22-Apr-2020 04:14
Hello,
I have implemented a custom APM for exchange 2016 using exchange iapp v 1.2. it is working fine but when I deployed a hybrid exchange with office 365 to use Microsoft Teams, calendar is not working. If I disable APM, Calendar is syncing and working fine. the problem is when the traffic goes through APM.
we tried to bypass the APM by adding this rule to the app:
priority 1
when HTTP_REQUEST {
set is_disabled 0
switch -glob [string tolower [HTTP::path]] {
"/ews/mrsproxy.svc" -
"/ews/exchange.asmx/wssecurity" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/Exchange2016.app/Exchange2016_as_pool7
}
"/autodiscover/autodiscover.svc/wssecurity" -
"/autodiscover/autodiscover.svc" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/Exchange2016.app/Exchange2016_as_pool7
}
}
}
when HTTP_REQUEST_RELEASE {
if { [info exists is_disabled] && $is_disabled == 0 } { return }
if { [info exists path] } {
HTTP::path $path
unset is_disabled
unset path
}
}
But still the calendar is not working.
I appreciate any help or if anyone has run into this issue before.
Regards,,,
06-Jun-2020 03:08
Hi Majed, have you find an answer I've exactly the same problem, all the Microsoft part seems to be fine : hybrid configuration, oauth, licensing… But Calendar button doesn't appear for on-premise users...
12-Jun-2020 00:51
I have not found any solution even I opened a ticket with F5 support but they did not provide any resolution.
12-Jun-2020 00:41
Just a guess from my side - try to disable APM for /ews* and /autodiscover* , not only for particular URIs...
When I made such exception, the exchange team wanted it in this way...
12-Jun-2020 00:53
I disabled for all URLs but the same issue. i am thinking of taking exchange out of APM and find another way to apply MFA since the APM doesn't work.
12-Jun-2020 01:04
I've tried on my side to take Exchange out of F5 (only autodiscover and EWS) and it doesn't resolve the problem. I have opened a ticket with Microsoft Support Premier yesterday, i'll tell you if we find...
12-Jun-2020 01:12
thank you. actually I advised by Microsoft to apply Azure MFA through ADFS authentication. I have not applied that yet. I will be waiting your finding with MS support.
01-Jul-2020 07:38
Hi Majed,
Were you able to resolve this issue. I am having the same exact problem. Have Microsoft Premier support ticket open, but have not received much help so far. I was unsure if it is an F5 issue. Was F5 support able to help you?
Thank you
02-Jul-2020 05:45
Thanks.
I opened a support case with F5 as well. Will keep you posted.
30-Oct-2020
07:44
- last edited on
04-Jun-2023
21:12
by
JimmyPackets
modifying this iRule got the calendar working in teams
iRuleName: VSNAME_apm_disable_hybrid_uri_irule7.
priority 1
when HTTP_REQUEST {
set is_disabled 0
switch -glob [string tolower [HTTP::path]] {
"/ews/mrsproxy.svc" -
"/ews/exchange.asmx" -
"/ews/exchange.asmx/wssecurity" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/WEBMAIL2016-547.app/WEBMAIL2016-547_ews_pool7
}
"/autodiscover/autodiscover.svc/wssecurity" -
"/autodiscover/autodiscover.json" -
"/autodiscover/autodiscover.svc" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/WEBMAIL2016-547.app/WEBMAIL2016-547_ad_pool7
}
}
}
when HTTP_REQUEST_RELEASE {
if { [info exists is_disabled] && $is_disabled == 0 } { return }
if { [info exists path] } {
HTTP::path $path
unset is_disabled
unset path
}
}
31-Oct-2020 10:23
Thank you very much. Indeed calendar is working now.
26-Jan-2023 01:12
Hello there,
I also have the same problem but the above irule did not help in resolving.
Got the same irule from an article too but still getting 403 error and i still see some /EWS and autodiscover request coming into APM even when the irule is set to disable APM for the URI.
priority 1
when HTTP_REQUEST {
set is_disabled 0
switch -glob [string tolower [HTTP::path]] {
"/EWS/mrsproxy.svc*" -
"/EWS/mrsproxy.svc" -
"/ews/mrsproxy.svc" -
"/EWS/exchange.asmx*" -
"/EWS/exchange.asmx" -
"/ews/exchange.asmx" -
"/EWS/Services.wsdl" -
"/ews/Services.wsdl" -
"/EWS/exchange.asmx/wssecurity*" -
"/ews/exchange.asmx/wssecurity" -
"/EWS/exchange.asmx/wssecurity" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/hem_exchange_2016_dtag.app/hem_exchange_2016_dtag_ews_pool7
}
"/autodiscover/autodiscover.svc/wssecurity" -
"/autodiscover/autodiscover.xml" -
"/autodiscover/autodiscover.json" -
"/autodiscover/autodiscover.svc" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool /Common/hem_exchange_2016_dtag.app/hem_exchange_2016_dtag_ad_pool7
}
}
}
when HTTP_REQUEST_RELEASE {
if { [info exists is_disabled] && $is_disabled == 0 } { return }
if { [info exists path] } {
HTTP::path $path
unset is_disabled
unset path
}
}
and still see in APM logs