Forum Discussion
10 Replies
- mikeshimkus_111Historic F5 Account
Hi Sholls, can you tell me if you deployed Exchange using the iApp template, and which version of the template you used? Which version of BIG-IP are you using? Have you captured the client and server side traffic to determine what response is being sent by the BIG-IP and/or Exchange CAS?
thanks
- Olusola_Ayoade_Nimbostratus
Thanks Mikeshimkus,
Yes i used an iapp template of version 1.4, Big IP version 11.3, what can i use to capture the client and server side traffic to determine response sent by BIG IP or Exchange CAS ?
Thanks for the support
Sholls
- Olusola_Ayoade_Nimbostratus
Thanks Mikeshimkus,
Yes i used an iapp template of version 1.4, Big IP version 11.3, what can i use to capture the client and server side traffic to determine response sent by BIG IP or Exchange CAS ?
Thanks for the support
Sholls
- mikeshimkus_111Historic F5 Account
First, I recommend using the latest version of the iApp from downloads.f5.com. Currently, that's v1.5.0.
You can use tcpdump and ssldump on BIG-IP to look at the traffic:
https://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html
https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html
Or you can use utilities like Fiddler and Wireshark on the client and server side, respectively.
You shouldn't need persistence since that's not required in Exchange 2013. The iApp should deploy OneConnect by default; is there a reason you don't want to use it?
- Olusola_Ayoade_NimbostratusThanks Mike, I have done the tcpdump and ssl dump, nothing was figured out as abnornal. i have also added persistence to the RPC Proxy on the Outlook anywhere irule "persist cookie insert timeout 0" But the issue still persist. I need help peeps, thanks in Anticipation !
- mikeshimkus_111Historic F5 AccountIn the traffic captures, there must be a request from the client that is never answered, or otherwise receives an error response from either the BIG-IP or the CAS. Did you see that? I would need to know more detail about the deployment, starting with the choices made in the iApp. Also, is the status pool member you initially connect to healthy the entire time, or does it get marked down? You might want to consider opening a support case with F5 and PM'ing me with the details so I can get a look at the configuration.
- Olusola_Ayoade_Nimbostratus
Hi Mike,
I perceive Kaspersky is hindering Outlook anywhere traffic through F5 , here is a log from kaspersky can someone interpret this for me.
10.161.6.6 is my F5 self IP, EMTS-E13CAS01 is my cas server.
Event name Network attack detected Severity: Critical event Application: Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows Version number: 10.2.1.23 Task name: Network Attack Blocker Computer: EMTS-E13CAS01 Group: Enterprise servers 8.0 10.150.140 to 10.161.7 Time: Wednesday, August 05, 2015 2:45:43 PM Virtual Server name:
- mikeshimkus_111Historic F5 Account
I imagine that must be a false alarm from Kaspersky based on something our server-side TCP profile is doing. Is it possible to whitelist the self IP? I'll ask around a bit, but you also may want to check with your sales engineer.
- Olusola_Ayoade_Nimbostratus
Hi Mike,
outlook anywhere worked well after the deployment, but later after kaspersky was dropped on the cas servers, only one mail leaves the outbox, the next mail is stuck in the outbox and mails cannot come in or go out, but when ever you restart the outlook client mails will be received and sent for a second or two and stop.
please see the same experience here kaspersky is notorious for that behaviour.
http://forum.kaspersky.com/lofiversion/index.php/t237268.html
kindly assist .
- mikeshimkus_111Historic F5 AccountIt looks like the issue lies with Kaspersky. Disabling it and opening a case with them seems like the next step.