Forum Discussion

Olusola_Ayoade_'s avatar
Olusola_Ayoade_
Icon for Nimbostratus rankNimbostratus
Aug 03, 2015

Outlook anywhere on exchange 2013 loadbalanced looses its session after connecting for a few minute

Hi Peeps,

 

Kindly assist it seems i am having a persistence challenge, when i restart my outlook client it works normally for the first few minutes, then it stops sending and receiving mails.

 

Do i need to enable one connect to fix this or which persistence parameter am i meant to adjust to ensure the outlook client continues to work after the first few minutes of relaunching it.

 

Kindly assist as i am on a live network on client site,

 

@Mikehismus thanks for you unwavering support.

 

Regards

 

Sholls

 

application delivery
devops
iApps
LTM

10 Replies

Sort By
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Aug 03, 2015

    Hi Sholls, can you tell me if you deployed Exchange using the iApp template, and which version of the template you used? Which version of BIG-IP are you using? Have you captured the client and server side traffic to determine what response is being sent by the BIG-IP and/or Exchange CAS?

     

    thanks

     

  • Olusola_Ayoade_'s avatar
    Olusola_Ayoade_
    Icon for Nimbostratus rankNimbostratus
    Aug 03, 2015

    Thanks Mikeshimkus,

     

    Yes i used an iapp template of version 1.4, Big IP version 11.3, what can i use to capture the client and server side traffic to determine response sent by BIG IP or Exchange CAS ?

     

    Thanks for the support

     

    Sholls

     

  • Olusola_Ayoade_'s avatar
    Olusola_Ayoade_
    Icon for Nimbostratus rankNimbostratus
    Aug 03, 2015

    Thanks Mikeshimkus,

     

    Yes i used an iapp template of version 1.4, Big IP version 11.3, what can i use to capture the client and server side traffic to determine response sent by BIG IP or Exchange CAS ?

     

    Thanks for the support

     

    Sholls

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Aug 03, 2015

    First, I recommend using the latest version of the iApp from downloads.f5.com. Currently, that's v1.5.0.

     

    You can use tcpdump and ssldump on BIG-IP to look at the traffic:

     

    https://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html

     

    https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html

     

    Or you can use utilities like Fiddler and Wireshark on the client and server side, respectively.

     

    You shouldn't need persistence since that's not required in Exchange 2013. The iApp should deploy OneConnect by default; is there a reason you don't want to use it?

     

    • Olusola_Ayoade_'s avatar
      Olusola_Ayoade_
      Icon for Nimbostratus rankNimbostratus
      Aug 06, 2015
      Thanks Mike, I have done the tcpdump and ssl dump, nothing was figured out as abnornal. i have also added persistence to the RPC Proxy on the Outlook anywhere irule "persist cookie insert timeout 0" But the issue still persist. I need help peeps, thanks in Anticipation !
    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      Aug 06, 2015
      In the traffic captures, there must be a request from the client that is never answered, or otherwise receives an error response from either the BIG-IP or the CAS. Did you see that? I would need to know more detail about the deployment, starting with the choices made in the iApp. Also, is the status pool member you initially connect to healthy the entire time, or does it get marked down? You might want to consider opening a support case with F5 and PM'ing me with the details so I can get a look at the configuration.
  • Olusola_Ayoade_'s avatar
    Olusola_Ayoade_
    Icon for Nimbostratus rankNimbostratus
    Aug 28, 2015

    Hi Mike,

     

    I perceive Kaspersky is hindering Outlook anywhere traffic through F5 , here is a log from kaspersky can someone interpret this for me.

     

    10.161.6.6 is my F5 self IP, EMTS-E13CAS01 is my cas server.

     

    Event name Network attack detected Severity: Critical event Application: Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows Version number: 10.2.1.23 Task name: Network Attack Blocker Computer: EMTS-E13CAS01 Group: Enterprise servers 8.0 10.150.140 to 10.161.7 Time: Wednesday, August 05, 2015 2:45:43 PM Virtual Server name:

     

    Description: Event type: Network attack detected Application\Name: Unknown Component: Network Attack Blocker Result\Description: Blocked Result\Name: DoS.Generic.SYNFlood Object: TCP from 10.161.6.6 to local port 443 Object\Type: Network packet Object\Name: TCP from 10.161.6.6 to local port 443

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Aug 28, 2015

    I imagine that must be a false alarm from Kaspersky based on something our server-side TCP profile is doing. Is it possible to whitelist the self IP? I'll ask around a bit, but you also may want to check with your sales engineer.

     

  • Olusola_Ayoade_'s avatar
    Olusola_Ayoade_
    Icon for Nimbostratus rankNimbostratus
    Aug 29, 2015

    Hi Mike,

     

    outlook anywhere worked well after the deployment, but later after kaspersky was dropped on the cas servers, only one mail leaves the outbox, the next mail is stuck in the outbox and mails cannot come in or go out, but when ever you restart the outlook client mails will be received and sent for a second or two and stop.

     

    please see the same experience here kaspersky is notorious for that behaviour.

     

    http://forum.kaspersky.com/lofiversion/index.php/t237268.html

     

    kindly assist .

     

    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      Aug 31, 2015
      It looks like the issue lies with Kaspersky. Disabling it and opening a case with them seems like the next step.