Forum Discussion

Russell_77729's avatar
Russell_77729
Icon for Nimbostratus rankNimbostratus
Jan 09, 2014

ActiveSync 403 Error with SSL

I have my Exchange 2010 environment sitting behind an F5 LTM. I have setup a virtual server to handle ActiveSync requests. If I DO NOT use SSL everything works just fine. When I turn SSL on I get an HTTP 403 error (below). I have looked at all kinds of settings based on various articles and blog posts but the settings are already correct based on them.

 

 

I am using SSL between the F5 and Exchange. I am only disabling SSL between me and the F5. I also get the 403 error if I go to the active sync URL in IE with SSL turned on.

 

  • We recommend using the f5.microsoft_exchange_2010_2013_cas.v1.2.0 template. It's available from downloads.f5.com.

     

    Just to clarify, you are only using ssl on the server side, not the client side? And it does work when you don't use SSL, through the BIG-IP?

     

    Have you tried the iRule on page 52 of this guide: http://www.f5.com/pdf/deployment-guides/microsoft-exchange-2010-2013-iapp-dg.pdf

     

    That solves a known issue with the MS Connectivity Analyzer. Without seeing traffic captures from the BIG-IP, it's difficult to troubleshoot.

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    We recommend using the f5.microsoft_exchange_2010_2013_cas.v1.2.0 template. It's available from downloads.f5.com.

     

    Just to clarify, you are only using ssl on the server side, not the client side? And it does work when you don't use SSL, through the BIG-IP?

     

    Have you tried the iRule on page 52 of this guide: http://www.f5.com/pdf/deployment-guides/microsoft-exchange-2010-2013-iapp-dg.pdf

     

    That solves a known issue with the MS Connectivity Analyzer. Without seeing traffic captures from the BIG-IP, it's difficult to troubleshoot.

     

  • It does not appear this new iApp works with version 11.1.

     

    I am using server side certs all the time. The certs that I am having trouble with are client side.

     

    I would be happy to provide an info you might need to help get this working.

     

  • Well, I switched up to f5.microsoft_exchange_2010_cas.2012_06_08 and my issue is now resolved.