Does anyone have a successful setup with BigIP V11.1 and Exchange 2010 (with multiple front end CAS servers)? We have had alot of issues since setting it up. The main issue is authentication prompts that Outlook users get, and when a server is rebooted that a users Outlook is pointed to, instead of failing over to another server nicely they get a nice authentication prompt from within Outlook. I have had a ticket opened with F5 since Mid December and while they have worked hard to help figure this out, the issue is still occurring. There is also an issue of sometimes Outlook clients getting a "server not available" when loading Outlook. The only solution is to reboot the computer and then everything works fine. If a computer is manually pointed (via host file) to an Exchange server directly there are 0 issues, only when they go through the F5 do we get these problems. I was wondering if someone had a similar setup that is working without issue so I could compare some settings and such to see if I can get this working. Thank's Brent

I will be happy when they resolve this issue, since we have been making all types of changes internally trying to rule out F5 as the issue

Brent, Did you configure the BIG-IP for Exchange using the built-in iApp template and the deployment guide? There are several post-config steps that need to be done, but I assume that F5 support walked you through those. Are your users connecting via OutlookAnywhere, or MAPI? thanks Mike

Posted By mikeshimkus on 03/22/2012 08:10 AM Brent, Did you configure the BIG-IP for Exchange using the built-in iApp template and the deployment guide? There are several post-config steps that need to be done, but I assume that F5 support walked you through those. Are your users connecting via OutlookAnywhere, or MAPI? thanks Mike Yes, we used the built in iApp template and the deployment guide. It is configured exactly like it should be according to it. F5 has spent alot of time troubleshooting the issue and have been helpful, i just thought it would be a good idea to throw the question out here as well with the large forum base to see if anyone else is having similar issues. The users all connect using MAPI. It is very intermittent, but it seems most users get the authentication popup a couple times a week, Outlook not being able to connect to the Exchange server is even more random but I have even had it happen to me a few times. Again, none of this happens when the users point directly to the server.

Posted By Creighton on 03/22/2012 08:05 AM I will be happy when they resolve this issue, since we have been making all types of changes internally trying to rule out F5 as the issue So you have had issues as well? Care to elaborate? Any authentication prompts issues or Outlook not being able to communicate to your Exchange servers? I am just trying to see if they are similar to what I am experiencing. Brent

Can you give me your F5 case number so I can have a look?

Exchange 2010 and BigIP v11.1??

23 Replies

brent112_11716
Nimbostratus
Mar 22, 2012
Yeah, the last engineer on the case gave it to me to try, it didnt fix any issues though.

Thanks for looking into it.
mikeshimkus_111
Historic F5 Account
Mar 22, 2012
Brent,

I think I may have replicated the issue in my environment, at least the behavior seems similar. Under the properties of your combined Exchange 2010 https virtual server, can you set the fallback persistence profile to this:

EXCHANGE_2010_SP2_VS_source_address_persistence_profile

The default persistence profile should be cookie.

Let me know if that helps.

Mike
mikeshimkus_111
Historic F5 Account
Mar 22, 2012
To clarify, the default persistence profile should be the cookie profile created by the iApp...
brent112_11716
Nimbostratus
Mar 23, 2012
When i attempt to do that I get this error. ( I am trying this on the test VS i created first as to not affect production)

01070372:3: Persistence mode (Cookie) called out in rule (/Common/EXCHANGE_2010_SP2_VS_TEST.app/EXCHANGE_2010_SP2_VS_TEST_combined_vs_persist_iRule) requires a corresponding persistence profile for virtual server (/Common/EXCHANGE_2010_SP2_VS_TEST.app/EXCHANGE_2010_SP2_VS_TEST_combined_https).
mikeshimkus_111
Historic F5 Account
Mar 23, 2012
For that virtual the default persistence profile should be EXCHANGE_2010_SP2_VS_TEST_cookie_persistence_profile

and the fallback persistence profile should be EXCHANGE_2010_SP2_VS_TEST_source_address_persistence_profile

You shouldn't get that error unless you try to remove the cookie profile from the virtual server altogether.
brent112_11716
Nimbostratus
Mar 23, 2012
ah, sorry. It was too early in the morning when i read your last post. I have set the FAILBACK to source_address_persistence_profile.

What do you expect this to fix, the authentication prompt issues?

Brent
mikeshimkus_111
Historic F5 Account
Mar 23, 2012
What I found in testing is that Exchange wants the EWS connection to go to the same CAS server as the RPC connection. If they connected to different servers, I had authentication problems. The source persistence profile is set to "match across services", which should send all connections from that IP to the same node (even if you're using two different pools, it'll work as long as the pool members are the same in both).

You can see which nodes you're persisting to by logging into the BIG-IP, then typing:

tmsh

ltm

show persistence persist-records all-properties
brent112_11716
Nimbostratus
Mar 23, 2012

This is our production environment (without the setting you told me to make and IP's changed for security) would something like this below in the persistent record cause issues? Where the users is pointed to multiple servers? (172.10.x.156 and 172.10.x.164)

172.5.x.115 1 0 Source Address Affinity EXCHANGE_2010_SP2_VS_rpc EXCHANGE_2010_SP2_VS_rpc_pool 172.10.x.156:135 63 seconds

172.5.x.115 1 0 Source Address Affinity EXCHANGE_2010_SP2_VS_combined_https EXCHANGE_2010_SP2_VS_owa_pool 172.10.x.164:443 27 seconds

172.5.x.115 1 1 Source Address Affinity EXCHANGE_2010_SP2_VS_combined_https EXCHANGE_2010_SP2_VS_owa_pool 172.10.x.164:443 32 seconds
mikeshimkus_111
Historic F5 Account
Mar 23, 2012
Check your inbox, I just PM'd you.
Techgeeeg
Nimbostratus
Apr 27, 2012
Hi Brent,

Are you currently using Analytic profile on ur combined virtual server????? IF yes remove it and then try out the things. I dont have much to prove logically but the insert cookie persistence that is avaliable on F5 LTM I feel have a bug . Where ever it is used it seems to be causing one issue or the other.

Regards

Forum Discussion

Exchange 2010 and BigIP v11.1??

23 Replies

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Re: BigIP Report

BigIP Report Old

Exchange 2016

v11.1: DNS Blackhole with iRules

Google Authenticator Verification iRule (TMOS v11.1+ optimized)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS