Forum Discussion
Marin
Nimbostratus
NimbostratusOutlook via TMG VPN to F5 balanced CAS
I have question regarding Outlook via TMG VPN to F5 balanced CAS.
I will briefly describe my configuration. We have Ex2010SP1 CAS array, which because of WNLB issues, I switch to F5 (v 11.0) balancing. I’ve used iApp to configure F5 (using manual http://www.f5.com/pdf/deployment-guides/microsoft-exchange2010-iapp-dg.pdf) I’ve published all services on single virtual server (AS, OWA, Autodiscover, RPC). On CAS servers in IIS everything was the same as previous except using manual I moved SSL offloading to F5 (http://social.technet.microsoft.com/wiki/contents/articles/how-to-configure-ssl-offloading-in-exchange-2010.aspx.) .
Now my configuration looks like this, internal/external client for OWA comes to FBA on TMG then TMG forward it to F5, and everything works fine. On TMG, OWA and AS are only published not OutlookAnywhere because we don’t need this, if user want’s use Outlook externally he needs to use VPN over TMG. And now here we have the problem, we have clients that use domain joined laptops to connect internally and now Outlook constantly prompts for password. Prior moving NLB to F5 everything was working fine.
I don’t have any clue where I did go wrong, so any help would be appreciated. If I configured something wrong I presume that Outlook internally also would not work?
Regards,
Marin
Michael_Koyfma1Cirrus
Did you follow all the manual changes that are necessary that are described on page 28(and especially 30) of the guide?
MarinHi Michael,
thanks for replay.
You are right, now I check again pages 28-30, and now I see that I didn't apply part ‘To modify the port 443 virtual server’, cause I downloaded iRule from http://www.f5.com/solution-center/deployment-guides/files/exchange-persist.zip, and I can't apply it cause 070151:3: Rule [/Common/exchange-new-single-persist-irule] error: Unable to find pool (my_Exchange_2010__single_as_pool) referenced at line 35: [pool my_Exchange_2010__single_as_pool].
I don’t know anything about iRules, and obviously in line 35 pool name needed to be change but to what, to name of what pool?
Marin- Michael_Koyfma1Just find the pool statements in the iRule and make sure you put in the names of the proper pools that you created as part of the iApp deployment - that should be it.
- MarinI'm an idiot that doesn't know to read - sorry.
I found the words starting with my_ and change it to appropriate pool names
but it didn't do any help :(