Proxy Error – Reason: Error reading from remote server

Written by James McDonald

August 18, 2014

Using Apache as a Reverse Proxy to connect to an SBS 2011 server which runs Exchange Outlook Web Access and I kept getting “Proxy Error – Reason: Error reading from remote server” this occurred when I first connected to the reverse proxy server as follows:

<SBS 2011 OWA>—<Apache Reverse Proxy>—<Internet>—<client>

and discovered that a couple of environment variables added fixes the problem.

These are the settings:

# add these
SetEnv force-proxy-request-1.0 1 
SetEnv proxy-nokeepalive 1 
SetEnv proxy-initial-not-pooled 1 

This is the full config of the virtual host

<VirtualHost _default_:443>
  ServerName proxy01.example.com:443
  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn
  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  SSLCertificateFile /etc/httpd/ssl/crt/example_com.crt
  SSLCertificateKeyFile /etc/httpd/ssl/myserver.key
  SSLCertificateChainFile /etc/httpd/ssl/crt/example_com.ca-bundle
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
  </Files>
  <Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
  </Directory>
  CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 ProxyPreserveHost On
 ProxyRequests Off
 ProxyVia On
 RewriteEngine On
 Timeout 600
 ProxyTimeout 600
 SetEnv force-proxy-request-1.0 1 
 SetEnv proxy-nokeepalive 1 
 SetEnv proxy-initial-not-pooled 1 
 SSLProxyEngine on
 RequestHeader set front-end-https "on"
 Header unset "WWW-Authenticate: NTLM"
 Header add WWW-Authenticate "Basic realm=NETBIOSDOMAINNAME"
 UseCanonicalName        Off
 RewriteRule ^/$ /owa [R]
        RewriteRule     ^(.*)?/iisadmin/? - [F]
        RewriteRule     ^(.*)?/samples/? - [F]
	# outlook web access 
	# 2010 doesn't work with scripts blocked
        # RewriteRule     ^(.*)?/scripts/? - [F]
        RewriteRule     ^(.*).ida$ - [F]
        RewriteRule     ^(.*).htw$ - [F]
        RewriteRule     ^(.*)./_vti/_. - [F]
        RewriteRule     ^(.*).idq$ - [F]
        RewriteRule     ^(.*).exe$      -       [F]
        RewriteRule     ^(.*)?/winnt/?    -       [F]
        RewriteRule     ^(.*)?/windows/?   -    [F]
        ProxyPass /Microsoft-Server-ActiveSync https://sbs01.local/Microsoft-Server-ActiveSync/
        ProxyPassReverse /Microsoft-Server-ActiveSync https://sbs01.local/Microsoft-Server-ActiveSync/
        ProxyPass /owa https://sbs01.local/owa
        ProxyPassReverse /owa https://sbs01.local/owa
        ProxyPass /OWA https://sbs01.local/OWA
        ProxyPassReverse /OWA https://sbs01.local/OWA
        ProxyPass /ecp https://sbs01.local/ecp
        ProxyPassReverse /ecp https://sbs01.local/ecp
        ProxyPass /Exchange https://sbs01.local/Exchange
        ProxyPassReverse /Exchange https://sbs01.local/Exchange
        ProxyPass /Public https://sbs01.local/Public
        ProxyPassReverse /Public https://sbs01.local/Public
        ProxyPass /ExchWeb https://sbs01.local/ExchWeb
        ProxyPassReverse /ExchWeb https://sbs01.local/ExchWeb
              
</VirtualHost>

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

You May Also Like…

How to Research a CPU Upgrade

How to Research a CPU Upgrade

Upgrade Time! Doing a lot of VMWare Workstation virtualization to create labs for self-study and training. Finding...