Forum Discussion
Issues with /owa redirect on Exchange 2010
First off, I apologize ahead of time as this is very difficult issue to document in writing...
We are using LTM 11.2 with the newest iApp to handle Exchange 2010 LB and SSL Offload. Everything is working great, except for the usage case where end users do not treat OWA properly.
If you normally enter http://email.domain.com/, our port 80 VS answers and the https redirect iRule kicks in and issues a 302 redirect to https://email.domain.com/. The owa_append iRule then properly appends /owa so the end user gets the OWA logon screen.
This is the issue we are trying to avoid:
User logs on to OWA. They then change the URL of the same tab to another site, say www.google.com. After a few minutes, they decide to enter 'email.domain.com', again in the same tab. The port 80 VS answers and redirects to the port 443 VS. The browser then craps out and only displays weird hyperlinks and red X's. The issue is that the browser is NOT going to /owa.
Using HTTPwatch, I can see that tons of 403's are being thrown, as the root of Default Web Sites is configured to require SSL (the default). While tracing the path of our interesting use case, I see that upon re-entering email.umd.edu, while a 302 to https://email.umd.edu is issues, the remaining status codes show the browsing is using local cache. I think the owa append iRule never has chance to fire.
Does any of this make sense? Can anyone else reproduce this? Is there anything else we can do short of re-educating our 15k+ users?
Thanks!
- mikeshimkus_111Historic F5 AccountHi jlarosa, I have reproduced this in the lab and I'll post back here when we have a fix.
- mikeshimkus_111Historic F5 AccountCan you try modifying the HTTP::uri command from the iRule (iapp_name)_owa_append_iRule from:
- jlarosa_44289
Nimbostratus
Actually, my iRule already was just /owa.
I tried to change it to /owa/ and get the same behavior.
- mikeshimkus_111Historic F5 AccountWhen I changed the URI command in the rule, it fixed the issue for me. I changed the the rule back, and added a log statement to fire whenever "/owa" was appended, and the BIG-IP did report that it was appending the URI. However, the traffic sent to the back end server did not get sent to the /owa/ subdirectory.
- jlarosa_44289
Nimbostratus
I guess I should have a paid attention a little closer. On my DEV unti, I actually had 2 OWA Append iRules and looked at the wrong one. That one wasn't added to my 443 VS. Once I found the proper iRule and changed the URI to /owa (from /owa/), things work as expected!!!
Yet again, DevCentral Rocks!!!
- mikeshimkus_111Historic F5 AccountGood to know that it's working for you now. We'll update the deployment guidance.
- Gavin_Connell-O
Nimbostratus
Just wanted to submit a quick note, I was also experiencing this issue using Big-IP 11.2.1 HF6 plus the Exchange iApp version - microsoft_exchange_2010_cas.2012_06_08
Changing the append iRule as described above by mikeshimkus fixes the issue. Thanks Mike!
HTTP::uri /owa/
to
HTTP::uri /owa
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com