Forum Discussion
Issue regarding Outlook for android/ios (Oauth) to on-prem exchange behind BIG-IP LTM
Are there any caveats with Outlook for android and IOS when hybrid modern authentication is enabled and only using the LTM module?
The outlook app is unable to add the mailaccount which is on-premise exchange 2016.
About:
- iApp is based on template f5.microsoft_exchange_2016.v1.0.2
- BIG-IP ver 12+ using LTM only
- SSL bridging is utilized
- Authentication method = ADFS
- Outlook app config+architecture : https://docs.microsoft.com/en-us/exchange/clients/outlook-for-ios-and-android/use-hybrid-modern-auth?view=exchserver-2016
It works just fine when Azure's autodetect service communicates directly with an exchange server (no load balancer in front)
It also worked with basic authentication with the load balancer in front.
The only debug hints i got, is from the Test-HMAEAS.ps1 script (https://gallery.technet.microsoft.com/office/Validating-Hybrid-Modern-ad4c2b16)
Output from that script looks like this on the picture (the part with black strikethrough is what i'm missing)
Anyone who can point me in the right direction?
- Yoann_Le_Corvi1Cumulonimbus
Hi
One thought. Have you checked that the certificate you have on LTM is valid publicly ? Issued by a trusted CA, and so on... ?
Yoann
- BadministratorNimbostratus
any other sugestions?
- BadministratorNimbostratus
Hi
I noticed that part in the DG aswell, however there is no option similar to "Would you like to bypass APM for hybrid services?" anywhere.
So I just figured it was because the APM isn't fully licensed or disabled.
- Yoann_Le_Corvi1Cumulonimbus
Hi
I personnally have not yet implemented this architecture, but saw something in the DG (p. 7) that could be applicable to you...
Extract
-----
In a hybrid scenario, the BIG-IP is located between the Exchange Web Services and the Office 365 infrastructure, and F5 provides seamless access to the on-premise Exchange components in a secure fashion without causing failures for the hybrid-related traffic. The iApp template (v1.0.2 and later) now includes the question Would you like to bypass APM for hybrid services? on page 18. Select Yes for hybrid deployments. This will prevent failures in federated requests for Autodiscover and free/busy information, as well as remote moves and migrations between your Exchange organization and Exchange Online.
Yoann
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com