Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Outlook Anywhere and ActiveSync monitors showing down

Hello,

We're configuring our LTM to load balance our Exchange 2010 environment. Everything on the template is working so far, except the pools for Outlook Anywhere and ActiveSync are showing as down. I can access the virtual directories just fine in a browser. I've followed the deployment guide precisely and even blown out and re-did the steps. I've verified the username/password are working. Not sure where to go from here! I could use just a basic HTTP GET / monitor, but I'd really like to monitor those virtual directories specifically.

Using version 10.2.2

Thanks in advance!
-Alex
1
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi Alex,
You should be able to turn on debugging for the monitors to see what's going wrong. This page has more info on that:
http://devcentral.f5.com/wiki/AdvDesignConfig.TroubleshootingLtmMonitors.ashx
Also, have you examined the IIS logs on the CAS server? They may give some indication of the problem.
thanks
Mike
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Mike,

Thanks for the quick reply. IIS logs are showing a 401 on the EAS and OA requests. Working on getting debug going on the LTM. I'll keep you posted!

Also, what the preferred method of providing the username here? I've tried domain\username, username@domain, and just username. None of which seem to be working. However, I can login to OWA with these credentials.

Thanks,
Alex
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
So here's something was a little weird from the TCP dump.. Getting a "bad request - invalid verb" error:


0x01c0:  4459 3e3c 6832 3e42 6164 2052 6571 7565  DY><h2>Bad.Reque
        0x01d0:  7374 202d 2049 6e76 616c 6964 2056 6572  st.-.Invalid.Ver
        0x01e0:  623c 2f68 323e 0d0a 3c68 723e 3c70 3e48  b</h2>..<hr><p>H
        0x01f0:  5454 5020 4572 726f 7220 3430 302e 2054  TTP.Error.400..T
        0x0200:  6865 2072 6571 7565 7374 2076 6572 6220  he.request.verb.
        0x0210:  6973 2069 6e76 616c 6964 2e3c 2f70 3e0d  is.invalid.</p>.
        0x0220:  0a3c 2f42 4f44 593e 3c2f 4854 4d4c 3e0d  .</BODY></HTML>.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Can you post the monitor send string?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Of course, it's just the default that's supplied with the guide.
For Outlook Anywhere:
RPC_IN_DATA /rpc/rpcproxy.dll?xmail.redacted.com:6001 HTTP/1.1\r\nUser-Agent: MSRPC\r\nHost: xmail.redacted.com\r\n

For ActiveSync:
GET /Microsoft-Server-ActiveSync/ HTTP/1.1\r\nHost: xmail.redacated.com\r\n
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
That looks correct. Can you tell from the tcpdump if actual monitor send string is the same as what you've specified in the GUI? To answer the question about credentials-DOMAIN\username should work.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi ,
Same here... I am also running a thread for the same problem.... outlook any where dosent work ... also Auto discovery monitor is not working for me...... but I am using ver. 11.1 which has an external monitor defined for Auto discovery.... I have uploaded loads of tcpdumps, debugs, http watch, but my GOD.... no help at all.... where to find the solution for this really....

Regards,
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Same here.... However the problem with my Active-Sync monitor was that I simply needed to enter a username and password in the format of just without prepending the domain or using the UPN name. The OutlookAnywhere monitor created from the template still fails, so I've reverted back to a simple 1.0 GET. OA works fine, but as mentioned above I would really like to be more granular.

Any assistance would be greatly appreciated.

FYI - version 10.2.2 also
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Active-Sync protocol does not support the "GET" method. Supported methods are "POST" and "OPTIONS". With the monitor as stated in the deployment guide if your credentials are correct then you should be getting error code 501 "Not Implemented" because the "GET" method is not supported. See Active Sync spec documentation link below.

http://msdn.microsoft.com/en-us/library/dd299446(v=exchg.80).aspx

Here is a monitor that should at least get you status that Active-Sync is up and running. You should get "HTTP/1.1 200 OK" as well as a list of available commands.

monitor MS-Active-Sync_mon {
defaults from http
interval 5
timeout 16
password "testing"
recv "MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync"
send "OPTIONS /Microsoft-Server-ActiveSync HTTP/1.1\r\nHost: mail.example.com\r\nContent-Length: 0\r\nCache-Control: no-cache\r\nConnection: Close\r\n"
username "test"
}

To check test user mailbox, a more complex EAV will be required because the request will have to be accompanied by some request data in this case XML formatted.
Watch this space, will post EAV later once finalized.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Just a follow-up, I've got ActiveSync working fine now with the following request string:
GET /Microsoft-Server-ActiveSync/default.eas HTTP/1.1\r\nHost: xmail.redacted.com\r\n


However, I still cannot get the OA monitor working at all. Just using the default HTTP monitor right now. I'll update if I find anything.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Looks lke the problem may be with the authentication method. The F5 software uses basic authentication to establish the connection. Since many organizations use NTLM with OA, this results in the monitor not passing authentication despite having the correct credentials. I found 2 options that worked.

1. Change the response string from "200 Success" to "Unauthorized"
2. (Lass favorable to many) Change your OA accepted authentication method from NTLM to Basic.

I hope this helps someone out there avoid some frustration!
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi. I just authored a tech tip on how I built Exchange 2010 monitors. I used some of the info in this thread in my research during development, so I thought I'd pay it forward.

https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1090542/Health-Monitors-for-Exchange-2010.aspx
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Nice work SMP! That's really helpful info.

With the addition of NTLM support for HTTP/S monitors in 11.1 you should be able to use an inbuilt monitor for the Outlook Anywhere monitor.

Aaron
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Aaron - is there documentation on how to build an HTTP/S monitor supporting NTLM for Outlook Anywhere?  I'm having the exact symptoms in this thread using the latest iApp on 11.2.  I've tried making my own HTTP/S monitor as you suggest, but it has the same problem.  I can log into the CAS servers directly using OA with the monitoring account, or through the F5s to the CAS servers using the monitor account if the F5 is configured to use basic health monitors, but as soon as I set Advanced monitors OA breaks while the rest of the monitors are fine. 

0