Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Applications

Exchange, LoadMaster and OS X Connectivity issues

Updated

Occasionally an issue occurs relating to Exchange 2010 and OS X mail. This issue is described below:
 
When the LoadMaster operates at full Layer 7, requests sent to Client Access Servers (CAS) can have two additional headers inserted automatically. These are the X-Forwarded-For and Via headers which inform the server of the IP address of the client and the IP address of the service respectively. The via header is used by proxies to indicate to servers that there may be a hop in between. The presence of this header causes the CAS to set the 'Persistent-Auth' header to 'false'. Ordinarily this would be fine - it would simply require each request to be sent with credentials rather than once per connection. Occasionally this is a problem because the Mac Mail application does not always re-send the credentials.
 
To resolve this issue, you can create a rule in the LoadMaster to delete this header:
  1. In the main menu of the LoadMaster Web User Interface (WUI), select Rules & Checking and Content Rules.
  2. Click Create New.
  3. Enter a recognizable Rule Name, for example Remove_Via.
  4. Select Delete Header as the Rule Type.
  5. Enter Via as the Header Field to be Deleted.
  6. Click Create Rule.
  7. In the main menu, select Virtual Services and View/Modify Virtual Services.
  8. Click Modify on the relevant Virtual Service.
  9. Expand the Advance Properties section.
  10. Click Show Header Rules.
  11. Add the relevant rule as a request rules on the main virtual service.

After the rule has been created and assigned to the Virtual Service, the via header will be deleted going forward.

12.Test connectivity once again. If client fails to connect, see step 13.

13. SSL Ciphers

It's possible you will have to make changes to your SSL Cipher Suites. This is necessary depending on your version of OS X.

Modify VS > SSL Properties > Cipher Set = "Default"

 

 

Comments

Avatar

netservice

This also applies to Exchange 2013 in our case.

0
Avatar

user user

Extra info: this applies at the EWS SubVS

0
Avatar

Jennifer Williams

Does this also apply to EWS for outlook on a Mac?
0
Avatar

Norbert Fehlauer

I had to disable "Additional L7 Header". Just adding the remove_via rule did not work here with 7.1-32a-88 and Exchange 2013 CU11
See http://www.msexchange.org/blogs/bhargavs/exchange-server/mac-mail-not-connecting-to-exchange-server-part-2.html

0
Avatar

ben.lye

We also had this problem with Exchange 2013 CU12 and Mac Mail clients.

I was able to solve the problem on a SubVS by setting the "Add HTTP Headers" option under "Advanced Properties" to "None" instead of "Legacy Operation(X-ClientSide)".

I did it this way because I was nervous about changing a global setting.

0
Avatar

Jennifer Williams

Thank you Norbert and Ben, I have to get back to this . I have been side tracked with other projects but am really curious if this fixes it. as I have upgraded to Mavericks and now it no longer works...was able to find a work around using certain authentication, digest based on exch 2013 but prefer not to use that

0
Avatar

Kemper

Thanx for this fix - that worked for many old OS X machines - I did the original fix on the EWS-SubVS with Exchange 2010 as backend-server ...

0
In this document