Forum Discussion

Nimbostratus

Jan 09, 2014

ActiveSync 403 Error with SSL

I have my Exchange 2010 environment sitting behind an F5 LTM. I have setup a virtual server to handle ActiveSync requests. If I DO NOT use SSL everything works just fine. When I turn SSL on I get an HTTP 403 error (below). I have looked at all kinds of settings based on various articles and blog posts but the settings are already correct based on them.

I am using SSL between the F5 and Exchange. I am only disabling SSL between me and the F5. I also get the 403 error if I go to the active sync URL in IE with SSL turned on.

BIG-IP Access Policy Manager (APM)

deployment

microsoft

security

mikeshimkus_111
Jan 09, 2014
We recommend using the f5.microsoft_exchange_2010_2013_cas.v1.2.0 template. It's available from downloads.f5.com.

Just to clarify, you are only using ssl on the server side, not the client side? And it does work when you don't use SSL, through the BIG-IP?

Have you tried the iRule on page 52 of this guide: http://www.f5.com/pdf/deployment-guides/microsoft-exchange-2010-2013-iapp-dg.pdf

That solves a known issue with the MS Connectivity Analyzer. Without seeing traffic captures from the BIG-IP, it's difficult to troubleshoot.

Russell_77729
Nimbostratus
Jan 09, 2014
FWIW, I used the f5.microsoft_exchange_2010_cas.2012_04_06 iApp.
mikeshimkus_111
Historic F5 Account
Jan 09, 2014
We recommend using the f5.microsoft_exchange_2010_2013_cas.v1.2.0 template. It's available from downloads.f5.com.

Just to clarify, you are only using ssl on the server side, not the client side? And it does work when you don't use SSL, through the BIG-IP?

Have you tried the iRule on page 52 of this guide: http://www.f5.com/pdf/deployment-guides/microsoft-exchange-2010-2013-iapp-dg.pdf

That solves a known issue with the MS Connectivity Analyzer. Without seeing traffic captures from the BIG-IP, it's difficult to troubleshoot.
Russell_77729
Nimbostratus
Jan 09, 2014
It does not appear this new iApp works with version 11.1.

I am using server side certs all the time. The certs that I am having trouble with are client side.

I would be happy to provide an info you might need to help get this working.
Russell_77729
Nimbostratus
Jan 09, 2014
Well, I switched up to f5.microsoft_exchange_2010_cas.2012_06_08 and my issue is now resolved.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ActiveSync 403 Error with SSL

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Insufficient permissions BIG-IQ login error

502 Bad Gateway Error

Error: read ECONNRESET error while using Postman for API calls after change to irule

winscp error

HTTP error 503, DNS lookup failed

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS