Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
CRM 2011 - IFD Performance and VARY Header RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    We have managed to get Forefront TMG, ADFS 2.0, and CRM 2011 configured but we have an interesting issue that is impacting the performance for users off our VPN.  When a user is connected to our private network and TMG is bypassed the local cache is utilized for images, scripts, and pages.  Off the VPN and going through TMG only the images are pulled from the local cache.  We are using SSL both internally and externally. In reviewing the differences between ON and OFF the VPN in Fiddler the only difference is this:

    OFF the VPN 

    Vary: *

    Vary: Accept-Encoding

     

    ON the VpN

    Vary: Accept-Encoding

    The Vary: * is clearly the problem as Internet Explorer (using IE 9) will not cache or use the local cache for a response with that in the header.   This results in the large JS files being sent over and over (sometimes for a single action in the User Interface) and instead of 6KB we see 170KB coming across the wire.

    I have tried setting a web.config httpProtocol to remove the Vary header but this does not appear to do any good as it just gets added back and have not (as of yet) been able to figure out if TMG is actually appending the VARY: * or how to prevent it from doing so.

     

     

    Friday, September 23, 2011 9:03 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Nothing we have tried has worked.  We bypassed TMG from our router and did NAT directly to the CRM server and the VARY: * header disappeared and we are now able to use client side caching.  I'll move this question to the TMG forum.
    • Marked as answer by LCVS Thursday, October 27, 2011 1:17 PM
    Tuesday, September 27, 2011 3:13 PM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    LCVS,

     

    The directive Vary: * is equivalent to Cache-Control: no-cache

    How to Modify the Cache-Control HTTP Header When You Use IIS

    http://support.microsoft.com/default.aspx?scid=kb;en-us;247404

    -----

    From KB http://support.microsoft.com/kb/837737

    To configure how Web objects are cached in ISA Server or in Microsoft Forefront Threat Management Gateway, Medium Business Edition, follow these steps:

    1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.

      Note If you are running Microsoft Forefront Threat Management Gateway, Medium Business Edition, click Start, point to Programs, point to Microsoft Forefront TMG, and then click Forefront TMG Management.
    2. In ISA Server Management, click to expand <var>ISAServerName</var>, click to expandConfiguration, and then click Cache.

      Note In Microsoft Forefront Threat Management Gateway, Medium Business Edition, expand <var>TMGServerName</var>, and then click Web Access Policy
    3. ISA Server 2006 and ISA Server 2004 In the details pane, click the Cache Rules tab, and then click the cache rule that you want to modify.

      Microsoft Forefront Threat Management Gateway, Medium Business Edition In the right pane, click Configure Web Caching on the Tasks tab, click the Cache Rules tab, and then click the cache rule that you want to modify.
    4. ISA Server 2006 and ISA Server 2004 On the Tasks tab, click Create a Cache Rule.

      Microsoft Forefront Threat Management Gateway, Medium Business Edition In the right pane, click Configure Web Caching on the Tasks tab, click the Cache Rules tab, and then click NEW.
    5. On the Welcome to the New Cache Rule Wizardscreen, type a descriptive name in the Cache rule name box, and then click Next.
    6. On the Cache Rule Destination page, click Add.
    7. In the Add Network Entities dialog box, select the network entity that you want, click Add, click Close, and then click Next.
    8. On the Content Retrievalscreen, select one of the following options, and then click Next:
      • To retrieve an object from the cache only if it has not expired, click Only if a valid version of the object exists in cache. If no valid version exists, route the request to the server.
      • To retrieve an object from the cache if it is available, and to retrieve it by using a specified route if it is not available, click If any version of the object exists in cache. If none exists, route the request to the server.
      • To retrieve an object only if it is in the cache, click If any version of the object exists in the cache. If none exists, drop the request (never route the request to the server).
    9. On the Cache Content screen, select one of the following options, and then click Next:
      • If retrieved objects must not be cached, click Never, no content will ever be cached.
      • If objects should be cached only if the source and request headers indicate that the object must be cached, click If source and request headers indicate to cache. Then, you can also select one or more of the following additional options:
        1. The Dynamic content option specifies that ISA Server will cache retrieved objects even if they are marked as not cacheable.
        2. The Content for offline browsing (302, 307 responses) option specifies that ISA Server will serve all the requests from content in the cache. This option requires that even cacheable content with 302 and 307 response codes is stored in the cache.
        3. The Content requiring user authentication for retrieval option specifies that ISA Server will cache content that may require authentication to be accessed.
    10. On the Cache Advanced Configuration page, select any of the following options that you want, and then click Next:
      • The Do not cache objects larger than option specifies the maximum size of objects that ISA Server will cache.
      • The Cache SSL responses option lets you specify whether SSL objects are maintained in the ISA Server cache.
    11. On the HTTP Caching page, configure whether cached Hypertext Transfer Protocol (HTTP) objects expire according to Time to Live (TTL) settings. To do this, select the options that you want, and then click Next.

      Note For HTTP objects, expiration is configured based on the TTL that is defined in the response header and on the TTL boundaries that are defined in the cache rule. TTL boundaries are calculated as a percentage of the content age. The content age is the time since an object was created or modified. HTTP objects expire according to the TTL defined for HTTP objects in the cache rule.
    12. On the FTP Caching page, select whether to enable caching, and configure the TTL period for objects. To do this, select the options that you want, and then click Next.

      Note By default, the TTL for all File Transfer Protocol (FTP) objects is set to one day.
    13. On the Completing the New Cache Rule Wizard, review your settings. When you have finished reviewing your settings, click Finish.
    14. When the wizard has finished running, set the order of the new rule to be above any other rules that may apply to a similar destination set.
    15. If you want to change your cache rule settings, click Edit Selected Rule in the ISA Server Management details pane.

    Hopw this is helpful,

    Jeff

    Friday, September 23, 2011 9:33 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Nothing we have tried has worked.  We bypassed TMG from our router and did NAT directly to the CRM server and the VARY: * header disappeared and we are now able to use client side caching.  I'll move this question to the TMG forum.
    • Marked as answer by LCVS Thursday, October 27, 2011 1:17 PM
    Tuesday, September 27, 2011 3:13 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Good afternoon!

    Regaring the Publishing I have some updates. Justs posted an summary of findings from today!

    Hopefully we get an fix from Microsoft soon, as this topic is coming up to an bad performance issue with no real workaround.

    http://dynamics-crm2011.blogspot.com/2012/01/tmg-2010-or-isa-or-ans-kind-of-reverse.html

     

    We have taken some networktraces an found out the following!

    It is an BUG in Dynamics CRM 2011. Everytime when the CRM Webserver

    receives an request including an "reverse proxy header" it answers with

    Cache-Control: public
    Vary: *

    to the response header. This“Vary: *” is causing the behavior that some CRM Page elements are not used out of the Internet Explorer Cache.

    We fixed this for one customer with creating a new ISA/TMG rule “Server publishing on Port 443” instead of using an Web publishing rule. But this can´t be the real solution due to security reasons!

    Cheers

    Christian

    Thursday, January 19, 2012 8:48 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    All,

    I fixed this yesterday on a customer site. I posted the fix on another thread.

    The short ansewr is you just need to tell TMG to request compression.

    Its explained in more detail at (not my blog)

    http://blogs.technet.com/b/sooraj-sec/archive/2012/01/25/crm-published-through-isa-tmg-save-and-new-button-on-the-form-does-not-work-properly-need-to-click-twice-on-the-links-in-the-crm-page.aspx

    Steve

    • Proposed as answer by Steve.Drake Wednesday, February 8, 2012 9:25 AM
    Wednesday, February 8, 2012 9:25 AM