Forum Discussion

Badministrator's avatar
Badministrator
Icon for Nimbostratus rankNimbostratus
Dec 12, 2019

Issue regarding Outlook for android/ios (Oauth) to on-prem exchange behind BIG-IP LTM

Are there any caveats with Outlook for android and IOS when hybrid modern authentication is enabled and only using the LTM module?

The outlook app is unable to add the mailaccount which is on-premise exchange 2016.

 

About:

 

It works just fine when Azure's autodetect service communicates directly with an exchange server (no load balancer in front)

It also worked with basic authentication with the load balancer in front.

 

The only debug hints i got, is from the Test-HMAEAS.ps1 script (https://gallery.technet.microsoft.com/office/Validating-Hybrid-Modern-ad4c2b16)

Output from that script looks like this on the picture (the part with black strikethrough is what i'm missing)

 

Anyone who can point me in the right direction?

4 Replies

  • Hi

     

    I personnally have not yet implemented this architecture, but saw something in the DG (p. 7) that could be applicable to you...

     

    Extract

    -----

    In a hybrid scenario, the BIG-IP is located between the Exchange Web Services and the Office 365 infrastructure, and F5 provides seamless access to the on-premise Exchange components in a secure fashion without causing failures for the hybrid-related traffic. The iApp template (v1.0.2 and later) now includes the question Would you like to bypass APM for hybrid services? on page 18. Select Yes for hybrid deployments. This will prevent failures in federated requests for Autodiscover and free/busy information, as well as remote moves and migrations between your Exchange organization and Exchange Online.

     

    Yoann

  • Hi

     

    I noticed that part in the DG aswell, however there is no option similar to "Would you like to bypass APM for hybrid services?" anywhere.

    So I just figured it was because the APM isn't fully licensed or disabled.

     

  • Hi

     

    One thought. Have you checked that the certificate you have on LTM is valid publicly ? Issued by a trusted CA, and so on... ?

     

    Yoann