Does anyone have a successful setup with BigIP V11.1 and Exchange 2010 (with multiple front end CAS servers)? We have had alot of issues since setting it up. The main issue is authentication prompts that Outlook users get, and when a server is rebooted that a users Outlook is pointed to, instead of failing over to another server nicely they get a nice authentication prompt from within Outlook. I have had a ticket opened with F5 since Mid December and while they have worked hard to help figure this out, the issue is still occurring. There is also an issue of sometimes Outlook clients getting a "server not available" when loading Outlook. The only solution is to reboot the computer and then everything works fine. If a computer is manually pointed (via host file) to an Exchange server directly there are 0 issues, only when they go through the F5 do we get these problems. I was wondering if someone had a similar setup that is working without issue so I could compare some settings and such to see if I can get this working. Thank's Brent

I will be happy when they resolve this issue, since we have been making all types of changes internally trying to rule out F5 as the issue

Brent, Did you configure the BIG-IP for Exchange using the built-in iApp template and the deployment guide? There are several post-config steps that need to be done, but I assume that F5 support walked you through those. Are your users connecting via OutlookAnywhere, or MAPI? thanks Mike

Posted By mikeshimkus on 03/22/2012 08:10 AM Brent, Did you configure the BIG-IP for Exchange using the built-in iApp template and the deployment guide? There are several post-config steps that need to be done, but I assume that F5 support walked you through those. Are your users connecting via OutlookAnywhere, or MAPI? thanks Mike Yes, we used the built in iApp template and the deployment guide. It is configured exactly like it should be according to it. F5 has spent alot of time troubleshooting the issue and have been helpful, i just thought it would be a good idea to throw the question out here as well with the large forum base to see if anyone else is having similar issues. The users all connect using MAPI. It is very intermittent, but it seems most users get the authentication popup a couple times a week, Outlook not being able to connect to the Exchange server is even more random but I have even had it happen to me a few times. Again, none of this happens when the users point directly to the server.

Posted By Creighton on 03/22/2012 08:05 AM I will be happy when they resolve this issue, since we have been making all types of changes internally trying to rule out F5 as the issue So you have had issues as well? Care to elaborate? Any authentication prompts issues or Outlook not being able to communicate to your Exchange servers? I am just trying to see if they are similar to what I am experiencing. Brent

Can you give me your F5 case number so I can have a look?

Exchange 2010 and BigIP v11.1??

23 Replies

Creighton_14452
Nimbostratus
Mar 22, 2012
I will be happy when they resolve this issue, since we have been making all types of changes internally trying to rule out F5 as the issue
mikeshimkus_111
Historic F5 Account
Mar 22, 2012
Brent,

Did you configure the BIG-IP for Exchange using the built-in iApp template and the deployment guide? There are several post-config steps that need to be done, but I assume that F5 support walked you through those.

Are your users connecting via OutlookAnywhere, or MAPI?

thanks

Mike
brent112_11716
Nimbostratus
Mar 22, 2012
Posted By mikeshimkus on 03/22/2012 08:10 AM

Brent,

Did you configure the BIG-IP for Exchange using the built-in iApp template and the deployment guide? There are several post-config steps that need to be done, but I assume that F5 support walked you through those.

Are your users connecting via OutlookAnywhere, or MAPI?

thanks

Mike

Yes, we used the built in iApp template and the deployment guide. It is configured exactly like it should be according to it. F5 has spent alot of time troubleshooting the issue and have been helpful, i just thought it would be a good idea to throw the question out here as well with the large forum base to see if anyone else is having similar issues.

The users all connect using MAPI. It is very intermittent, but it seems most users get the authentication popup a couple times a week, Outlook not being able to connect to the Exchange server is even more random but I have even had it happen to me a few times. Again, none of this happens when the users point directly to the server.
brent112_11716
Nimbostratus
Mar 22, 2012
Posted By Creighton on 03/22/2012 08:05 AM

I will be happy when they resolve this issue, since we have been making all types of changes internally trying to rule out F5 as the issue

So you have had issues as well? Care to elaborate? Any authentication prompts issues or Outlook not being able to communicate to your Exchange servers? I am just trying to see if they are similar to what I am experiencing.

Brent
mikeshimkus_111
Historic F5 Account
Mar 22, 2012
Can you give me your F5 case number so I can have a look?
brent112_11716
Nimbostratus
Mar 22, 2012
C1014424
Josh_41258
Nimbostratus
Mar 22, 2012
Our Exchange 2010 infrastructure is staying on v10 for the time being. It was difficult enough to get working properly there, so I can't imagine attempting to migrate to v11 yet.
mikeshimkus_111
Historic F5 Account
Mar 22, 2012
My colleague and I are having a look at the case notes. About your OneConnect question-manually disabling OneConnect with an iRule was necessary at one point. However, I've been told that as long as you have a correctly configured NTLM profile attached to your combined https virtual server, you *should* not have to do this. I am testing with the same version you are running and this does seem to be true.

That being said, have you tried removing the OneConnect profile altogether from your virtual server, just to eliminate that as a possible cause here?
brent112_11716
Nimbostratus
Mar 22, 2012
Yes, we have removed the oneconnect profiles, tcp profiles, http profiles, everything one by one trying to see what would fix it (nothing worked).

I am running a version of the Exchange 2010 iAPP that has not been released yet, and in the persist irule it contains the code to disable OneConnect, this code was not in previous versions.

when HTTP_RESPONSE {

if { [HTTP::header values WWW-Authenticate] contains "Negotiate" } {

ONECONNECT::detach disable

}

}

So should the above really not be there?

Everything is pretty much an out of the box setup as far as Exchange and the F5 VS goes, nothing fancy at all.

It should be said that we have other applications running on the F5 without issue, so whatever the problem is it definetley seems to be related to the Exchange iAPP.
mikeshimkus_111
Historic F5 Account
Mar 22, 2012
I did not realize you had a copy of the unreleased iApp template from February 7. We have a newer version but, we'd still like to do some testing with it before we distribute.

I just got more info about the NTLM profile. In fact, it only supports the NTLM auth method, not Negotiate, so you do need to keep that statement in your iRule.

I am going to try to reproduce your issue in our environment. I'll post here with any further questions or suggestions (might be tomorrow).

Forum Discussion

Exchange 2010 and BigIP v11.1??

23 Replies

F5 Academy at AppWorld 2026

Kostas Injeyan - October 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform AS3 code for GTM Only.

SSL Offloading and Backend pool https

Behavior of masterkey on rSeries

Azure F5 deployed using marketplace is unable to ping backend server

f5 client certificate forwarding

Related Content

Re: BigIP Report

BigIP Report Old

Exchange 2016

v11.1: DNS Blackhole with iRules

Google Authenticator Verification iRule (TMOS v11.1+ optimized)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS