Need some expert advice F5 - 401 access denide - Exchange 2010

We do something similar with a calendar application through 11.4 using EWS services; and it works but because we're SSL bridging so we can apply proper persistence to the different traffic patterns.

RPC traffic behaves differently from EWS web traffic, which behaves differently from ActiveSync so when using the Exchange iApp or even just following a deployment guide, different profiles are applied to ensure the client receives the proper methodology for connectivity. If you're not decrypting the packets, the HLB is only operating at half effectiveness. I can only suspect that either the authentication is not making it all the way back, or we are seeing session resets as the vIP is designed for RPC traffic. You'll need to find out how the BigIP was setup, then probably we'll need to TCP dump the session at the BigIP and also at front end servers. From there, you can use Wireshark and the Exchange cert/key pair to decrypt and inspect the sessions.

One trick is to disable one CAS pool member from the virtual IP so all session traffic goes to one box. This will A) make it easier to capture the tcpdump and B) would show us if it's a session issue bouncing between CAS servers.

If the URL is publicly available, you can also see what testconnectivity.com shows for failure.