Forum Discussion
Chris_15705
Nimbostratus
NimbostratusExchange Outlook Anywhere without SSL offloading
Does anyone have info on the propper setup of Load Balancing two CAS server for Outlook Anywhere (rpc/http) without using SSL offloading. All the documentation i can find assumes you are offloading.
Right now i have a basic SSL persistance and Outlook connects and functions but I get frequent (every few minutes) bubbles warning me that my connection has been restored.
I have isolated this to the fact that it is behind the F5. The problem persists even if there is only one member in the pool. The problem goes away if i take the CAS servers out from behind the F5.
Right now i am going straight to the F5 pool (no ISA or other proxy). My assumption that this is an issue with DSPROXY (exchange directory provider to the domain controllers)
Any thoughts, ideas or referals to documentation would be awesome.
Christopher_BooCirrostratus
We're load balancing Exchange 2003 without SSL offload (had the same issues you are seeing with SSL offload enabled). We set it up as a performance layer 4 VS, service port 0 (all ports), tcp protocol, fastL4 protocol profile, address and port traslation are enabled, snat pool is set to automap. I'm not an expert and this may not be the ideal setup, but it has been solid for us for over a year.
jshwank_47400Anyone else have this running with Exchange 2007? My first attempt at setting this up with 2 CAS/HUB servers behind the VIPs was working ok, but I was getting delays with ActiveSync, so had to bypass the F5 until I could troubleshoot further.
Thanks,
Jeremy- jshwank_47400Does anyone know if this is even possible with Exchange 2007?
Thanks 
jreed5_47036We have our F5's terminating SSL, and then re-wrapping SSL to the CAS servers. Intent was to have the packets inspected on the F5 after SSL termination, then re-encrypt afterwards. We had problems with just logging the traffic.
We had slowness for about a year, and troubleshooted the problem with F5 for about as long.
If you have not done so, turn off the Nagles Algorithm option. Google for more details, but the main premise is that it will combine small packets and send one large one. Not bad for web traffic, but RPC bundled traffic is a problem. Once disabled, our problems went away.
You need to also set persistance to be > than what your CAS is set to. Out of the box, public access settings are set to 15min timeouts, and private 24 hours. You should set persistance to be at least 24 hours. Otherwise you will lose your stikiness to a server, and require re-authentication while connected. It may still occur in 24 hours, but at least that's only 1x per day.