Nimbostratus
NimbostratusI discovered that if SSL was enabled on the IIS servers, and then we used SSl all the way through, we had no problems. So I devised a solution that used HTTP from the LTM to IIS for 'normal' web browsing, but whenever a 'post' was made, the LTM used SSL at the back-end.
After tweaking the iRule (thanks nmenant) for stickyness between the http and ssl sessions, and enabling a streams profile to change any spurious http:// links into https:// (and applying a rechunk http profile with accept-encoding removed), it all seems to work.
This is the iRule we're using:
when HTTP_REQUEST {
Read from persistence table which pool node the client previously connected to and
set the IP_ADDR variable to the node IP address
set IP_ADDR [session lookup uie [IP::client_addr]]
Look for the 'POST' method - a client is posting data back to the portal
if { [HTTP::method] equals "POST" } {
If the client hasn't yet connected, let the LTM find a suitable node
if {$IP_ADDR == ""} {
Set the LTM pool to the 'SSL' enabled pool
pool SPS_SSL_pool
} else {
If the client has previously connected, force the client back to the same node in the pool
pool SPS_SSL_pool member $IP_ADDR 443
}
}
else {
Not a 'POST'...
Disable the LTM-to-server SSL profile (so LTM talks in the clear to IIS)
SSL::disable serverside
Select the HTTP only pool
If the client hasn't yet connected, let the LTM find a suitable node
if {$IP_ADDR == ""} {
pool SPS_HTTP_pool
} else {
If the client has previously connected, force the client back to the same node in the pool
pool SPS_HTTP_pool member $IP_ADDR 80
}
}
}
when LB_SELECTED {
Record in the persistence table which client is load balanced to which node in a pool
session add uie [IP::client_addr] [LB::server addr] 1200
}This also requires a default pool to be added.
I hope this can help other people with Sharepoint issues.
Richard