Forum Discussion
Exchange 2013 - looking for guidance with owa issues
Hello,
I need some assistance/guidance with deploying Exchange 2013. I have lots of experience deploying 2010 but not 2013. We have two configs in place right now and they require persistence to work (?). The MS documentation and the F5 Deployment guide state that persistence is not needed due to the change in functionality with the CAS servers.
We have a FastL4 config with source_addr persistence and snat. It is working fine as long persistence is enabled.
We have another config created with the iApp. We chose SSL Bridging (no APM), using SNAT pool and answered "Yes" to all the services. This configuration does not work. I do not see any persistence applied anywhere which is expected. We just used the self-signed cert for a quick test. Once we say continue past the certificate warning, the browser fails to load the page. Using a quick tcpdump, I do see the initial requests make it to the pool member but then it breaks immediately. Before I add persistence to the iApp created configuration, I wanted to get a sanity check and education on this topic.
1) Are they are any situations using SSL Bridging that would need persistence? Is anyone else using persistence?
2) Please educate me as needed on my potential misunderstanding of persistence with Exchange 2013 as well as any ideas that would assist me with resolving this issue. I need to understand what is going on.
Thank you,
Thank you,
- mikeshimkus_111Historic F5 Account
Hi Marco, Exchange 2013 CAS are stateless. That means that no persistence, aka session affinity, is required: http://technet.microsoft.com/en-us/library/dd298114(v=exchg.150).aspx
The only situation that may require persistence is the case of Office 365 migration using the MRS Proxy.
Is the connection to the CAS getting past the SSL handshake? Does your FastL4 configuration break if you disable persistence there?
thanks
- marco_octavian_Nimbostratus
Yes, it breaks. This is why I am so puzzled. And thank you for the sanity check.
I will need to have a customer create a case when they get back but I'm hoping to uncover some clues in the meantime.
- mikeshimkus_111Historic F5 Account
The first thing I would check is that all the client access servers are using the same certificate for the IIS services. We've seen problems in the past when the default certs on the CAS are different.
- marco_octavian_Nimbostratus
Yes. All the CAS servers are using the same trusted CA cert.
- HHeredia_36237Nimbostratus
put a cookie persistence and source addr failback and test.
I deployed that few months ago and based all config in the deployment guide. When testing,i noted the session breaking issue.Then added persistence to virtual servers and started working as a charm.
Guide says it's not needed but seems like persistence solves the problem.
In order to know if persistence is the thing, disable all pool members but one and do some test. If you add another one and session breaks, then you have to config persistence on it.
it's only my point of view.
regards, hheredia
- marco_octavian_Nimbostratus
Thank you the feedback. It's good to know someone else has run into this. I would just like to know what is configured differently compared to others that requires persistence.
Yea, I can add persistence back since I already know that solves the problem and I did the normal pool member troubleshooting to verify how one server behaves, etc.
- mikeshimkus_111Historic F5 Account
What do you have set for the internal/external URLs for OWA, and does that name match what's on the certificate?
- marco_octavian_Nimbostratus
Mike,
The URLs (mail.test.com) do match the certificate. L4 with source_addr is the only config that works. This is a migration from 2007 to 2013. The servers are running two roles (CAS & Mailbox/DAG). I used the iApp but disabled strict updates so I could add cookie persistence to the VS. It still didn't work. The results are below. (??)
https://mail.test.com/owa/ https://mail.test.com/owa/prem/x.x.x.x.x/scripts/preboot.jshttps://mail.test.com/owa/prem/x.x.x.x.x/scripts/boot.0.mouse.js https://mail.test.com/owa/prem/x.x.x.x.x/scripts/boot.1.mouse.js https://mail.test.com/owa/userspecificresourceinjector.ashx?ver=x.x.x.x.x&appcacheclient=1&layout=mouse https://mail.test.com/owa/prem/x.x.x.x.x/resources/themes/base/images/0/sprite1.mouse.png https://mail.test.com/owa/prem/x.x.x.x.x/resources/themes/base/images/0/headerbgmain.png https://mail.test.com/owa/prem/x.x.x.x.x/resources/themes/base/images/0/headerbgright.png https://mail.test.com/owa/prem/x.x.x.x.x/resources/themes/base/images/0/carat.png https://mail.test.com/owa/prem/x.x.x.x.x/resources/images/0/folderpane_bg.png https://mail.test.com/owa/sessiondata.ashx?appcache=true https://mail.test.com/owa/prem/x.x.x.x.x/resources/styles/segoeui-regular.eot? https://mail.test.com/owa/prem/x.x.x.x.x/resources/styles/segoeui-semibold.eot? https://mail.test.com/owa/prem/x.x.x.x.x/resources/styles/segoeui-semilight.eot? https://mail.test.com/owa/prem/x.x.x.x.x/resources/styles/office365icons.mouse.eot? https://mail.test.com/owa/plt1.ashx?cId=90785655-c211-653-de57-507893445123fe&msg=UserSpecificError10,resE(etc, etc)-us&acth=base&acdc=0&lhn=mail.test.com&chn=mail.test.com&acs=1
https://mail.test.com/owa/?bO=1
- RyannnnnnnnnAltocumulus
could you post up your config? I have recently implemented exchange 2013 using the iApp and ran across a few issues too.
- marco_octavian_Nimbostratus
I won't be back in front of the boxes for about a week but it's the same config on my lab box. FastL4 with source_addr (that's it) and the iApp config created by using SSL bridging, more than 6,000 addresses and yes to all services. Standard config. Only the L4 cfg is working.
I can answer any questions you might have about the config, though. My OS is 11.4.1 hf3.
Thanks,
- mikeshimkus_111Historic F5 AccountMarco, does this happen with both 2007 and 2013 users?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com