ActiveSync don't work correctly for iphone mobile device
Hi, we have deployed last year an iapp exchange2010 that works well for all : owa, rpc, outlook anywhre, autodiscover and ActiveSync. now we have experiencing an issue with mobile device like iphone that is disconnected from ActiveSync somethimes without reason. (i see also that load balacing just for ActiveSync not works fine : 2 servers from 4 that don't receive match traffic like the other) thank you for your help. F5 version 11.4.1 HF9 see bellow the configuration : ltm pool /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_as_pool { app-service /Common/EXchange_CAS.app/EXchange_CAS load-balancing-mode least-connections-member members { /Common/172.21.151.32:443 { address 172.21.151.32 } /Common/172.21.151.33:443 { address 172.21.151.33 app-service /Common/EXchange_CAS.app/EXchange_CAS } /Common/172.21.151.34:443 { address 172.21.151.34 } /Common/172.21.151.35:443 { address 172.21.151.35 } } monitor /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_https_monitor } ltm rule /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_persist_iRule { app-service /Common/EXchange_CAS.app/EXchange_CAS when HTTP_REQUEST { switch -glob [HTTP::path] { "/Microsoft-Server-ActiveSync*" { Direct all ActiveSync clients to a common pool; use HTTP cookie persistence persist cookie pool EXchange_CAS_combined_vs_as_pool } "/rpc/rpcproxy.dll" { Grab all requests for Outlook Anywhere; the following checks assign correct persistence methods. switch -glob [HTTP::header "User-Agent"] { "MSRPC" { This User-Agent section matches most versions of Outlook and Windows using Outlook Anywhere. The OutlookSession cookie is new to Outlook 2010. if { [HTTP::cookie exists "OutlookSession"] } { persist uie [HTTP::cookie "OutlookSession"] 3600 } else { persist uie [HTTP::header "Authorization"] 3600 } } "*Microsoft Office*" { This section matches some versions of Outlook 2007 on Windows XP persist uie [HTTP::header "Authorization"] 3600 } default { This section catches all other requests for Outlook Anywhere, and sets a persistence method that does not require the client to support HTTP cookies persist source_addr } } Finally, this assigns the Outlook Anywhere pool and turns off full HTTP parsing and compression. If the preceding clients should be sent to separate pools, the pool statement should be removed here, and a separate pool statement placed in each of the preceding logic branches. Other modules (APM, ASM, etc.) should be disabled here as well, if active for other traffic though this virtual server. pool EXchange_CAS_combined_vs_oa_pool CACHE::disable HTTP::disable COMPRESS::disable } "/xml/autodiscover.aspx" { Requests for Autodiscovery information. The selected pool might be unique, or might be the same as e.g. your pool for OWA or ActiveSync. In this example, we use the same pool that receives ActiveSync traffic. persist cookie pool EXchange_CAS_combined_vs_ad_pool } default { This final section takes all traffic that has not otherwise been accounted for and sends it to the pool for Outlook Web App persist cookie pool EXchange_CAS_combined_vs_owa_pool } } } } ltm virtual /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_https_virtual { app-service /Common/EXchange_CAS.app/EXchange_CAS destination /Common/172.21.150.100:443 fallback-persistence /Common/EXchange_CAS.app/EXchange_CAS_source_address_persistence_profile ip-protocol tcp mask 255.255.255.255 persist { /Common/EXchange_CAS.app/EXchange_CAS_cookie_persistence_profile { default yes } } profiles { /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_caching_profile { } /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_clientssl { context clientside } /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_http_profile { } /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_oneconnect { } /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_serverssl { context serverside } /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_wan-optimized-compression_profile { } /Common/EXchange_CAS.app/EXchange_CAS_lan-optimized_tcp_profile { context serverside } /Common/EXchange_CAS.app/EXchange_CAS_wan-optimized_tcp_profile { context clientside } /Common/ntlm { } } rules { /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_owa_append_iRule /Common/EXchange_CAS.app/EXchange_CAS_combined_vs_persist_iRule /Common/Exchange_hsts_ltm } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled }
Outlook Mobile App not working through LTM
dears , i have confirmed exchange server 2016 manually in LTM , didn't used the iAPP , everything is working perfectly i mean the webmail and the computer outlook application and only outlook mobile App is not working. we already allowed /Microsoft-Server-ActiveSync in the allowed URL list but still we are not capable of either receiving or sending emails through mobile app. note that ASM is also enabled.Post of the Week: Explaining the KRACK Vulnerability
In this "Post of the Week" video, we discuss the KRACK vulnerability that targets mobile devices and wireless routers. This vulnerability targets the WPA2 security protocol that allows for encryption between a mobile device and a wireless router. As the mobile device negotiates encrypted communication with the router, an attacker can force the mobile device to use very weak encryption (essentially no encryption at all) and thus see all the traffic between the device and the router. We also talk about ways you can help avoid this problem. Enjoy! Related Resources New Threat May Slip Through the KRACK in BYOD Policies (F5 Labs) Scary Candy Week: KRACK and ROCA
