Exchange, LoadMaster and OS X Connectivity issues

Occasionally an issue occurs relating to Exchange 2010 and OS X mail. This issue is described below:
When the LoadMaster operates at full Layer 7, requests sent to Client Access Servers (CAS) can have two additional headers inserted automatically. These are the X-Forwarded-For and Via headers which inform the server of the IP address of the client and the IP address of the service respectively. The via header is used by proxies to indicate to servers that there may be a hop in between. The presence of this header causes the CAS to set the 'Persistent-Auth' header to 'false'. Ordinarily this would be fine - it would simply require each request to be sent with credentials rather than once per connection. Occasionally this is a problem because the Mac Mail application does not always re-send the credentials.
To resolve this issue, you can create a rule in the LoadMaster to delete this header:
  1. In the main menu of the LoadMaster Web User Interface (WUI), select Rules & Checking and Content Rules.
  2. Click Create New.
  3. Enter a recognizable Rule Name, for example Remove_Via.
  4. Select Delete Header as the Rule Type.
  5. Enter Via as the Header Field to be Deleted.
  6. Click Create Rule.
  7. In the main menu, select Virtual Services and View/Modify Virtual Services.
  8. Click Modify on the relevant Virtual Service.
  9. Expand the Advance Properties section.
  10. Click Show Header Rules.
  11. Add the relevant rule as a request rules on the main virtual service.

After the rule has been created and assigned to the Virtual Service, the via header will be deleted going forward.

12.Test connectivity once again. If client fails to connect, see step 13.

13. SSL Ciphers

It's possible you will have to make changes to your SSL Cipher Suites. This is necessary depending on your version of OS X.

Modify VS > SSL Properties > Cipher Set = "Default"



Was this article helpful?

4 out of 4 found this helpful



This also applies to Exchange 2013 in our case.


Extra info: this applies at the EWS SubVS

Jennifer Williams
Does this also apply to EWS for outlook on a Mac?

I had to disable "Additional L7 Header". Just adding the remove_via rule did not work here with 7.1-32a-88 and Exchange 2013 CU11

Edited by n.fehlauer

We also had this problem with Exchange 2013 CU12 and Mac Mail clients.

I was able to solve the problem on a SubVS by setting the "Add HTTP Headers" option under "Advanced Properties" to "None" instead of "Legacy Operation(X-ClientSide)".

I did it this way because I was nervous about changing a global setting.

Jennifer Williams

Thank you Norbert and Ben, I have to get back to this . I have been side tracked with other projects but am really curious if this fixes it. as I have upgraded to Mavericks and now it no longer works...was able to find a work around using certain authentication, digest based on exch 2013 but prefer not to use that


Thanx for this fix - that worked for many old OS X machines - I did the original fix on the EWS-SubVS with Exchange 2010 as backend-server ...