Forum Discussion

Marin's avatar
Marin
Icon for Nimbostratus rankNimbostratus
Jan 22, 2012

Outlook via TMG VPN to F5 balanced CAS

I have question regarding Outlook via TMG VPN to F5 balanced CAS.

 

I will briefly describe my configuration. We have Ex2010SP1 CAS array, which because of WNLB issues, I switch to F5 (v 11.0) balancing. I’ve used iApp to configure F5 (using manual http://www.f5.com/pdf/deployment-guides/microsoft-exchange2010-iapp-dg.pdf) I’ve published all services on single virtual server (AS, OWA, Autodiscover, RPC). On CAS servers in IIS everything was the same as previous except using manual I moved SSL offloading to F5 (http://social.technet.microsoft.com/wiki/contents/articles/how-to-configure-ssl-offloading-in-exchange-2010.aspx.) .

 

Now my configuration looks like this, internal/external client for OWA comes to FBA on TMG then TMG forward it to F5, and everything works fine. On TMG, OWA and AS are only published not OutlookAnywhere because we don’t need this, if user want’s use Outlook externally he needs to use VPN over TMG. And now here we have the problem, we have clients that use domain joined laptops to connect internally and now Outlook constantly prompts for password. Prior moving NLB to F5 everything was working fine.

 

I don’t have any clue where I did go wrong, so any help would be appreciated. If I configured something wrong I presume that Outlook internally also would not work?

 

 

Regards,

 

Marin

 

 

microsoft
partner

4 Replies

Sort By
  • Michael_Koyfma1's avatar
    Michael_Koyfma1
    Icon for Cirrus rankCirrus
    Jan 23, 2012
    Did you follow all the manual changes that are necessary that are described on page 28(and especially 30) of the guide?
  • Marin's avatar
    Marin
    Icon for Nimbostratus rankNimbostratus
    Jan 23, 2012
    Hi Michael,

     

     

    thanks for replay.

     

    You are right, now I check again pages 28-30, and now I see that I didn't apply part ‘To modify the port 443 virtual server’, cause I downloaded iRule from http://www.f5.com/solution-center/deployment-guides/files/exchange-persist.zip, and I can't apply it cause 070151:3: Rule [/Common/exchange-new-single-persist-irule] error: Unable to find pool (my_Exchange_2010__single_as_pool) referenced at line 35: [pool my_Exchange_2010__single_as_pool].

     

    I don’t know anything about iRules, and obviously in line 35 pool name needed to be change but to what, to name of what pool?

     

     

    Marin
  • Michael_Koyfma1's avatar
    Michael_Koyfma1
    Icon for Cirrus rankCirrus
    Jan 23, 2012
    Just find the pool statements in the iRule and make sure you put in the names of the proper pools that you created as part of the iApp deployment - that should be it.
  • Marin's avatar
    Marin
    Icon for Nimbostratus rankNimbostratus
    Jan 23, 2012
    I'm an idiot that doesn't know to read - sorry.

     

     

    I found the words starting with my_ and change it to appropriate pool names

     

     

    but it didn't do any help :(