F5 webmail exchange 2016 - "Access policy evaluation is already in progress for your current session."
We recently moved over to outlook 2016. Users that are on 2010 connect fine and never have an issue. the new users that have moved over to 2016 mailboxes get the error message above in the title. When they connect, they get the following addons to their URL: ?bO=1 sessiondata.ashxappcacheclient=1&acver=15.1.1591.8&crr=1 I have tried irules from the following devcentral questions and answers with no success: Access policy evaluation is already in progress for your current session How to avoid "Access policy evaluation is already in progress" - (irules from matt, Misty Spillers & Stanislan Piron tested and didn't help) If i have users open a browser in "InPrivate Browsing" or "Incognito" mode, they don't get the error. I have also tried the windows_10_anniversary_fix as well as all the irules on page 76 of the iapp deployment guide for exchange 2016. Deployment guide stuff i tested and doesn't work: when HTTP_REQUEST { if { [HTTP::cookie exists "IsClientAppCacheEnabled"] } { HTTP::cookie "IsClientAppCacheEnabled" False } } and tried this: when HTTP_REQUEST { if { [HTTP::cookie exists "IsClientAppCacheEnabled"] } { HTTP::cookie remove "IsClientAppCacheEnabled" HTTP::cookie insert name "IsClientAppCacheEnabled" value False } } I have a ticket open with F5 but they are saying oh just check the guide. not helpful. Hoping someone from the community can help me. thanks in advance!
Ratio (Session) and Least Sessions
Hello, I wanted to fully understand the Ratio(Session) load balancing method. I was reading the description of load balancing methods here and about the Least Session here. I came across this question in the forums, but the links are old and it doesn't provide a clear answer, I want to know what exactly is considered a session in the Ratio(session), it's mentioned for the Least sessions that it depends on a Persistence profile (least number of entries in the persistence table) to determine the sessions for each pool member, for example HTTP cookie determines the session in this case, is it the same case for Ratio(Session)? What is meant by a session exactly in the Ratio(Session) and is there a real-world example for this case? In this article, it's mentioning that Ratio(Session) is used for protocols that transmit multiple messages over the same connection, is this the same case for HTTP for example using Cookie persistence like Least Sessions? It's not very clear to me how the system will count sessions if it's not based on persistence like the Least Sessions. When I applied this load balancing method to a pool with multiple members, I noticed the requests where going to one member only. Thanks
F5 APM issue new session for new tab
Hello, I've an issue with my F5 APM configuration. When i open a connection to my VS (http://url1.test) the APM ask me to login, I'm authenticated all work fine. But when i open another tab with a different URL (http://url2.test) on the same VS APM ask me to login again, Why? Why F5 APM doesn't keep my session open ? Do I need Irule or LTM Policy or another check on my APM policy? Thank's for your answers!Session Tracking - Blocking Username Requests
Hi, I am currently rolling out the session tracking functionality of ASM. The functionality seems to be working fine in terms of violations now provide the username and Session ID of a logged in user who was responsible for the violation, however when I try to use the 'Block All' action for a username (found by clicking on 'Show Session Tracking Details' next the username of the logged on user within event log) I expect all requests to have been blocked. This does not seem to be the case, instead the user is able to continue prohibited with all of their events still being logged. I've checked under Reporting > 'Session Tracking Status' and the username is listed with an action of Block All, is there something that I am missing with this? Something that I need to configure in order to have this work?
TLS Session resumption (caching) - NO
Hi, My SSL profile keeps giving me this orange warning on SSLLABS: TLS Session resumption (caching) No (IDs assigned but not accepted) I've did my research, and it was known to give this when more SSL profiles are used under on VS - this is not the case with me. I have Cache size set to default 262144 sessions with 7200 seconds timeout (lowering the numbers did not do the trick). My ciphers are: !LOW:!SSLv2:!SSLv3:!MD5:!RC4+SHA:!EXPORT:!DHE:ECDHE+AES:AES+SHA+RSA:@STRENGTH but I don't really believe it's the ciphers fault (though I have read similar problem was with TLS1.2 on windows server, and a rollback to TLS1.1 fixed the issue). Any ideas or experience with this? Or should I now worry (though my client is a bit picky, and anything less than green on SSLLABS is a problem...)
Monitor amount of sessions going through the BigIP
Hi, I'm locking for a way to check how many HTTP sessions (open and new) the BigIP is having. The reason I'm asking is that I need to know that a IPS that is going to be put in front of the BigIP can handle the amount of sessions the BigIP has. I know the amount of connections the BigIP have but not the number of sessions. Regards AndréasMultiple requests hitting SQL database
I have a bit of strange issue and I am hoping to rule out the F5 as a cause.... I have a web based application that links to a SQL database via an F5 for load balancing. The strange activity we are getting is that when using windows 7 and IE11 if a request takes longer than the 5 minutes to return from the database side (5 minutes is the F5 idle timeout time) the time out kicks in and kills the connection and the client receives an error message as expected... however when the same thing happens using windows 10 and IE11 it doesn't die but instead it spawns a new SPID on the database side meaning that every 5 minutes until the data is returned to the front end (via the first database SPID that was created) a new SPID is created on the database. I cant see how the F5 can do this and why it would act differently between OS's other than W7 &IE11 uses http 1.1 and W10 & IE11 can use HTTP2.0 , I personally think it is how the app server interpreters the connection keep alive but I need to rule out the F5... Does anyone have any thoughts?
how to remove another APM session while Logging out from the actual session
Hi I do have an EdgeClient session and want to run another portal access while launching firefox to this portal access session (this generates me two session - I know). So far so good. But I want to close the portal session in case of closing the EdgeClient session. Within the Event "ACCESS_SESSION_CLOSE" how can I remove another used access session id? Any hints kindly appreciated sm
