Vincent_Z_17509
Oct 24, 2014Nimbostratus
Solved
Exchange 2010, O365, APM and iRule
Hello,
I'm trying to deploy BIG IP with Exchange 2010 in hybrid mode. It involves that there is only authentication for OWA and ActiveSync and no authentication for the EWS and autodiscover. It seems that the _sys_APM_ExchangeSupport_OA_NtlmAuth iRule could help me but I don't see how to disable authentication for the ews and autodiscover part.
Any idea ?
Vincent
For EWS and Autodiscover, you should be able to add an iRule (or disable strictness on the iApp deployment and edit the existing pool assignment iRule) to disable APM for that traffic. For example:
when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/ews*" { ACCESS::disable } "/autodiscover*" { ACCESS::disable } }
For OWA, you'll need to remove the logon page from the Access Policy and modify the sso_select iRule to choose the NTLM SSO instead of forms:
when ACCESS_ACL_ALLOWED { set req_uri [string tolower [HTTP::uri]] if { $req_uri contains "/owa" } { WEBSSO::select [set foo /Common/exchange_2010.app/exch_ntlm_sso] } unset req_uri }