Forum Discussion

Sundar_Sivasank's avatar
Sundar_Sivasank
Icon for Nimbostratus rankNimbostratus
Oct 27, 2014

Exchange 2013 - clients disconnected intermittently

Hi ALL,

 

We have deployed F5 for load balancing to CAS servers for exchange 2013. We used the iApp recommended by F5. The only difference from the iApp is that , since all the CAS servers cannot be imported with the same server certificate due to security concerns, we have enabled source address persistence because this change. But now we see a lot users getting disconnected intermittently? Can someone let me know if you have experience this behaviour before for exchange 2013?

 

The issue is urgent so a response asap will be helpful.

 

application delivery
LTM
  • NikhilB's avatar
    NikhilB
    Icon for Employee rankEmployee
    Oct 28, 2014

    Are all the separate certs loaded on the Big-Ip? Using SSL bridging or offloading traffic?

     

  • Sundar_Sivasank's avatar
    Sundar_Sivasank
    Icon for Nimbostratus rankNimbostratus
    Oct 28, 2014

    Hi nikhil,

     

    The f5 has a ssl cert similar to the one used by cas servers. Not all the certs are on bigip. We are doing ssl bridging.

     

    • NikhilB's avatar
      NikhilB
      Icon for Employee rankEmployee
      Oct 29, 2014
      1. Can you test with just 1 cert on all cas servers and compare the results? 2. Have you taken off persistence to do a similar test?
  • Sundar_Sivasank's avatar
    Sundar_Sivasank
    Icon for Nimbostratus rankNimbostratus
    Oct 29, 2014

    Hi Nikhil,

     

    1. We cannot have one cert on all servers due to security constraints as our environment dont support private key exportable certs
    2. If i take off persistence from the F5, the client connections wasnt successful during my testing. So i had to include persistency.

    FYI, the deployment is already in production.

     

    • NikhilB's avatar
      NikhilB
      Icon for Employee rankEmployee
      Oct 29, 2014
      Suggest you then take a tcpdump or an ssldump and determine why sessions are getting disconnected and to which CAS servers?
  • Sundar_Sivasank's avatar
    Sundar_Sivasank
    Icon for Nimbostratus rankNimbostratus
    Oct 30, 2014

    Hi Nikhil,

     

    But during all these disconnections, i see that the web access works. Does it indicate there might be lesser chance of issue pertaining with the F5?

     

  • Sundar_Sivasank's avatar
    Sundar_Sivasank
    Icon for Nimbostratus rankNimbostratus
    Oct 30, 2014

    Hi Nikhil,

     

    But during all these disconnections, i see that the web access works. Does it indicate there might be lesser chance of issue pertaining with the F5?

     

  • NikhilB's avatar
    NikhilB
    Icon for Employee rankEmployee
    Oct 30, 2014

    yes & no. traffic is still routed thru the F5 so you will need to determine and process eliminate the cause. You have to look at tcpdumps and ascertains where resets are occuring. If you configure in passthru mode that may also help determine where the disconnets are happening.