on 10-Mar-2015 13:22
Problem this snippet solves:
Use the Exchange 2010/2013 template to provide additional security, performance, and availability for Exchange Server 2010 and Exchange Server 2013 Client Access Servers. When configured with the iApp template, the BIG-IP system will perform as a reverse proxy for Exchange CAS servers, and can also perform functions such as load balancing, compression, encryption, caching, and pre-authentication. You can now use BIG-IP Advanced Firewall Manager (AFM) for an additional layer of security.
If you are using Exchange 2016, see the Exchange 2016 page
v1.5.1: fully supported
This version of this iApp template is found on downloads.f5.com in the iApp templates package, and contains the features and fixes found in 1.5.0rc1 and rc2. Use the following link to access the associated Exchange 2010/2013 deployment guide, which includes detailed information on finding and downloading the new iApp template. There were no new features added in this maintenance release.
If upgrading to this version of the iApp template from an iApp version prior tov1.2.0, you must carefully review all settings before submitting the template.
For example, if you had configured the original template for SSL bridging, afterupgrading this setting defaults back to SSL offload, and you must change it.
v1.5.0: fully supported
This version of this iApp template is now found on downloads.f5.com in the iApp templates package, and contains the features and fixes found in 1.5.0rc1 and rc2. Use the following link to access the associated Exchange 2010/2013 deployment guide, which includes detailed information on finding and downloading the new iApp template.
F5 Networks has released v1.5.0rc2 of the Exchange template. Version 1.5.0rc2 contains the following changes to version 1.5.0rc1:
F5 Networks has released v1.5.0rc1 of the Exchange template. Version 1.5.0rc1 contains the following changes to version 1.4.0:
F5 Networks has released v1.4.0rc3 of the Exchange template. Version 1.4.0rc3 contains the following changes to version 1.4.0rc2:
F5 Networks has released v1.4.0rc2 of the Exchange template. Version 1.4.0rc2 contains the following changes to version 1.4.0rc1:
F5 Networks has released v1.4.0rc1 of the Exchange template. Introduced in version 1.4.0rc1 are the following features:
How to use this snippet:
If the latest release of this iApp template is on downloads.f5.com, use the link below for instructions on how to download and use the template. If the latest release is a release candidate, you can download it directly and import it onto the BIG-IP system.
Appreciate the iapp very much! But would like to see a little more flexibility so it can be used in more situation.
Separate out the services. Instead of only 2 options, 1 to use the same IP for all services the other using a separate for each service, provide options for each service to IP. There are likely many people that would like to separate out ActiveSync but keep the other Exchange services all on one IP.
For the Outlook forms, again separate it out for each. Allow an option to use the Public/Private form a separate option to use the Light version form.
I realize this is more to maintain for F5, but since you strong recommendation is to use the iApp this will allow more to follow that.
Fred - nicely done here.
Need to pick your brain on this please kind sir!
We use this on our system for 6K mailboxes with 4 Exch2010 nodes in the backend. Strange problem came up the other day and below is the workaround I've found but do need a solution if you can explain what I'm missing please?
Outlook (any version) is randomly prompting a few arbitrary users for Windows credentials.
Reproduction of issue & workaround
Outlook user using Outlook Anywhere is disconnected [for whatever reason, e.g. Hibernate, no network, etc].
Next time they connect, Outlook prompts for credentials; not every time though - happens randomly.
Searching APM logs for the user's AD username shows '...username@domainsuffix...WRONG PASSWORD...'
We know the password is valid because said user can then login on another machine (i.e. not their usual machine) and authenticate just fine through Outlook.
Any other user can log in to Windows on the affected user's usual machine and authenticate just fine through Outlook.
Delete the affected user's Windows profile on their usual machine and then create a new Windows profile on it.
Affected user can now login and authenticate just fine through Outlook.
Sledgehammer I know, but it works.
Why does it work?
What file can I delete to prevent having to delete the whole Windows profile?
What's gone pearshaped with APM that's causing this?
Bit of historical context for you sir...
The last time this happened, we bounced the passive BIG-IP, then switched over to it - all good, and then bounced the active, then switched back - all good. F5 support had no explanation for why that resolved the symptoms.