NimbostratusMAPI-over-HTTP using Exchange-iApp (order of iRules)
Hi all!
I need some guidance. The Exchange-folks at my company decided to enable MAPI-over-HTTP and now asks me to "do whatever is needed" to make it work via the BigIP.
The BigIP is running 12.1.0 and is setup with the Exchange iApp (microsoft_exchange_2010_2013_cas.v1.6.0) and we are running Exchange 2013 sp1. I followed the section, in the iApp Deployment, guide explaining how to enable MAPI-over-HTTP, as it's not included in the iApp template.
So... Configuration of Health Monitor, Pool and iRule went fine. Adding the iRule as a custom iRule in the iApp also went fine BUT no traffic is hitting the mapi serverpool... This is where I need guidance...
It seems like when I add an iRule in "Customize pool settings -> Do you want to add any custom iRules to this combined virtual server?" it just pops in the iRule at the top of the list. Would that be the correct order?
In the GUI the iRule are listed in the following order:
/Exchange/Exchange_Internal_Clients_custom_mapi_irule7 /Exchange/Exchange_Internal_Clients.app/Exchange_Internal_Clients_combined_pool_irule7 /Exchange/Exchange_Internal_Clients.app/Exchange_Internal_Clients_owa_redirect_irule7
I've tested to move Exchange_Internal_Clients_custom_mapi_irule7-iRule to the bottom and when I do, traffic seems to hit the mapi serverpool. Whithout moving the iRule, my guess is that the traffic hits the owa_pool via the default selection in the Exchange_Internal_Clients_combined_pool_irule7-iRule
Is this the correct way to do it? (Shouldn't that be described in the guide then?).
The Exchange_Internal_Clients_custom_mapi_irule7-iRule looks like this:
when HTTP_REQUEST {
switch -glob -- [string tolower [HTTP::path]] {
"/mapi*" {
uncomment the following line to bypass APM for MAPI-over-HTTP in v11.x ONLY
ACCESS::disable
pool /Exchange/Exchange_Internal_Clients_custom_mapi_pool7
COMPRESS::disable
CACHE::disable
return
}
}
}
...and the Exchange_Internal_Clients_combined_pool_irule7-iRule looks like (iApp-generated):
when HTTP_REQUEST {
switch -glob -- [string tolower [HTTP::path]] {
"/microsoft-server-activesync*" {
TCP::idletime 1800
pool /Exchange/Exchange_Internal_Clients.app/Exchange_Internal_Clients_as_pool7
COMPRESS::disable
CACHE::disable
return
}
"/owa*" {
pool /Exchange/Exchange_Internal_Clients.app/Exchange_Internal_Clients_owa_pool7
return
}
"/ecp*" {
Exchange Control Panel.
pool /Exchange/Exchange_Internal_Clients.app/Exchange_Internal_Clients_owa_pool7
return
}
"/ews*" {
Exchange Web Services.
pool /Exchange/Exchange_Internal_Clients.app/Exchange_Internal_Clients_ews_pool7
COMPRESS::disable
CACHE::disable
return
}
"/oab*" {
Offline Address Book.
pool /Exchange/Exchange_Internal_Clients.app/Exchange_Internal_Clients_ews_pool7
persist none
return
}
"/rpc/rpcproxy.dll*" {
Outlook Anywhere.
pool /Exchange/Exchange_Internal_Clients.app/Exchange_Internal_Clients_oa_pool7
COMPRESS::disable
CACHE::disable
return
}
"/autodiscover*" {
Requests for Autodiscovery information.
pool /Exchange/Exchange_Internal_Clients.app/Exchange_Internal_Clients_ad_pool7
persist none
return
}
default {
pool /Exchange/Exchange_Internal_Clients.app/Exchange_Internal_Clients_owa_pool7
}
}
}
when HTTP_RESPONSE {
if { ( [HTTP::header exists "WWW-Authenticate"] &&
[string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate" ) ||
( [HTTP::header exists "Persistent-Auth"] &&
[string tolower [HTTP::header "Persistent-Auth"]] contains "true" ) } {
ONECONNECT::reuse disable
ONECONNECT::detach disable
NTLM::disable
}
if {[HTTP::header exists "Transfer-Encoding"]} {
HTTP::payload rechunk
}
}
