Forum Discussion

BrianInMD_12473's avatar
BrianInMD_12473
Icon for Nimbostratus rankNimbostratus
Oct 22, 2013

Exchange 2010 ActiveSync Problem

Hello, we're running Exchange 2010 in a 3-node DAG (all-in-one mailbox servers), and have noticed some problems - specifically sporadic delays, up to 20-30 minutes, with ActiveSync, only on iOS devices (Android/TouchDown is fine). I've been working with engineers at Microsoft, and they believe our mail system is OK, and are questioning our persistence settings on the F5 - running v10.2.3. They have seen connections from the iOS devices bouncing between the CAS servers when they should be sticking to a single server. When I take a look at the F5 statistics, I'm not seeing any hits at all - ever - on our ActiveSync pool, which makes me think the AS connections are likely hitting a different pool and possibly being impacted by its persistence settings. All other pools have statistics to support usage. When we first configured the default iRule, we had some trouble getting ActiveSync to work, and ended up adding a "/" after microsoft-server-activesync, and that seemed to resolve the issue. Of course now I'm questioning whether that was the right thing to do. I've pasted the persistence, followed by the append iRules below. Any thoughts at all would be appreciated.

Persistence:

when HTTP_REQUEST {

     Offline Address Book and Autodiscover do not require persistence.

    switch -glob -- [string tolower [HTTP::path]] {

        "/microsoft-server-activesync/" {
             ActiveSync.
            if { [HTTP::header exists "APM_session"] } {
                persist uie [HTTP::header "APM_session"] 7200
            } elseif { [HTTP::header exists "Authorization"] } {
                persist uie [HTTP::header "Authorization"] 7200
            } else {
                persist source_addr
            }
            pool Exchange__single_as_pool
            COMPRESS::disable
            return
        }

        "/owa*" {
             Outlook Web Access
            if { [HTTP::header exists "APM_session"] } {
                persist uie [HTTP::header "APM_session"] 7200
            } else {
                persist cookie insert
            }
            pool Exchange__single_owa_pool
            return
        }

        "/ecp*" {
             Exchange Control Panel.
            if { [HTTP::header exists "APM_session"] } {
                persist uie [HTTP::header "APM_session"] 7200
            } else {
                persist cookie insert
            }
            pool Exchange__single_owa_pool
            return
        }

        "/autodiscover*" {
             Autodiscover.
            pool Exchange__single_ad_pool            
            return
        }

        default {
             This final section takes all traffic that has not otherwise
             been accounted for and sends it to the pool for Outlook Web App
            if { [HTTP::header exists "APM_session"] }  {
                persist uie [HTTP::header "APM_session"] 7200
            } else {
                persist source_addr
            }
            pool Exchange__single_owa_pool           
        }

}
}

when HTTP_RESPONSE {
    if { [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate"} {
        ONECONNECT::reuse disable
        ONECONNECT::detach disable
         this command disables NTLM conn pool for connections where OneConnect has been disabled
        NTLM::disable
    }
     this command rechunks encoded responses
    if {[HTTP::header exists "Transfer-Encoding"]} {
        HTTP::payload rechunk
    }      

}



Append:

when HTTP_REQUEST { if {([HTTP::uri] == "/") } { HTTP::uri /owa } }

active sync
application delivery
devops
iRules
microsoft
performance
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Oct 22, 2013

    Hi Brian, we actually have an update in the works to correct this in the iApp template. The deployment guide should be updated later today.

     

    Out of curiosity, are you behind some sort of NATing device, so that the BIG-IP doesn't see the real IP address of the ActiveSync clients?

     

    thanks

     

    Mike

     

  • BrianInMD_12473's avatar
    BrianInMD_12473
    Icon for Nimbostratus rankNimbostratus
    Oct 22, 2013

    Mike, I'm double checking with the network team, but I'm pretty sure the F5 can see the real IP's. They're making it to the Exchange IIS logs via the Advanced Logging Module, so I don't think that would be an issue. What specific issue is being updated by the guide, and do you think the iOS delays could be caused by what I've described?

     

    Thanks for your help!

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Oct 22, 2013

    It sounds like some of your iOS requests are falling through to the default case in the iRule, because of the missing "*". We already had a fix in for that, but hadn't added it to the guide yet.

     

    If some requests are getting universal (uie) persistence, and some source persistence, that could be a problem. Do they OWA and ActiveSync pools contain different servers?

     

  • BrianInMD_12473's avatar
    BrianInMD_12473
    Icon for Nimbostratus rankNimbostratus
    Oct 22, 2013

    Mike, just to be clear, I'll check the new deployment guide, but are you suggesting we change it to "/microsoft-server-activesync*" ?