Forum Discussion

Abdul_Kajee_214's avatar
Abdul_Kajee_214
Icon for Nimbostratus rankNimbostratus
Aug 06, 2015

F5 LTM OWA

Hi Guys,

 

I hope you can assist me. I have an HA pair of F5 LTM that is publishing my OWA (as well as other apps).

 

I have a specific issue with OWA (Webmail) on exchange 2013.

 

When I use IE (any version) on my domain joined system, I get a page cannot be displayed error. A Non domain joined system is not affected.

 

 

If I use Chrome, it works fine.

 

I narrowed it down to a domain GPO. My domain name e.g. domain.com is added to my local intranet zone via GPO. If I remove that entry, OWA works by prompting for credentials. Then I went into the settings by the user authentication section.

 

 

 

If I set it to prompt for credentials, it prompts me and works WITHOUT removing domain.com from the intranet sites, but that has an implication on other applications and I cannot afford to do that.

 

This is my first F5 implementation so any assistance will really be appreciated.

 

Kind Regards

 

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Hi, if you use your hosts file to bypass LTM and point directly at the CAS, do you still have the issue? Since you don't have APM deployed, BIG-IP shouldn't be mucking about with authentication in any way.

     

    Also, which version of BIG-IP are you running? Did you use the Exchange iApp to deploy and if so, which version of the template?

     

  • Hi Mikeshimkus,

     

    So in the scenario above, I am connected via 3G mobile broadband outside of the network. If I use IE and connected whilst inside the network, I do not experience any issues. I am using the host file to direct my traffic to the F5 as my existing production environment is going through a Microsoft UAG and that does not give any issues.

     

    I am running 11.6 and the latest template from the F5 site. The template version is f5.microsoft_exchange_2010_2013_cas.v1.5.0.tmpl and firmware version is BIG-IP 11.6.0 Build 5.0.429 Hotfix HF5.

     

    Thanks

     

  • I believe that I have that covered.

     

    443 to the F5 from the internet on the external interface. 443 from the F5 internal interface (SNAT) to the exchange servers.

     

    When I monitor traffic on the firewalls, All traffic is allowed.

     

  • And is there a way to set the landing page to the OWA one?

     

     

    So I think I will need APM for this to work correctly