CLIENTSSL_DATA broken on 11.3? Autodiscover woes...

 

I am trying to write an iRule to allow an Exchange 2007>2010 migration. We use Lync and it relies on autodiscover.domain.com pointing to a CAS server. I would like to detect the email in the autodiscover request and route it to the appropriate CAS pool ('07 or '10).

 

 

As we have APM, I tried with limited success to build it in there (I figured Why Not? It's already got LDAP/AD) but it became readily apparent the autodiscover calls didn't like the F5's HTTP-based responses.

 

 

So I moved to iRules and wrote a HTTP_REQUEST version which did seem to trigger *sometimes*, but would not work at all when any APM was tied to the config.

 

 

Since this is not really valid HTTP being passed (more like hybrid HTTP/XML/SOAP), I moved on to trying CLIENT_ACCPTED & CLIENT_DATA but that broke the SSL so I moved on to CLIENTSSL_HANDSHAKE & CLIENTSSL_DATA.

 

 

Now I'm seeing the situation where even using the example iRule on the wiki doesn't ever trigger CLIENTSSL_DATA! No matter if I change it to SSL::collect 50 or strip it down just to the log lines.

 

 

Ideas?

 

 

Here is the iRule:

 

 

when CLIENTSSL_HANDSHAKE {

 

SSL::collect

 

log local0. "Got SSL collect iRule! getting data..."

 

}

 

 

when CLIENTSSL_DATA {

 

log local0. "Got SSL client DATA iRule!"

 

if { [SSL::payload] contains "a:Mailbox"} {

 

log local0. "found SSL a:Mailbox!"

 

set email [findstr [SSL::payload] "" 11 ""]

 

log local0. $email

 

SSL::release

 

}

 

}

 

 

 

Results in only:

 

 

Apr 24 16:05:34 lb1 info tmm[14000]: Rule /Common/Autodiscover-2007-2010_tcp : Got SSL collect iRule! getting data...

 

 

TIA!