Issues with Exchange 2013 load balancing through LTM (v11.6)
I have a support case open for this as well, but since no one has truly engaged in spite of a Sev1 classification, I'm hoping someone in the community can help. Thank you ahead of time.
We have an Exchange 2013 (latest CU) cluster with two CAS servers and two DAG servers. We've been load-balanced through Kemp VLMs for a couple years without issues, though only w/ transparent SSL pass-through. Sunday night we migrated to BIG-IP LTM VE running 11.6 HF4 using the latest Exchange iApp. All services are co-located on the same CAS servers and we are using SSL bridging. The Exchange servers are on the internal VLAN by themselves and use the LTM internal self IP as their default gateway. Routing outside of that VLAN is configured to use the LTM external self IP as the route into the internal/Exchange VLAN.
After changing routes, DNS, gateways, etc from Kemp to F5, most things worked but clients on the "external" VLAN have difficulty connecting to Exchange. It is intermittent (about 50/50) and appears to be a mix of routing and autodiscover issues as it is slow to create new profiles and to reconnect using Outlook's "Connection Status" tool. After 30-45 seconds typically, it would connect and pass mail fine, but it won't failover if the CAS servers flip (i.e. reboots) and reconnect or fresh opening lags. We can reproduce it readily. Additionally, we show errors with our Lync servers on that same "external" VLAN updating presence/contact subscriptions from Exchange.
Of additional note, I have a forwarding virtual server setup to pass all traffic for all VLANs/IPs so that Exchange can be managed, contacted, etc for services other than those in the iApp (the LTM-VE is fully inside, so no interfaces on the internet). That seems to work fine.
The challenges have been: 1. The Exchange iApp doesn't cover SMTP, so we had to pull the community RC for that. 2. The Exchange iApp and deployment guide doesn't speak to routing/forwarding, so we had to reference an F5 KB on the IP forwarding virtual server.
Main item to troubleshoot: hosts/servers on the "external" VLAN have major connectivity issues to Exchange through the iApp (SSL/443). Lync, in particular, is having presence and contact update issues w/ Exchange.
Thanks again for any help.