Forum Discussion
nguyenhp1_11995
Nimbostratus
NimbostratusBlackBerry will not connect to LTM version 11.2.1
Hi,
We recently upgraded from version 10.xxxx to version 11.2.1 and now BlackBerries cannot connect to our Exchange Servers. We used the iApps in version 11.2.1 to create Exchange 2010. Has anyone come across this issue? We are not using BES. Anyone info would be appreciated. If you need more info. let me know. Thanks.
8 Replies
- Hi nguyenhp1,
Are you using the iApp template available from downloads.f5.com, or the one that ships with BIG-IP? If it's the latter, you should download the latest version of the template first. It has many bug fixes and improvements. The name of the correct template is f5.microsoft_exchange_2010_cas.2012_06_08.
thanks
Mike 
nguyenhp1_11995Yes I am using that exact template f5.microsoft_exchange_as.2012_06_08.- Did you select Yes to deploying Outlook Anywhere? In this version of the template, deploying Outlook Anywhere also configures the pool needed for EWS traffic.
If you look at the combined persistence iRule created by the iApp, there should be a switch statment that checks for "/ews". There should be a pool assignment there, and it should not be commented out (start with a ""). - nguyenhp1_11995This is my iRule and I did select Outlook Anywhere....can you look this over and tell me if I'm missing something?
iRule to select pool and persistence method when all Exchange Client
Access HTTP-based services are accessed through the same BIG-IP virtual
server. This iRule will use an HTTP header inserted by a BIG-IP Edge
Gateway for persistence (if that header is present); otherwise it will
set persistence according to traditional methods.
when HTTP_REQUEST {
OAB and Autodiscover do not require persistence.
switch -glob -- [string tolower [HTTP::path]] {
"/microsoft-server-activesync" {
Direct all ActiveSync clients to a common pool; use Auth
header value if it exists (Basic auth only, which is the
default); otherwise we fall back to client IP
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} elseif { [HTTP::header exists "Authorization"] } {
persist uie [HTTP::header "Authorization"] 7200
} else {
persist source_addr
}
pool Exchange2010_as_pool
COMPRESS::disable
CACHE::disable
return
}
"/owa*" {
Outlook Web Access
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist cookie insert
}
pool Exchange2010_owa_pool
return
}
"/ecp*" {
Exchange Control Panel.
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist cookie insert
}
pool Exchange2010_owa_pool
return
}
"/ews*" {
Exchange Web Services.
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist source_addr
}
pool Exchange2010_oa_pool
COMPRESS::disable
CACHE::disable
return
}
"/oab*" {
Offline Address Book. Persistence is not required for OAB
pool Exchange2010_oa_pool
return
}
"/rpc/rpcproxy.dll" {
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} elseif { [string tolower [HTTP::header "Authorization"]] starts_with "basic" } {
persist uie [HTTP::header "Authorization"] 7200
} else {
persist source_addr
}
Finally, this assigns the Outlook Anywhere pool.
pool Exchange2010_oa_pool
If the HTTP profile assigned to your virtual server enables Compression
or RAM Cache, you should un-comment either or both of the following lines
to turn off the respective feature(s) for Outlook Anywhere connections.
If you are using Web Accelerator, un-comment both lines.
COMPRESS::disable
CACHE::disable
return
}
"/autodiscover*" {
Requests for Autodiscovery information. No Persistence.
pool Exchange2010_ad_pool
return
}
default {
This final section takes all traffic that has not otherwise
been accounted for and sends it to the pool for Outlook Web App
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist source_addr
}
pool Exchange2010_owa_pool
}
}
}
when HTTP_RESPONSE {
if { [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate"} {
ONECONNECT::reuse disable
ONECONNECT::detach disable
NTLM::disable
}
if {[HTTP::header exists "Transfer-Encoding"]} {
HTTP::payload rechunk
}
} - At a glance, that looks OK. I assume all of your pools are up and healthy. Is anything else broken?
I'd recommend opening a case with F5 support. They can help capture and analyze traffic from both sides of the BIG-IP to see what's happening. - nguyenhp1_11995I been working with F5 support for over a month on this issue and they can't figure it out either. I appreciate your help. I guess more trial and error. Thanks!!
mElhoussini_204Hi,
Any update regarding this issue ?
- JG
Cumulonimbus
My impression is that this issue has been resolved in the latest versions of deployment guide. Not sure if they apply to v11.2.1, though. Better check it out yourself.
