Forum Discussion

Majed's avatar
Majed
Icon for Altocumulus rankAltocumulus
Apr 22, 2020

Microsoft Teams Calendar is not syncing with exchange calendar through APM

Hello,

 

I have implemented a custom APM for exchange 2016 using exchange iapp v 1.2. it is working fine but when I deployed a hybrid exchange with office 365 to use Microsoft Teams, calendar is not working. If I disable APM, Calendar is syncing and working fine. the problem is when the traffic goes through APM.

we tried to bypass the APM by adding this rule to the app:

priority 1

when HTTP_REQUEST {

 set is_disabled 0

 switch -glob [string tolower [HTTP::path]] {

  "/ews/mrsproxy.svc" -

  "/ews/exchange.asmx/wssecurity" {

   set is_disabled 1

   set path [HTTP::path]

   ACCESS::disable

   HTTP::path _disable-$path

   pool /Common/Exchange2016.app/Exchange2016_as_pool7

  }

  "/autodiscover/autodiscover.svc/wssecurity" -

  "/autodiscover/autodiscover.svc" {

   set is_disabled 1

   set path [HTTP::path]

   ACCESS::disable

   HTTP::path _disable-$path

   pool /Common/Exchange2016.app/Exchange2016_as_pool7

  }

 }

}

when HTTP_REQUEST_RELEASE {

 if { [info exists is_disabled] && $is_disabled == 0 } { return }

  if { [info exists path] } {

   HTTP::path $path

   unset is_disabled

   unset path

 }

}

 

But still the calendar is not working.

I appreciate any help or if anyone has run into this issue before.

 

Regards,,,

  • Hi Majed, have you find an answer I've exactly the same problem, all the Microsoft part seems to be fine : hybrid configuration, oauth, licensing… But Calendar button doesn't appear for on-premise users...

    • Majed's avatar
      Majed
      Icon for Altocumulus rankAltocumulus

      I have not found any solution even I opened a ticket with F5 support but they did not provide any resolution.

  • Just a guess from my side - try to disable APM for /ews* and /autodiscover* , not only for particular URIs...

    When I made such exception, the exchange team wanted it in this way...

    • Majed's avatar
      Majed
      Icon for Altocumulus rankAltocumulus

      I disabled for all URLs but the same issue. i am thinking of taking exchange out of APM and find another way to apply MFA since the APM doesn't work.

  • I've tried on my side to take Exchange out of F5 (only autodiscover and EWS) and it doesn't resolve the problem. I have opened a ticket with Microsoft Support Premier yesterday, i'll tell you if we find...

    • Majed's avatar
      Majed
      Icon for Altocumulus rankAltocumulus

      thank you. actually I advised by Microsoft to apply Azure MFA through ADFS authentication. I have not applied that yet. I will be waiting your finding with MS support.

  • Hi Majed,

     

    Were you able to resolve this issue. I am having the same exact problem. Have Microsoft Premier support ticket open, but have not received much help so far. I was unsure if it is an F5 issue. Was F5 support able to help you?

     

    Thank you

  • I am still working on it with both F5 and Microsoft and has not been solved yet.

    • JesseG's avatar
      JesseG
      Icon for Altostratus rankAltostratus

      Thanks.

       

      I opened a support case with F5 as well. Will keep you posted.

  • just an update for everyone.

     

    Opened a support case with Microsoft and F5 but there was no progress made in resolving the issue yet

  • modifying this iRule got the calendar working in teams

    iRuleName: VSNAME_apm_disable_hybrid_uri_irule7.

    priority 1
     
    when HTTP_REQUEST {
     set is_disabled 0
     switch -glob [string tolower [HTTP::path]] {
      "/ews/mrsproxy.svc" -
       "/ews/exchange.asmx" -
       "/ews/exchange.asmx/wssecurity" {
       set is_disabled 1
       set path [HTTP::path]
       ACCESS::disable
       HTTP::path _disable-$path
     
      pool /Common/WEBMAIL2016-547.app/WEBMAIL2016-547_ews_pool7
      }
       "/autodiscover/autodiscover.svc/wssecurity" -
       "/autodiscover/autodiscover.json" -
       "/autodiscover/autodiscover.svc" {
       set is_disabled 1
       set path [HTTP::path]
       ACCESS::disable
       HTTP::path _disable-$path
      pool /Common/WEBMAIL2016-547.app/WEBMAIL2016-547_ad_pool7
       }
      }
     }
     
    when HTTP_REQUEST_RELEASE {
      if { [info exists is_disabled] && $is_disabled == 0 } { return }
      if { [info exists path] } {
       HTTP::path $path
       unset is_disabled
       unset path
      }
     }
    • Majed's avatar
      Majed
      Icon for Altocumulus rankAltocumulus

      Thank you very much. Indeed calendar is working now.

    • zanoob1's avatar
      zanoob1
      Icon for Altostratus rankAltostratus

      Hello there, 

      I also have the same problem but the above irule did not help in resolving.

      Got the same irule from an article too but still getting 403 error and i still see some /EWS and autodiscover request coming into APM even when the irule is set to disable APM for the URI.

      priority 1
      when HTTP_REQUEST {
      set is_disabled 0
      switch -glob [string tolower [HTTP::path]] {
      "/EWS/mrsproxy.svc*" -
      "/EWS/mrsproxy.svc" -
      "/ews/mrsproxy.svc" -
      "/EWS/exchange.asmx*" -
      "/EWS/exchange.asmx" -
      "/ews/exchange.asmx" -
      "/EWS/Services.wsdl" -
      "/ews/Services.wsdl" -
      "/EWS/exchange.asmx/wssecurity*" -
      "/ews/exchange.asmx/wssecurity" -
      "/EWS/exchange.asmx/wssecurity" {
      set is_disabled 1
      set path [HTTP::path]
      ACCESS::disable
      HTTP::path _disable-$path
      pool /Common/hem_exchange_2016_dtag.app/hem_exchange_2016_dtag_ews_pool7
      }
      "/autodiscover/autodiscover.svc/wssecurity" -
      "/autodiscover/autodiscover.xml" -
      "/autodiscover/autodiscover.json" -
      "/autodiscover/autodiscover.svc" {
      set is_disabled 1
      set path [HTTP::path]
      ACCESS::disable
      HTTP::path _disable-$path
      pool /Common/hem_exchange_2016_dtag.app/hem_exchange_2016_dtag_ad_pool7
      }
      }
      }
      when HTTP_REQUEST_RELEASE {
      if { [info exists is_disabled] && $is_disabled == 0 } { return }
      if { [info exists path] } {
      HTTP::path $path
      unset is_disabled
      unset path
      }
      }

      and still see in APM logs