Forum Discussion

dp_119903's avatar
dp_119903
Icon for Cirrostratus rankCirrostratus
Nov 03, 2015

OWA + http profile not working

I need help getting Outlook Web App working. We currently have a test environment with exchange. We have OWA working just fine.

 

  1. The user goes to:https://outlook-test.mycompany.com.
  2. The default html on the www root redirects them to https://outlook-test.mycompany.com/owa.
  3. Then it hits the OWA app (I presume) and gets redirected to:https://outlook-test.mycompany.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook-test.mycompany.com%2fowa%2f.

That all works fine, but here comes the F5 part. I need to start moving things behind the F5, and the exchange environment is not currently behind the F5. For a separate project I need to setup external access to OWA using F5 APM and SAML. What I’m trying to do is get it working in our test environment without breaking the current OWA access.

 

I can get it working, but once I get into the APM aspect it breaks, so I’m taking a few steps back and trying to figure out what is breaking it.

 

Scenario 1 – THIS WORKS Setup a virtual server using the IIS template. Set up SSL passthrough, point the VIP at the two two CAS/HUB servers. This works!

 

  1. The user goes to:https://outlook-test-f5.mycompany.com.
  2. The default html on the www root redirects them to https://outlook-test-f5.mycompany.com/owa.
  3. Then it hits the OWA app (I presume) and gets redirected to:https://outlook-test-f5.mycompany.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook-test-f5.mycompany.com%2fowa%2f.

However, to use an access policy I need to have an HTTP profile. When I add an HTTP profile then everything breaks. After doing a little reading I came to the conclusion that if I had an HTTP profile that I needed to do SSL bridging. So I changed it from SSL pass through to SSL bridging and created an SSL client and SSL server profile.

 

Once I add a client and server SSL profile (as well as an HTTP profile) I hit the F5 and it looks like I’m getting the “root” redirect to /owa, but (see step 2 above) but then I never get the next redirect to /owa/auth/logon.aspx… I know little to nothing about OWA. Not sure why I can get this to work without the HTTP profile doing SSL passthrough, but then break it as soon as I start doing SSL bridging.

 

Thoughts?

 

application delivery
BIG-IP Access Policy Manager (APM)
http profile
LTM
security
ssl bridging
ssl passthrough

2 Replies

Sort By
  • dp_119903's avatar
    dp_119903
    Icon for Cirrostratus rankCirrostratus
    Nov 03, 2015
    and FWIW. When I use HTTPWATCH I see the following: GET301Redirect to /owa/https://outlook-test-f5.mycompany.com/owa GETERROR_INTERNET_CONNECTION_RESEThttps://outlook-test-f5.mycompany.com/owa/
  • Henrik_Gyllkran's avatar
    Henrik_Gyllkran
    Icon for Nimbostratus rankNimbostratus
    Nov 03, 2015

    Since you're already using templates for this config I would suggest the lazy route and use the iApp specifically for exchange, including OWA. Download the latest version with the iApp package on the downloads site. It will take care of most of the APM configuration as well, which will save you a lot of time unless you have earlier experience with APM.