Forum Discussion
ndaems_145583
Nimbostratus
NimbostratusExchange Hybrid Free/Busy - APM 401 error with original iApp
Hi
We are trying to deploy Exchange iApp in a Hybrid deployement
Everything works well except the Free/Busy feature in O365.
After doing some research we found a workaround by adding 2 URL at in the hybrid_bypassed iRule
"/ews/exchange.asmx" "/autodiscover/autodiscover.xml"
If we don't bypass these 2 URL it's not working and we can see that Kerberos Ticket Failed
exch:Common:2e80dc30: User testo365@mydomain.com from RD0004FFD126D7 is authenticated
exch:Common:2e80dc30: Received User-Agent header: ExchangeServicesClient%2f15.20.1709.009.
exch:Common:2e80dc30: Following rule 'fallback' from item 'SSO Credential Mapping' to ending 'Allow'
exch:Common:2e80dc30: Access policy result: LTM+APM_Mode
exch:Common:2e80dc30: Received client info - Hostname: Type: unknown Version: 0 Platform: unknown CPU: unknown UI Mode: Full Javascript Support: 0 ActiveX Support: 0 Plugin Support: 0
exch:Common:2e80dc30:Kerberos: can't get S4U2Self ticket for user testo365@mydomain.com - Server not found in Kerberos database (-1765328377)
exch:Common:2e80dc30: Kerberos: Failed to get ticket for User: 'testo365@mydomain.com' accessing service: 'HTTP/exchange.MYDOM.ROOT@MYDOM.ROOT'
exch:Common:2e80dc30: failure occurred when processing the work item
exch:Common:2e80dc30: Session deleted due to admin initiated termination.
exch:Common:2e80dc30: Session statistics - bytes in: 3908, bytes out: 817
Few questions:
- Does APM support Alternative UPN as SSO logon ?
- Is there any risk to bypass additional URL
Thank you
Regards
Nicolas
Guillaume_BHello,
I have the same issue with iApp f5.microsoft_exchange_2016.v1.0.2 on hybrid o365/on-prem configuration. From o365, users can't see free/busy information of on-prem mailboxes. Does anyone have a validated solution?
is the workaround " by adding 2 URL at in the hybrid_bypassed iRule "/ews/exchange.asmx" "/autodiscover/autodiscover.xml" " will allow not only o365 but also other users to bypass APM policy ?
Thank you
Guillaume
NathCirrostratus
BUMP!
May I know if you are able to resolve this issue? I am facing a similar issue with the free/busy information on our Exchange deployment.
zanoob1Altostratus
Hello Nicolas,
Where you able to find a solution for this. I tried that same by doing a bypass of APM for the following URI.
But it still fails and i still see authentication request for it coming into APM.
priority 1
when HTTP_REQUEST {
set is_disabled 0
switch -glob [string tolower [HTTP::path]] {
"/EWS/mrsproxy.svc*" -
"/EWS/mrsproxy.svc" -
"/EWS/exchange.asmx*" -
"/EWS/exchange.asmx" -
"/EWS/Services.wsdl" -
"/EWS/exchange.asmx/wssecurity*" -
"/EWS/exchange.asmx/wssecurity" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/hem_exchange_2016_dtag.app/hem_exchange_2016_dtag_ews_pool7
}
"/autodiscover/autodiscover.svc/wssecurity" -
"/autodiscover/autodiscover.xml" -
"/autodiscover/autodiscover.svc" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/hem_exchange_2016_dtag.app/hem_exchange_2016_dtag_ad_pool7
}
}
}
when HTTP_REQUEST_RELEASE {
if { [info exists is_disabled] && $is_disabled == 0 } { return }
if { [info exists path] } {
HTTP::path $path
unset is_disabled
unset path
}
}still getting 401 error and APM logs sometimes show logs for
f5system debug tmm2[21344]: 0149ffff:7: /Common/exchange2016:Common:00000000: HTTP uri: /EWS/mrsproxy.svc%27.
Dont see any article out there with a solution of this. I think the irule is not working or may be not.
Regards,
Zanoob