Forum Discussion

meena_60183's avatar
meena_60183
Icon for Nimbostratus rankNimbostratus
Jul 30, 2009

outlook anywhere problem

Hi All,

 

 

I configured the exchange 2007 CAS servers on BigIP running 10.0.0 code based on the deployment guide. I have 1 virtual server configured for all 3 (owa, outlook anywhere and activesync). SSL offload is performed on the BigIP.

 

 

OWA and activesync works fine. However, outlook anywhere prompts for username and password and it says it is trying to connect but times out. There is a firewall between the F5 and the CAS servers. I am not seeing any drops or problems on the firewall and I see all traffic being permitted.

 

 

Just to avoid persistence issues, I disabled all but one server.

 

 

Any ideas on where I can start looking?

 

 

 

Meena

9 Replies

  • Hi Meena,

     

     

    Does the Outlook Anywhere functionality work if you go direct to the exchange server? What authentication type are you using for OA? Do you see any errors on Exchange when the authentication attempt occurs?

     

     

    On a side note, if you're using NTLM auth, you might try adding a new NTLM profile:

     

     

     

    https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnotes_10_0_1_ltm.html

     

     

    NTLM profile for optimized network performance

     

    A new NT LAN Manager (NTLM) profile within BIG-IP Local Traffic Manager optimizes network performance when the system is processing NTLM HTTP traffic. When associated with a virtual server, the NTLM profile allows the local traffic management system to take advantage of server-side connection pooling for NTLM connections. The advantage of NTLM profiles over using a OneConnect™ profile by itself, is that a OneConnect profile alone can potentially allow idle NTLM-authenticated server connections to be reattached to unauthenticated clients.

     

     

     

     

    You might also consider upgrading to 10.0.1 now that it's out.

     

     

    Aaron
  • Aaron,

     

     

    Thank you for your response. The OA functionality works fine if we go directly to the server.

     

     

    We are testing with "basic authentication". Upgraded the code to 10.0.1 but still the same problem.

     

     

    Meena
  • Do you see any errors on Exchange when the authentication attempt occurs? The next step might be to capture a tcpdump on LTM when testing through the virtual server and compare that with a working trace direct to the server. If you need help capturing or analyzing the tcpdump, you can open a case with F5 Support.

     

     

    Aaron
  • Aaron,

     

     

    The tcpdumps on the client side show that the client diretcly attempts to the talk to the exchnage mailbox server using DCERPC protocol. I am not sure if that is the way outlook anywhere works. Why would the client bypass the CAS server and talk to the exchange server directly?

     

     

    Meena

     

     

  • I found the problem and it is the ASM config. When I removed the ASM piece, it started working fine. Not sure why the same http class profile worked for owa and active sync but not for outlook anywhere.

     

    It is set to just logging for now.

     

     

    Meena

     

  • Ah, ASM and RPC over HTTP don't play well together:

     

     

    SOL7869: The BIG-IP ASM does not support connections using Remote Procedure Call over HTTP

     

    https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7869.html

     

     

    You might check with F5 on the status for CR82894 and see if there is a fix for ASM planned.

     

     

    Aaron
  • Thanks Aaron. I remember looking at that solution a while back but I forgot all about it. Thanks again.

     

     

    We ended up creating 2 virtual servers ( 1 for OA and 1 for OWA and actuvesync).

     

     

    Meena
  • Hello I'm having the same problem with outlook anywhere running RPC over HTTP, I got it to work but it doesn't seem correct. If I have no APM sessions and startup Outlook to connect RPC over HTTP it authenticates and creates the session in APM but Oulook just hangs on trying to connect and never successfully connects. In the APM logs I see that it hangs on "Releasing request RPC_IN_DATA /rpc/rpcproxy.dll?" If I close outlook and re-open it again, it prompts me for username and password and then it connects, but it only connects if I have a session already established in APM. If the session doesn't exist in APM it creates one but it hangs on trying to connect. Any ideas?