06-10 02:20 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	My next step would be to take a network trace of the traffic to see what is going on. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#163144 - 2006-06-10 03:59 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	That is the plan for Monday. Have two different tools that we are going to use. AppVantage and Ethereal. Thanks for the help though. _________________________ Today is the tomorrow you worried about yesterday.
Top

#163145 - 2006-06-10 07:04 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I wonder if "Enable integrated authentication" could be a factor? I don't use squid nor samba, being an M$ AD ISA shop. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#163146 - 2006-06-10 09:03 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	hmm... does the policy of a user work when in TS mode? stupid question, I know, but had to ask. I mean, if not, then it wouldn't know where is da proxy... _________________________ ! download KiXnet
Top

#163147 - 2006-06-10 09:53 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	If it did not find the proxy the DL would not be slow. It would not happen at all. Check the TS for network optimization. make sure there are no unneeded protocols and provider order is correct. IF there are multiple NICs not teamed, make sure they too are ordered correctly. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#163148 - 2006-06-10 10:03 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	Les is correct in that if the Proxy is not found, they can not get to the internet at all. I have verified that the GPO is being applied. When I get back into work I will look at the binding orders and protocols. And there are multiple NICs, however one side is for NLB and the other is primary. The primary is ordered first. What has me confused is that when using Proxy at a desktop it works as expected, and if I take out the proxy at the TS, it works as expected. But as soon as I add Proxy to the TS, it is having the problem. Which in my logic points at the issue being the Proxy, but maybe it has more to do with IE and the way it works in TS mode. _________________________ Today is the tomorrow you worried about yesterday.
Top

#163149 - 2006-06-10 10:13 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	hmm... do you have some sort network layer protection of your servers? or do they even reside in different subnet than your clients? Edited by Jooel (2006-06-10 10:16 PM) _________________________ ! download KiXnet
Top

#163150 - 2006-06-11 01:20 AM Re: HTTP Downloads / Proxy Server / Terminal Server
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	Seperate subnet, firewalls, and IPS. _________________________ Today is the tomorrow you worried about yesterday.
Top

#163151 - 2006-06-11 01:54 AM Re: HTTP Downloads / Proxy Server / Terminal Server
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	so it can even be your sucky firewall. I mean, your firewall can be sucky. specially if it has http scanning enabled. don't go to naming any products, but it's known fact that many of them do slow down huge if the filters are on. _________________________ ! download KiXnet
Top

#163152 - 2006-06-11 03:37 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	I had thought about that, and there are 0 errors from the firewall, and if it was the firewall, it should affect everyone in every possible combination, not just the TS users. I did come up with one alternative idea, does not make sense, but... One of the few differences would be that desktop clients are on seperate subnets than the Squid Server, whereas the TS are on the same subnet. Will wait to see what the packet capture shows. _________________________ Today is the tomorrow you worried about yesterday.
Top

#163153 - 2006-06-11 07:56 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	not everyone in every possible... but you said the squid server is on the same subnet as the server... have you somehow limited the access to it? like in samba you just say something like: allow hosts = 192.168.252.0/24 _________________________ ! download KiXnet
Top

#163154 - 2006-06-11 08:33 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	Quote: like in samba you just say something like: allow hosts = 192.168.252.0/24 It is always a possible, I will have to look, but don't remember anything like that. _________________________ Today is the tomorrow you worried about yesterday.
Top

#163155 - 2006-06-12 09:53 AM Re: HTTP Downloads / Proxy Server / Terminal Server
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	I don't really have any answers for you, but to reassure you a little I'm using Squid & Terminal Server+Citrix MetaFrame & WebSense/Pix with no problems, so I can confirm that you're not doing anything unreasonable with your configuration. The one big difference is that I'm using a bespoke authentication method rather than integrating with AD. You should be able to get metrics from Squid which will tell you how long the authenticator is waiting for responses, however IIRC a "good" response it cached so if the authenticator is causing a problem it should only happen with the first query. One possibility I can think of is IE passthrough authentication. You could try doing a side-by-side compare between the TS and stand-alone environment of the IE feature and security settings to see if there is anything different.
Top

#163156 - 2006-06-12 02:25 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	Quote: You could try doing a side-by-side compare between the TS and stand-alone environment of the IE feature and security settings to see if there is anything different. That is what were doing on Friday afternoon, had not found anything to this point, but there are a ton of settings to go through. What is bespoke authentication? One other question would be on your PIX are you doing filter url except ip.of.TS ? Edited by Gargoyle (2006-06-12 02:27 PM)
Top

#163157 - 2006-06-12 03:47 PM Re: HTTP Downloads / Proxy Server / Terminal Server
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	Quote: What is bespoke authentication? Uhm..like a bespoke tailor and not off-the-peg, i.e. the authentication was written uniquely by us, for us. It is a MySQL database of user names, passwords, time restrictions and so-on. There are a number of PHP scripts to manage the DB and to query it as an authenticator for Squid. Quote: One other question would be on your PIX are you doing filter url except ip.of.TS ? Not too sure what you mean, URL filter is applied to all requests, direct internet access is blocked for everything except the proxy. That's a simplified view as we have a number of divisions with different policies and requirements, but that's the basic structure.
Top

Page 1 of 2

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

1 registered (Allen) and 1198 anonymous users online.

Newest Members

M_Moore, BeeEm, min_seow, Audio, Hoschi
17883 Registered Users

Generated in 0.076 seconds in which 0.026 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking