Forum Discussion
MVPOutlook application issue
Hello,
we configured a virtual server for the OWA exchange application, and after changing the A record for the OWA URL to be the IP of VS of F5 we faced an issue related to the Outlook app , anyone faced this issue before
8 Replies
yakaiCirrus
Hello,
Can you explain in details what is the issue ?
Amr_Alihello,
we configured VS for the OWA application and after this, we changed the A record for the OWA URL from the node IP to the IP of VS but after this, we faced an issue with the Outlook application as it could not make retrieve the emails and face reachability between the outlook application and exchange server
- Aswin_mk
If you change the DNS record to F5,the traffic is forwarding to correct path? Please check if there is any traffic redirection is needed for working this. We don't face any issues after we set exchange VIPs in LB. I hope you don't have any other security policies enabled for this application (afm,asm)
Hi Amr_Ali ,
If you have AWAF policy deployed on your BIGIP or have AWAF Policy in place between Client --> Servers , you need to disable it for all Exchange services such as ( Active sync , outlook anywhere , EWS .... ) , but you need only to enable the AWAF policy for OWA service.
This is because OWA is a pure Web service and AWAF can totally parse and deal with it.
other than that : BIGIP shouldn't prevent outlook traffic or any of exchange services.
Have a look and let me know :)- Amr_Ali
thanks Mohamed_Ahmed_Kansoh
For the outlook Application, I know it works with protocol POP3 and SMTP, so there is a need to make VS with these ports on LTM ??
Hi Amr_Ali ,
you may need to create imap/POP3 Virtual servers.
I don't know the shape of your current configs, but I would recommend implementing Exchange services using iAPP , then test without adding AWAF policies.
If it worked >>> start to add AWAF policies for OWA service only.
- yakai
Hello
I already faced this issue before.
Outlook anywhere will not work properly because it uses Http over RPC and by default a VS with http profile enabled will drop the outlook anywhere requests due to protocol compliance.
What you will need is to create an LTM policy that disables HTTP and asm for Outlook anywhere urls : /oab / autodiscover /mapi /ews and enable waf for the remaining urls.
Regards
- Amr_Ali
Hello Yakai,
I still configured the waf policy in learning mode and transparent, my issue related to the LTM level as after I check the logs from outlook side I found that it reach the IP of VS on POP3 and SMTP ports so her is that need to create VS with the same IP but with service of POP3 and SMTP
