For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Jun 15, 2015

Hi Mike,

 

with LTM logic on the internal-LB I mean all the things mentioned in the Exchange 2013 Deployment Guide when just using LTM (different pools/monitors, OneConnect- and HTTP-profiles, iRule to do the pool separation). Our external-LB should only act as simple reverse proxy (internal VS is the poolmember of the external VS). And here something seems to get broken for the SSO-part. Right now we copied all the LTM logic to the external-LB as well so it points directly to the Exchange-servers (bypassing the internal-LB). This way everything seems to work correctly. That's why I'm asking which setting of our initial setup is braking the SSO.

 

And according to the Logout URI, I traced this with FF "Live HTTP headers" and I think it's the correct one, because the session is correctly delete on the APM. But with a few seconds delay (I assume the 5 seconds default Logout Timeout) and therefore the redirect to the OWA Logon page is NOT catched by the APM. Can this be changed somehow?

 

Thank you!

 

Ciao Stefan :)