In further troubleshooting, here is what I've discovered so far:
If I enable persistence for the /oab URI, the scheduled automatic download of the offline address book now completes without issue. HOWEVER, the manual download of the OAB using the Send/Receive Groups-->Download Address Book function within Outlook still fails on each attempt. The LTM log shows 4 TCL Errors on the initial attempt, and 1 similar TCL Error on each subsequent attempt every 5 minutes thereafter:
Jul 17 16:23:23 slot1/%REDACTED% err tmm1[11395]: 01220001:3: TCL error: /Common/_sys_APM_Exchange - Operation not supported (line 1) invoked from within "HTTP::status"
Jul 17 16:23:26 slot2/%REDACTED% err tmm3[12304]: 01220001:3: TCL error: /Common/_sys_APM_Exchange - Operation not supported (line 1) invoked from within "HTTP::status"
Jul 17 16:23:29 slot1/%REDACTED% err tmm3[11395]: 01220001:3: TCL error: /Common/_sys_APM_Exchange - Operation not supported (line 1) invoked from within "HTTP::status"
Jul 17 16:23:32 slot1/%REDACTED% err tmm1[11395]: 01220001:3: TCL error: /Common/_sys_APM_Exchange - Operation not supported (line 6) invoked from within "HTTP::status"
I have proven this several times over and have submitted my findings/recommendations to F5 support for consideration in including this fix in the up and coming 1.4.0 Exchange iApp. If you are using the iApp, modify the following in your configuration as necessary:
(1) Modify the %APP_NAME%_oa_persist_irule iRule to look like the following:
when HTTP_REQUEST {
switch -glob -- [string tolower [HTTP::path]] {
"/ews*" {
Exchange Web Services.
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist source_addr
}
}
"/oab*" {
Offline Address Book.
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist source_addr
}
}
"/rpc/rpcproxy.dll*" {
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} elseif { [string tolower [HTTP::header "Authorization"]] starts_with "basic" } {
set oa_key [sha256 [HTTP::header "Authorization"]]
persist uie $oa_key 7200
} else {
persist source_addr
}
}
}
}
when HTTP_RESPONSE {
if { [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate"} {
ONECONNECT::reuse disable
ONECONNECT::detach disable
NTLM::disable
}
if {[HTTP::header exists "Transfer-Encoding"]} {
HTTP::payload rechunk
}
}
(2) If you are using the combined Virtual Server, modify the combined_persist_irule by removing the /oab section and replacing with the following:
"/oab*" {
Offline Address Book.
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist source_addr
}
pool %YOUR_POOL_HERE%
return
}
(3) If you are using both a combined Virtual Server AND APM, modify the apm_combined_pool_irule by removing the /oab section and replacing with the following:
"/oab*" {
pool %YOUR_POOL_HERE%
persist uie $sessionid 7200
return
}
The F5 engineer I am working with has assured me he will be working with the iApp team to figure out this issue and hopefully work toward a better solution, but this workaround will get the automatic downloads of the OAB up and running for now if you're seeing what I'm seeing.
Take care, and more to follow!
-Cory