iApp for Exchange CAS Load balance Method Doesn't Works for OWA Pool

Hi HCYeoh,

The OWA section of the iRule looks for an APM session header to persist the connection on (which we create on the APM, so you will not have it) and if it fails, it inserts a BIG-IP cookie into the response. The cookie contains the OWA pool member IP address in encoded format: https://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.html

Subsequent client requests including this cookie will always be persisted to the same Exchange server.

Are all the pool members in your OWA pool active (green)? Which load balancing method are you using on the OWA pool? Can you confirm that multiple clients are gettting the same BIG-IP cookie value from LTM?

thanks

Mike

Hi Mike,

Thanks for the reply. Yes, all the pool members in my OWA pool are active and the pool is using Least Connection(member) as load balancing method. The command 'persist cookie insert 0' indicates that the cookie session will not stay in time out? So, once cookies inserted to client, the client will always persisted to the same server and will not load balance to another server?

Thanks. Yeoh

The "0" indicates that there is no expiration time on the cookie. It's a "session" cookie that should be deleted when the browser is closed. The next time the same client browses to OWA, it should be load balanced again based on which pool member has the least connections.

Hi Mike,

Theoretically, yes, client should be load balanced again to pool member which has the least connection after "session" cookie ended, but currently client still no load balance to other pool member. I have tried with multiple clients with different browser accessed to OWA but still getting the same BIG-IP cookie value from LTM as shown at image below. What else possible cause the load balance didn't works properly. Thanks.

Can you post the tmsh configuration of your combined virtual server here? It's the output of the "list ltm virtual ".

thanks

Hi Mike,

I just figure out the owa has different uri after client login to owa. The uri of owa before login is /cookieauth.dll?Getlogon... but after login it directs to /owa. Is it because the owa's uri variable that defined at irule is different so client always hit the "default" condition below?

default { This final section takes all traffic that has not otherwise been accounted for and sends it to the pool for Outlook Web App if { [HTTP::header exists "APM_session"] } { persist uie [HTTP::header "APM_session"] 7200 } else { persist source_addr } pool exchange_2010_owa_pool7 }} }

How do I modify the irule so that it can works correctly? Appreciate your help. Thanks.

"/owa*" { Outlook Web Access if { [HTTP::header exists "APM_session"] } { persist uie [HTTP::header "APM_session"] 7200 } else { persist cookie insert 0 } if { [HTTP::header exists "Accept-Encoding"] } { HTTP::header remove "Accept-Encoding"

Are you using TMG or ISA in front of your BIG-IP?

Hi Mike,

You are right, there is a TMG in front of BIG-IP. When I issued command "list ltm virtual", it didn't list out the configuration which from the iApp.

Which version of BIG-IP are you running? Are you using TMG for both forward and reverse proxy, or just reverse?

LTM, APM, and AFM can do a reasonable job of replacing TMG nowadays, especially in v11.5. In the long term, I recommend going that way. For now, you should be able to work around the OWA persistence problem by inserting the X-Forwarded-For header in TMG (you'll need to disable this feature in the HTTP profile on BIG-IP), then changing the OWA and default persistence methods in the Exchange iRule to use that header value:

    ...
    "/owa*" {
     Outlook Web Access
    if { [HTTP::header exists "APM_session"] } {
        persist uie [HTTP::header "APM_session"] 7200
    } else {
        persist uie [HTTP::header "X-Forwarded-For"] 7200
    }
    if { [HTTP::header exists "Accept-Encoding"] } {
         HTTP::header remove "Accept-Encoding"      
     }
    pool exchange_2010_owa_pool7
    return
}
...
    default {
     This final section takes all traffic that has not otherwise
     been accounted for and sends it to the pool for Outlook Web App
    if { [HTTP::header exists "APM_session"] } {
        persist uie [HTTP::header "APM_session"] 7200
    } else {
        persist uie [HTTP::header "X-Forwarded-For"] 7200
    }
    pool exchange_2010_owa_pool7
}
...

Hi Mike,

Sorry for the late update the status. The TMG is just act as reverse proxy. I didn't modify the iRule but I have changed the value of Fallback Persistence from "Source Address Affinity" to "None" and the load-balancing is working now. Is it the Fallback Persistence caused the issue? The list ltm virtual for https combined as below.

ltm virtual /Common/exchange_2010.app/exchange_2010_combined_https { app-service /Common/exchange_2010.app/exchange_2010 destination /Common/192.168.x.x:443 ip-protocol tcp mask 255.255.255.255 persist { /Common/exchange_2010.app/exchange_2010_cookie_persistence_profile { default yes } } profiles { /Common/custom_analytics { } /Common/exchange_2010.app/exchange_2010_caching_profile { } /Common/exchange_2010.app/exchange_2010_http_profile { } /Common/exchange_2010.app/exchange_2010_lan-optimized_tcp_profile { } /Common/exchange_2010.app/exchange_2010_oneconnect { } /Common/exchange_2012_clientssl { context clientside } /Common/exchange_2012_serverssl { context serverside } /Common/ntlm { } } rules { /Common/exchange_2010.app/exchange_2010_owa_redirect_irule7 /Common/exchange_2010.app/exchange_2010_snatpool_irule7 /Common/exchange_2010.app/exchange_2010_combined_persist_irule7 } source 0.0.0.0/0 source-address-translation { pool /Common/exchange_2010.app/exchange_2010_snatpool type snat } translate-address enabled translate-port enabled }