Issue with Exchange 2010+ federation on BIGIP VE LTM+APM
Environment
Exchange 2010 Org
Published Via TMG 2010
Exchange 2013 Org
Published via BIGIP VE LTM+APM
Outlook anywhere is configured for basic authentication on the CAS servers and iAPP
I'm currently trying to get exchange federation working between an Exchange 2010 org and an Exchange 2013 org.
The federation works fine if using LTM mode but not when using LTM+APM.
From the 2010 exchange cas server I am seeing 401 errors coming from the availability service when it trys to query free/busy data on the 2013 org.
I've used an irule to try and disable APM from authenticating the connections similar to what is used for ADFS proxy endpoints, it is as follows(we do something similar with the TMG server to allow connections to authenticate directly with the cas servers)
when HTTP_REQUEST {
Check the requested HTTP path
switch -glob [string tolower [HTTP::path]] {
"/ews/mrsproxy.svc" -
"/ews/exchange.asmx/wssecurity" -
"/autodiscover/autodiscover.svc/wssecurity" -
"/autodiscover/autodiscover.svc" {
Disable APM for these paths
pool Exchange2013_oa_pool7
ACCESS::disable
log local0. "Disabled APM enforcement for HTTP path: [HTTP::path]"
}
}
}
I've placed the irule above _apm_combined_pool_irule7 and _sys_APM_ExchangeSupport_OA_BasicAuth
I am seeing the logs indicating the irule is getting hit but it doesn't seem to want to work.
Whats strange is that if I replace the _sys_APM_ExchangeSupport_OA_BasicAuth irule with _sys_APM_ExchangeSupport_OA_NtlmAuth the federation will start working but of course Outlook Anywhere will stop working.
I've configured the iAPP using the f5.microsoft_exchange_2010_2013_cas.v1.2.0rc1 template and Outlook Anywhere was set to basic authentication.
Anyone else got Exchange federation working via LTM+APM?