Forum Discussion

Dayne_Miller_19's avatar
Dayne_Miller_19
Historic F5 Account
Aug 02, 2013

iApp template version 1.2 for Exchange Server 2010 and 2013 now available

We are pleased to announce that a new, supported iApp template for Microsoft Exchange Server 2010 and 2013 is now available in a bundle (that also contains all older template versions) from https://downloads.f5.com/esd/product.jsp?sw=BIG-IP&pro=big-ip_v11.x.

 

Currently, the link on that page indicates the iApp template bundle is version 1.0.0.8, but if you actually follow the link, you'll see that the available version is 1.0.0.61. Both the Downloads link and the Solution (http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13497.html) will be updated shortly to show the new version.

 

Also for the moment, use the release candidate Deployment Guide at https://devcentral.f5.com/wiki/GetFile.aspx?Page=iApp.Microsoft-Exchange-2010-and-2013-iApp-Template&File=microsoft-exchange-2010-2013-iapp-dg-RC-4.pdf We will promote that Deployment Guide to the main F5 site as soon as possible, and announce on this thread when that is available from the correct location.

 

The remainder of this post contains the README included with the new iApp template. Please read this carefully before upgrading your existing deployments.

 

 

RELEASE NOTES -- iApp template version 1.2 for Microsoft Exchange Server 2010

 

and 2013 Client Access Services

 

 

Deployment Guide

 

 

IMPORTANT -- The previous date-based naming system has been replaced with

 

simple numerical naming to indicate version. Version 1.2.0 is an upgrade to

 

both the 2012_04_06 and 2012_06_08 versions of the iApp template.

 

 

A deployment guide with detailed instructions for using this iApp template and

 

configuring your Exchange Client Access Server environment is located at

 

http://www.f5.com/pdf/deployment-guides/microsoft-exchange-2010-2013-iapp-dg.pdf

 

 

F5 strongly recommends reading the deployment guide in addition to the following

 

instructions.

 

 

Importing and Using the Template

 

 

Extract the template file in a location accessible by the BIG-IP system. From

 

the BIG-IP Configuration utility, on the Main tab, expand 'iApp' and then click

 

'Templates'. Click 'Import' and then click the 'Browse' button to select the

 

template file 'f5.microsoft_exchange_2010_2013_cas.tmpl'. Click 'Upload' to

 

install the template to your BIG-IP system.

 

 

IMPORTANT: F5 does not recommend reconfiguring existing application services

 

that were deployed with the Exchange template that shipped with BIG-IP versions

 

11.0-11.4.x (f5.microsoft.exchange_2010). For best results, use this template

 

to create a new application service that co-exists with previous deployments.

 

During a maintenance window, switch IP addresses between old and new applic-

 

ation services, or change your DNS configuration to use the new IP addresses

 

you configured.

 

 

However, this iApp template may safely be used to upgrade application services

 

that have been created with iApp template versions 2012_04_06 and 2012_06_08 for

 

Microsoft Exchange Server 2010 Client Access Services.

 

 

IMPORTANT: If you are upgrading from a previous deployment created with iApp

 

template versions 2012_04_06 or 2012_06_08, elected to use F5's APM module to

 

secure your Client Access traffic, and are running BIG-IP version 11.2 or later,

 

the IP address you previously entered for your Active Directory server will not

 

be preserved. You will need to enter the IP address(es) and host name infor-

 

mation for your Active Directory servers(s) into the iApp template before your

 

configuration is complete.

 

 

New Features & Configuration Changes

 

 

The iApp template version 1.2 for Microsoft Exchange Server 2010 and 2013

 

Client Access Services contains the following significant changes from the iApp

 

template iApp template version 2012_06_08:

 

 

* The iApp template now fully supports Exchange Server 2013 (RTM, CU1, and CU2).

 

+ The template no longer configures objects for MAPI (RPC Client Access)

 

when Exchange Server 2013 is selected.

 

+ The template does not apply persistence profiles for Exchange 2013

 

services.

 

+ The template now supports accessing the Exchange Admin Center (EAC), and

 

adds the ability to restrict access via group membership when using APM.

 

+ Simple monitors now check 'healthcheck.htm'.

 

+ The ActiveSync monitor has been updated to accommodate a change in

 

Exchange Server 2013 CU2.

 

 

* Users may show or hide inline Help.

 

* The HTML Help content has been removed in favor of inline configuration notes

 

and Deployment Guide instructions.

 

* Users may specify priority groups when using customized pool settings.

 

* Added support for Exchange Web Services (EWS) when not deploying Outlook

 

Anywhere.

 

* Added a new EWS-specific EAV monitor.

 

 

APM-Specific New Features

 

 

* Users may specify a pool of AD servers rather than just one when using APM on

 

BIG-IP version 11.2 or later.

 

* Added monitoring options for the AAA Active Directory pool.

 

* Client-side NTLM support is included for BIG-IP version 11.3 and higher.

 

* Converted APM Forms-based SSO objects to v2 (Forms - Client Initiated).

 

* Added support for F5's new Exchange profile on BIG-IP 11.4 and later, substi-

 

tuting for system iRules.

 

 

Fixes and Miscellaneous Changes

 

 

* User input for monitor timeout is now applied to EAV monitors.

 

* Removed redirect iRule when unencrypted client connection is selected.

 

* Removed "owa/" URI modification field from template since it was unused.

 

* When selecting different IP addresses for each service, the Monitoring section

 

now automatically provides a separate text field for each service FQDN.

 

* Excluded uglobal.js and owa.ev from caching profiles, and removed

 

'Accept-Encoding' header, to prevent client hanging.

 

* APM sessions are now terminated after a user logs out of OWA.

 

* When switching from a specific certificate and key back to a default certif-

 

icate and key, the clientssl profile now accepts the change.

 

* Pools are now configured to 'Reject' as Action on Service Down (changed from

 

'None').

 

* SNAT pool arrays are now uniquely named, so they are not overwritten by sub-

 

sequent iApp instances.

 

* Removed a trailing slash from HTTP::uri command in owa append iRule to force

 

CAS servers to send a redirect to "/owa/"; previously, users navigating back

 

to "/" over HTTP would not get redirected correctly.

 

* Added system ActiveSync APM iRule when a separate ActiveSync virtual server

 

is configured.

 

* Fixed an incorrect combined iRule pool assignment for EWS and OAB traffic in

 

LTM+APM scenarios.

 

* Made corrections to Autodiscover EAV monitor script.

 

* Added IPv6 support to EAV monitor scripts.

 

* Added a fix for a session cookie persistence bug.

 

5 Replies

  • Dayne_Miller_19's avatar
    Dayne_Miller_19
    Historic F5 Account
    The Solution document at http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13497.html?sr=31162302 has been updated to reflect the new version. The Deployment Guide, and the download link and associated text, have also been updated.

     

     

    Please let us know how the new iApp template works for you.
    • uni's avatar
      uni
      Icon for Altostratus rankAltostratus
      I notice the first line of the script is "cli script f5.iapp.1.1.0.cli {". Should this be change to f5.iapp.1.2.0.cli?
    • Fred_Slater_856's avatar
      Fred_Slater_856
      Historic F5 Account
      The cli script is distinct from the template. f5.iapp.1.1.0.cli is a common script used for the Exchange, Sharepoint, Citrix VDI, and VMware View templates. It's current version, v.1.1.0, is correct.
  • MVA's avatar
    MVA
    Icon for Nimbostratus rankNimbostratus
    Dayne, where can I find more information around the fixes "session cookie persistence bug" and "Excluded uglobal.js and owa.ev from caching profiles, and removed 'Accept-Encoding' header, to prevent client hanging.". I'm looking for what symptoms would we see in the client if we are experiencing these issues. Would client hang at startup, midway through the day, what would the client do if we ran across the session cookie persistence bug? thanks
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Hi Mel, symptoms of the session cookie persistence bug would include clients being forced to reauthenticate in the middle of a session, after the (incorrectly configured) cookie expired: http://support.f5.com/kb/en-us/solutions/public/11000/600/sol11679.html The uglobal.js/owa.ev/Accept-Encoding header changes both address the same issue, which is caused by the Exchange server not FINing the connection on requests for files larger than a certain size when using dynamic compression. This would show up as a hanging browser immediately after login. You would not be able to click on anything in the OWA interface, and if you looked at a packet capture, you would see that requests for those files would never complete. thanks Mike