Forum Discussion

HCYeoh_133134's avatar
HCYeoh_133134
Icon for Nimbostratus rankNimbostratus
Feb 10, 2014

iApp for Exchange CAS Load balance Method Doesn't Works for OWA Pool

I'm using iApp (f5.microsoft_exchange_2010_2013_cas.v1.2.0) for LTM deployment for Exchange 2010 CAS servers. Everything is working perfectly so far except the OWA pool, it only load balancing (Least Connection method) to the same member. What am I missing out? I hardly can understand the irule that apply to https virtual server as showing below especially owa portion. Does anyone can help me to understand the persistence " persist cookie insert 0" ? Thank you. (p/s: I'm not using APM)

when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync" { Direct all ActiveSync clients to a common pool; use Auth header value if it exists (Basic auth only, which is the default); otherwise we fall back to client IP if { [HTTP::header exists "APM_session"] } { persist uie [HTTP::header "APM_session"] 7200 } elseif { [HTTP::header exists "Authorization"] } { persist uie [HTTP::header "Authorization"] 7200 } else { persist source_addr } pool exchange_2010_as_pool7

    CACHE::disable
    return
}
"/owa*" {
     Outlook Web Access
    if { [HTTP::header exists "APM_session"] } {
        persist uie [HTTP::header "APM_session"] 7200
    } else {
        persist cookie insert 0
    }
    if { [HTTP::header exists "Accept-Encoding"] } {
         HTTP::header remove "Accept-Encoding"      
     }
    pool exchange_2010_owa_pool7
    return
}
"/ecp*" {
     Exchange Control Panel.
    if { [HTTP::header exists "APM_session"] } {
        persist uie [HTTP::header "APM_session"] 7200
    } else {
        persist cookie insert 0
    }
    if { [HTTP::header exists "Accept-Encoding"] } {
         HTTP::header remove "Accept-Encoding"      
     }
    pool exchange_2010_owa_pool7
    return
}
"/ews*" {
     Exchange Web Services.
    if { [HTTP::header exists "APM_session"] } {
        persist uie [HTTP::header "APM_session"] 7200
    } else {
        persist source_addr
    }
    pool exchange_2010_oa_pool7

    CACHE::disable
    return
}
"/oab*" {
     Offline Address Book. Persistence is not required for OAB
    pool exchange_2010_oa_pool7
    persist none
    return
}
"/rpc/rpcproxy.dll" {
    if { [HTTP::header exists "APM_session"] } {
        persist uie [HTTP::header "APM_session"] 7200
    } elseif { [string tolower [HTTP::header "Authorization"]] starts_with "basic" } {
        persist uie [HTTP::header "Authorization"] 7200
    } else {
        persist source_addr
    }
     Outlook Anywhere.
    pool exchange_2010_oa_pool7

    CACHE::disable
    return
}
"/autodiscover*" {
     Autodiscovery. No Persistence.
    pool exchange_2010_ad_pool7
    persist none
    return
}
default {
     This final section takes all traffic that has not otherwise
     been accounted for and sends it to the pool for Outlook Web App
    if { [HTTP::header exists "APM_session"] } {
        persist uie [HTTP::header "APM_session"] 7200
    } else {
        persist source_addr
    }
    pool exchange_2010_owa_pool7
}}

} when HTTP_RESPONSE { if { [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate"} { ONECONNECT::reuse disable ONECONNECT::detach disable NTLM::disable } if {[HTTP::header exists "Transfer-Encoding"]} { HTTP::payload rechunk } }

application delivery
deployment
devops
iApps
iRules
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Mar 19, 2014

    That seems odd. Any request that contains a BIG-IP cookie should bypass the fallback persistence method and be forwarded directly to the pool member address that's hashed in the cookie value.

     

    Is it possible for you to add the fallback persistence back in, and look at the OWA request in something like the IE dev tools or Fiddler? I'd like to know if those clients either don't send a BIG-IP cookie, or if they do send the cookie and BIG-IP is not processing it correctly.

     

  • HCYeoh_133134's avatar
    HCYeoh_133134
    Icon for Nimbostratus rankNimbostratus
    Mar 19, 2014

    Hi Mike,

     

    f5 BIGIP did send cookie to client, just client always get the same cookie's value which after de-crypt always get the same IP address from the same pool member.

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Mar 19, 2014

    It seems like the cookie persistence profile is being triggered, but because all of your clients are coming from a the TMG/ISA IP address, the fallback profile is overriding the load balancing decision.

     

    Is it possible for you to open a ticket with F5 support on this issue, and reply with the case number so I can track it?

     

    thanks

     

  • HCYeoh_133134's avatar
    HCYeoh_133134
    Icon for Nimbostratus rankNimbostratus
    Mar 19, 2014

    Hi Mike,

     

    Actually I've been opened case with f5 support but yet get any finding. This is the case number, C1514053. Besides the OWA load-balancing issue, there are another 2 services having issue which are ActiveSync and Outlook Anywhere. Clients claimed that they having issue when connect to exchange server externally using Outlook client. For ActiveSync, the issue only happens to Apple mobile user where user's email message appears few weird symbols. Thanks.

     

  • HCYeoh_133134's avatar
    HCYeoh_133134
    Icon for Nimbostratus rankNimbostratus
    Mar 24, 2014

    Hi Mike,

     

    Would you be able to help me to resolve the issue that I'm facing using f5 iApp template? Thank you.

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Mar 24, 2014

    I'm monitoring your case and will provide assistance to the F5 support engineers if necessary.

     

    This should prevent confusion and duplication of effort.