Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Questions and Answers


Loading

Submitting

RPC Client Access

question

I'm having an issue getting outlook client to work with RPC Client Access. I follow the steps from the F5 Deployment Guide "Microsoft Exchange 2010". Everything is working with OWA and Hub Transport, but just not with RPC Client Access. I tried so many different settings for VIP, no luck.

1. Created a DNS “A” record for outlook.xxxx.local
2. Created a Client Access Array and associate it with outlook.xxxx.local
3. Follow steps from the Deployment Guide to create health monitor, pool, profile and VIP
4. Created a new Outlook Profile and pointed to outlook.xxxx.local.

This is where I’m stuck.. I can’t get the outlook client to communicate with the CAS. When I created outlook profile, I enter outlook.xxxx.local for Microsoft Exchange Server, I get error “The name cannot be resolved. The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action”

However I could enter the CAS Server name “CAS01.xxxx.local” for Microsoft Exchange Server with no issue, but the correct way is to use the RPC Client Access name for load balancer.

Did anyone had a similar issue and able to get it resolve???


Thanks in the advance.

22 Answer(s):

there are alot of moving pieces here.
when you say RPC are you referring to RPC over HTTPS or something different (outlookanywhere)?

here's what I'm guessing it should look like...(the long road I've been going down).

For whatever reason, Microsoft really went out of their way to make 2010 complicated.  You've got something like 9 different virtual directories, one for each service, outlook address book is broken out into a different virtual directory as is the exchange control panel (options within OWA)...why?  I don't know.

With 2010 you have internal and external URL's for all of these different virtual directories.  When you're using a load balancer, I think the internal URL's are worthless...you're going to send all of your clients through the LTM's so that the solution can be load balanced, fault tolerant and highly available...right?

So the default internal urls are going to be https://myserver.mydomain.com/owa or /rpc or /outlookanywhere
You need to leave all of the internal URL's alone and create external URL's for each of the services that you want load balanced.  So, owa.mydomain.com, activesync.mydomain.com, outlookanywhere.mydomain.com, exchange.mydomain.com etc.

Each one of these external URL's are going to get published to autodiscover.
Each of these external URL's will become virtual servers on the LTM(s) with their own hostnames/IP addresses.
Add each of these to DNS as well as autodiscover.mydomain.com to DNS (you're going to need a virtual server for that as well)

All depending on whether you're doing SSL offloading or not will determine what kind of connection happens between the LTM and the server.  From the client to the LTM you're going to want a cert, I think it's called a Unified Messaging Certificate where you can have multiple subject alternative names for the servers, services etc.

Now, onto your specific issue, I don't know whether you're trying to do outlook anywhere or if you're trying to do a regular exchange RPC connection...either way I want to say that outlook is going to try to do an autodiscover to find the settings.  It goes through a series of checks to try to pull an XML file to determine where the services are located depending on where you are.  If you're an external user or an internal user or if you are connecting from an Iphone or a PC or whatever...if you're trying to access activesync or outlookanywhere, autodiscover.xml gives your device the information it needs to locate the server in question to make everything work happily.

So, make sure your internal/external urls are set, make sure that everything is in DNS, you did the cas array...good. 
There's an online tester that checks a few things: https://www.testexchangeconnectivity.com/
I've logged about 30 hours using this thing.

Now if you're able to hit the individual server but you can't access it through the LTM, make sure that the pool is up.

I hope this is helpful to some degree...this is not a fun project by any means, it's a serious pain in the butt and the deployment guide is not a great help (IMO).




here's what my exch_rpc_virtual_tcp looks like
-follow deployment guide to setup exch_rpc_virtual_tcp
-dns entry like exchange.mydomain.com or mail.mydomain.com

there really shouldn't be anything more to it than that for the RPC stuff...that's one of the easier parts. outlookanywhere is another story.
here's what my exch_rpc_virtual_tcp looks like
-follow deployment guide to setup exch_rpc_virtual_tcp
-dns entry like exchange.mydomain.com or mail.mydomain.com

there really shouldn't be anything more to it than that for the RPC stuff...that's one of the easier parts. outlookanywhere is another story.
Ken, after creating the client access array, did you associate your pre-existing database with it?

For instance, if you did:

New-ClientAccessArray -Name "YourArrayName" -FQDN outlook.xxxx.local -Site "YourSiteName"

You then have to do:

Set-MailboxDatabase "Mailbox Database " -RPCClientAccessServer "YourArrayName"

Otherwise Exchange will continue to return the name of a Client Access server (e.g. CAS01.xxxx.local) as the connection point, which it sounds like it's doing.

Edit: added to the Set-Mailbox command.

Ken, thanks for your response.

I'm not using outlook anywhere, just simple RPC for Outlook client. I think i figured out the issue. I had to create a Forwarding VIP with 0.0.0.0 for Destination and 0 (Any) for Service Port. Once I did that, the outlook client was able to connect to the CAS Array.

However, I do have a new issue..
After I logged onto OWA, I get to the main page where I see all messages however I can’t click on any of the link such as messages, folder (inbox, calendar, etc). I can’t do anything because of the javascript failed. I have no issue connecting directly to the CAS server, but via LTM I’m having issue. Again, I follow exactly from the deployment guide.
Are you using SSL offloading or no?

I have also noticed a few times while working through this that OWA will hang...I've got it working fine now though. SSL offloading is enabled and the OWA virtual directory is set to basic authentication.
Yes, I'm doing SSL offloading and using forms-based authentication with "User name only" I happen to narrow down that HTTP profile is the possible cause. I created HTTP Profile based on the F5 Deployment Guide which doesn’t work. When I changed to the VIP to use the default http profile, it works with no issue. So that tells me that the setting somewhere in the Customized profile is causing the issue. So I disable/enable the setting back-n-forth to narrow down the setting that could cause the issue. It came down to the setting cause “keep accept Encoding”. Then I tried again couples of time to duplicate the issue and I couldn’t. So I can’t really verify if this setting is the main causes cuz everything is working for now on my computer.. If I go to a computer #2 it work, but with computer #3 it won’t work.
exch_owa_http_wanopt profile?
Yes.. with Parent Profile "http-wan-optimized-compression-caching"
I haven't throughly tested everything so I'd hate to jump to any conclusion.  I do have profile in place right now and when I get to testing I'll see if it causes any problems.  I do think that we had a problem with a different profile, it was throwing errors in the logs so I pulled it out (can't remember which one off of the top of my head).

Right now I'm working through getting the rest of the services online/public and load balanced and I should be at 100% for testing...a couple more days.  I'll let you know anything I come across.

How many CAS servers are you load balancing?  we're doing 3.

Cool.. I have 2 CAS, 2 HT, 4 Mailbox servers. One other things, do you know how to clear the cache on F5?
I know very little about the F5...just the basics from trying to get it to work with Exchange, it might be something that is done through SSL/Telnet console though. Are you talking the DNS cache?

I figured it out.. you connect to F5 device via ssh and run “wa_clear_cache”.

By using the http profile that you created from the deployment guide, it using cache. So when I tried to do some testing with owa for different profile setting, it vary (sometime it work or not). It possible has to do with the cache. From now on, I will clear out the cache for any testing.
Good luck with your project.. Please do let me know what you do to make it work.
Thanks again.


I just changed three servers from basic authentication to forms authentication so the OWA page appears and now 1/3 is hanging when I get into OWA. Haven't figured it out yet, but it is an issue. Strange because if I go directly to the server (server1.mydomain.com) in lieu of the external URL for owa which is the LTM (owa.mydomain.com) it works fine, just when going through the LTM I get a hang, can't access email, can't logout or do anything. I'll keep you posted. Still working on getting exchange web services online, the OAB, ECP and dealing with a certificate error I'm getting for outlookanywhere. =/ =/

JDEWING-
On Friday I tested OWA.
I went to cas1, cas2 and cas3 and all worked fine. I went into the LTM and disabled pool members cas2 and cas3 for the OWA POOL. tested owa.mydomain.com and I received javascript errors hitting cas1 through the LTM. I repeated the process, disabling cas1 and cas3 in the LTM and went to owa.mydomain.com and it worked fine hitting cas 2 through LTM...again, cas3 through LTM was fine...I figured the problem was specific to cas1 and decided to leave it disabled until I could look at it this morning (I have a bunch of other issues I need to work through so it wasn't high priority).

This morning my colleague in Wisconsin tested hitting either CAS2 or CAS3 through the LTM (not sure which because both were enabled) and he received JS errors. I tested and I did NOT receive JS errors. I gave him my test account credentials to ensure it wasn't an issue specific to an account and he still received JS errors. Whatever the issue is, it seems to be specific to the LTM and it's VERY sporadic.

I remember encountering this problem when we were deploying the LTM to begin with. I would report to my colleague that OWA was hanging and he would test it and it would be fine...I would go back in and it was no longer hanging.

I have some other issues to work through first but if I cannot find a quick answer for this I will put in a ticket with F5 and report back to you.

respectfully,

Ken
Yeah, I had exactly the similar issue with the JS errors. I believe it have to do with a setting on HTTP profile.
yes, I went back to the default (parent) profile and it seems to be better...haven't tested much but I believe all services are now online and configured correctly...what a pain...nightmare.

Did you narrow down what the setting was that was causing OWA to hang for you?
It could be the cache setting that was inheritance from the Parent Profile "http-wan-optimized-compression-caching" or setting “keep accept Encoding”.
As right now, I couldn’t duplicate the issue with the JS errors. I changed the setting back to where it was causing the issue before, but still can’t duplicate the issue. I just don’t get it. It seemed to be working now, but I have no confidence yet.

FYI.. There is an Eseminar “Ensuring High Availability for Client Access to Microsoft Exchange Server 2010” on March 17. It sponsored by F5 and Microsoft. Here some info. http://event.on24.com/eventRegistration/EventLobbyServlet?target=registration.jsp&eventid=287198&sessionid=1&key=587891281B945A04CF88FDBADE8DA2E4&sourcepage=register&partnerref=list2
I've seen the issues with OWA as mentioned with this thread. I updated the HTTP profile to disable the "keep accept Encoding". This made owa much better, but broke web services connections. My Mac-Office 2011 clients couldn't connect through the URL https://2010_VIP.domain.com/ews/exchange.asmx and availabilty/free busy broke between my 2007 and 2010 systems.

We enabled the keep accept encoding back on to fix web services. I'll be trying a different HTTP profile to see the effects.
Kfriend, How your project going?
Hello All,
We are seeing a similar issue.
We have 2 Client Access Servers and we have also set up CASARRAY.company.com. Casarray is pointed to F5. Following is the issue we are seeing: -
User is conected via LAN.
User opens up Outlook it asks for ID and password.
Once you provide ID and password it works but problem is why it is asking for ID and password when user is connected on LAN we have checked there are no delays on LAN.
When we right click on Outlook Icon in system Tray and click on "Connection Status" it shows some of the connections are going via TCP/IP and some HTTPS.

I think is the reason it prompots for ID and password because some or one of the connections going via Outlook Anywhere (RPC over HTTPs).
If we connect directly to CAS server all the connections goes via TCP/IP and it never asks for Password prompt.

My question is what could be the cause of mixed connections TCP/IP and HTTPS?

Thanks,
Regards
Raman

I think I have an idea on what's causing this - can you please create the following iRule and apply it to your port 80 and/or 443 virtuals for Exchange(I assume that you have OneConnect/NTLM profiles applied to those virtuals, right?):

when HTTP_RESPONSE {
if { [HTTP::header values WWW-Authenticate] contains "Negotiate" } {
ONECONNECT::detach disable
}
}

Your answer: