ActiveSync and ESP - Block access to invalid host "mail.domain.com:443"
When using the Edge Security Pack (ESP) functionality with ActiveSync, in some scenarios the below error may appear in the ESP logs:
Jul 9 08:06:26 LM01 l7log: Blocked access to invalid host 'mail.domain.com:443' from 10.10.10.10:18592 to 220.127.116.11:443
To resolve this issue, please create the following rule in the LoadMaster and apply it to the Exchange Virtual Service:
- In the main menu, select Rules & Checking and then Content Rules.
- Click Create New.
- Fill out the settings as depicted in the screenshot above.
- Click Create Rule.
- In the main menu, select Virtual Services and View/Modify Services.
- Click Modify on the relevant Virtual Service.
- Expand the Advanced Properties section.
- Click Show Header Rules.
- Add the Delete_443_in_hostname rule in the Request Rules section.
This rule is needed because some phones send the port number with the host name to the LoadMaster and ESP blocks this as it only accepts the host name. By creating this rule, ActiveSync will be allowed through without having to manually configure the handsets.