Forum Discussion
NimbostratusEnterprise Vault with Exchange 2007 LTM+APM
NimbostratusHi Mikes,
After adding this to the SSO iRule. We keep getting this NTLM Popups and every email under archive we click we get the NTLM Popup.
Below is a sample screenshot.
All iRules Assigned
1) MS_Exchange_2007_owa_redirect_irule7
when HTTP_REQUEST { if { ([HTTP::uri] == "/") } { HTTP::redirect https://[HTTP::host]/owa/ } }
- MS_Exchange_2007_login_timeout
when RULE_INIT { set static::cookie_sessionid [format "sessionid=null; path=/; Expires=Thurs, 01-Jan-1970 00:00:00 GMT;"] set static::cookie_cadata [format "cadata=null; path=/; Expires=Thurs, 01-Jan-1970 00:00:00 GMT;"] }
when ACCESS_SESSION_STARTED { if { [string tolower [HTTP::uri]] contains "ua=0" } { ACCESS::session remove } }
when ACCESS_ACL_ALLOWED { set apm_mrhsession [HTTP::cookie value "MRHSession"] if { [table lookup $apm_mrhsession] == "EXCHANGE_LOGOUT" } { ACCESS::session remove table delete $apm_mrhsession } }
when HTTP_REQUEST { set isset 0 if {[string tolower [HTTP::uri]] starts_with "/owa" } { if {[string tolower [HTTP::uri]] contains "logoff" } { ACCESS::session remove HTTP::respond 302 Location "https://[HTTP::host]/vdesk/hangup.php3" "Set-Cookie" $static::cookie_sessionid "Set-Cookie" $static::cookie_cadata } else { if { [string tolower [HTTP::uri]] contains "ua=0" } { set mrhsession [HTTP::cookie value "MRHSession"] set isset 1 } } } } when HTTP_RESPONSE { if { $isset == 1 } { if { $mrhsession != "" && [HTTP::status] == 440 } { table set $apm_mrhsession "EXCHANGE_LOGOUT" return } } }
3) MS_Exchange_2007_apm_combined_pool_irule7 when ACCESS_ACL_ALLOWED { set sessionid [ACCESS::session data get "session.user.sessionid"] switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync" { pool /Common/MS_Exchange_2007.app/MS_Exchange_2007_as_pool7 persist uie $sessionid 7200 COMPRESS::disable CACHE::disable return } "/owa" {
pool /Common/MS_Exchange_2007.app/MS_Exchange_2007_owa_pool7
persist uie $sessionid 7200
return
}
"/ews*" {
pool /Common/MS_Exchange_2007.app/MS_Exchange_2007_oa_pool7
persist uie $sessionid 7200
COMPRESS::disable
CACHE::disable
return
}
"/ecp*" {
pool /Common/MS_Exchange_2007.app/MS_Exchange_2007_owa_pool7
persist uie $sessionid 7200
return
}
"/oab*" {
pool /Common/MS_Exchange_2007.app/MS_Exchange_2007_oa_pool7
persist none
return
}
"/rpc/rpcproxy.dll*" {
pool /Common/MS_Exchange_2007.app/MS_Exchange_2007_oa_pool7
COMPRESS::disable
CACHE::disable
persist uie $sessionid 7200
return
}
"/autodiscover*" {
pool /Common/MS_Exchange_2007.app/MS_Exchange_2007_ad_pool7
persist none
return
}
"/enterprisevault*" {
pool /Common/EV_POOL
return
COMPRESS::disable
CACHE::disable
}
default {
This final section takes all traffic that has not otherwise
been accounted for and sends it to the pool for Outlook Web
App
pool /Common/MS_Exchange_2007.app/MS_Exchange_2007_owa_pool7
persist uie $sessionid 7200
}
}
} when HTTP_RESPONSE { if { [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate"} { ONECONNECT::reuse disable ONECONNECT::detach disable NTLM::disable } if {[HTTP::header exists "Transfer-Encoding"]} { HTTP::payload rechunk } }
- MS_Exchange_2007_select_sso_irule7
when ACCESS_ACL_ALLOWED { set req_uri [string tolower [HTTP::uri]] if { $req_uri contains "/owa/auth" } { WEBSSO::select [set foo /Common/MS_Exchange_2007.app/exch_form_basedv2_sso] } unset req_uri }
5: MRHSession when HTTP_REQUEST { if { ( [HTTP::cookie exists MRHSession] ) and not ( [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] ) } { if { ( [HTTP::uri] ne [ACCESS::session data get session.server.landinguri] ) and not ( [ACCESS::session data get session.server.landinguri] eq "" ) } { HTTP::redirect [ACCESS::session data get session.server.landinguri] }
} }
