Forum Discussion
AltocumulusMicrosoft Teams Calendar is not syncing with exchange calendar through APM
Hello,
I have implemented a custom APM for exchange 2016 using exchange iapp v 1.2. it is working fine but when I deployed a hybrid exchange with office 365 to use Microsoft Teams, calendar is not working. If I disable APM, Calendar is syncing and working fine. the problem is when the traffic goes through APM.
we tried to bypass the APM by adding this rule to the app:
priority 1
when HTTP_REQUEST {
set is_disabled 0
switch -glob [string tolower [HTTP::path]] {
"/ews/mrsproxy.svc" -
"/ews/exchange.asmx/wssecurity" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/Exchange2016.app/Exchange2016_as_pool7
}
"/autodiscover/autodiscover.svc/wssecurity" -
"/autodiscover/autodiscover.svc" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/Exchange2016.app/Exchange2016_as_pool7
}
}
}
when HTTP_REQUEST_RELEASE {
if { [info exists is_disabled] && $is_disabled == 0 } { return }
if { [info exists path] } {
HTTP::path $path
unset is_disabled
unset path
}
}
But still the calendar is not working.
I appreciate any help or if anyone has run into this issue before.
Regards,,,
13 Replies
Boris_RNimbostratus
Hi Majed, have you find an answer I've exactly the same problem, all the Microsoft part seems to be fine : hybrid configuration, oauth, licensing… But Calendar button doesn't appear for on-premise users...
MajedI have not found any solution even I opened a ticket with F5 support but they did not provide any resolution.
KaloyanCirrus
Just a guess from my side - try to disable APM for /ews* and /autodiscover* , not only for particular URIs...
When I made such exception, the exchange team wanted it in this way...
- Majed
I disabled for all URLs but the same issue. i am thinking of taking exchange out of APM and find another way to apply MFA since the APM doesn't work.
- Boris_R
I've tried on my side to take Exchange out of F5 (only autodiscover and EWS) and it doesn't resolve the problem. I have opened a ticket with Microsoft Support Premier yesterday, i'll tell you if we find...
- Majed
thank you. actually I advised by Microsoft to apply Azure MFA through ADFS authentication. I have not applied that yet. I will be waiting your finding with MS support.
JesseGAltostratus
Hi Majed,
Were you able to resolve this issue. I am having the same exact problem. Have Microsoft Premier support ticket open, but have not received much help so far. I was unsure if it is an F5 issue. Was F5 support able to help you?
Thank you
- Majed
I am still working on it with both F5 and Microsoft and has not been solved yet.
- JesseG
Thanks.
I opened a support case with F5 as well. Will keep you posted.
- JesseG
just an update for everyone.
Opened a support case with Microsoft and F5 but there was no progress made in resolving the issue yet
- JesseG
modifying this iRule got the calendar working in teams
iRuleName: VSNAME_apm_disable_hybrid_uri_irule7.
priority 1 when HTTP_REQUEST { set is_disabled 0 switch -glob [string tolower [HTTP::path]] { "/ews/mrsproxy.svc" - "/ews/exchange.asmx" - "/ews/exchange.asmx/wssecurity" { set is_disabled 1 set path [HTTP::path] ACCESS::disable HTTP::path _disable-$path pool /Common/WEBMAIL2016-547.app/WEBMAIL2016-547_ews_pool7 } "/autodiscover/autodiscover.svc/wssecurity" - "/autodiscover/autodiscover.json" - "/autodiscover/autodiscover.svc" { set is_disabled 1 set path [HTTP::path] ACCESS::disable HTTP::path _disable-$path pool /Common/WEBMAIL2016-547.app/WEBMAIL2016-547_ad_pool7 } } } when HTTP_REQUEST_RELEASE { if { [info exists is_disabled] && $is_disabled == 0 } { return } if { [info exists path] } { HTTP::path $path unset is_disabled unset path } }- Majed
Thank you very much. Indeed calendar is working now.
zanoob1Hello there,
I also have the same problem but the above irule did not help in resolving.
Got the same irule from an article too but still getting 403 error and i still see some /EWS and autodiscover request coming into APM even when the irule is set to disable APM for the URI.
priority 1
when HTTP_REQUEST {
set is_disabled 0
switch -glob [string tolower [HTTP::path]] {
"/EWS/mrsproxy.svc*" -
"/EWS/mrsproxy.svc" -
"/ews/mrsproxy.svc" -
"/EWS/exchange.asmx*" -
"/EWS/exchange.asmx" -
"/ews/exchange.asmx" -
"/EWS/Services.wsdl" -
"/ews/Services.wsdl" -
"/EWS/exchange.asmx/wssecurity*" -
"/ews/exchange.asmx/wssecurity" -
"/EWS/exchange.asmx/wssecurity" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/hem_exchange_2016_dtag.app/hem_exchange_2016_dtag_ews_pool7
}
"/autodiscover/autodiscover.svc/wssecurity" -
"/autodiscover/autodiscover.xml" -
"/autodiscover/autodiscover.json" -
"/autodiscover/autodiscover.svc" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/hem_exchange_2016_dtag.app/hem_exchange_2016_dtag_ad_pool7
}
}
}
when HTTP_REQUEST_RELEASE {
if { [info exists is_disabled] && $is_disabled == 0 } { return }
if { [info exists path] } {
HTTP::path $path
unset is_disabled
unset path
}
}and still see in APM logs
