Exchange OWA session is timeout immediately and came to login page

0

Hi,

Suddenly our OWA session is expired immediately and back to login page. The load balancer is balancing two servers and after the disable the one server OWA is back to normal Could you please advice me to fix the issue, I need to enable both two servers. 

 

Thank you. Let me know if there any clarification.

Best Regards,

Tharaka Wehalla.

6 comments

Avatar
0
Tony Vaughan

Hello,

this sounds like a persistence issue,
if you are using exchange 2010 you would need to enable persistence such as source IP
for exchange 2013 & 2016 you should not need persistence based on Microsoft's best practice

Just to confirm are you using ESP on the virtual service?

if you are running exchange 2013 & 2016
can you change the persistence to Source IP and test again,

if this solves the issue the root cause is usually related to different certificates on each CAS
please see this link for details
https://blogs.technet.microsoft.com/exchange/2014/03/19/certificate-planning-in-exchange-2013/

 

Avatar
0
Tharaka Sandaruwan

Hi Tony,

Appreciate your response. We are using Exchange 2013 and on 06/30/2017 our Exchange Certificate(IIS) was expired and I renewed that certificate. After renewing certificate this issue was triggered. After disabling the one server from KEMP load balancer OWA issue was resolved.  Could you please advice for above issue?  We need to enable the server from KEMP load balancer.

should I proceed to load balancer certificate also? 
But this issue came from 6/28/2017, but expire date was 29 May 2014 could you please advice me.Thank you.

Best Regards,

Tharaka Wehalla.

Avatar
0
Tharaka Sandaruwan

Hi Tony, 

On the KEMP portal, I have found that there are six services were configured and two are disabled. Could you please let me know is that impact to the issue?


And let me know what services should I change persistence to Source IP ?

This is for Exchange 2013 HTTPS


 

If I change the persistence to source IP will it impact to active users on exchange server.

Currently, ESP is already disabled.

Thank you.

Best regards,

Tharaka Wehalla.

Avatar
0
Tony Vaughan

Hi Tharaka,

there is a few issues here,
I would recommend opening a support ticket in order to take a look at everything in one go

I believe there is a misconfiguration with the certificates which may explain the issue where clients are connecting to both real servers instead of persisting to the same server,

for the second question regarding the disabled services,
with the virtual service disabled the Loadmaster would drop traffic for those services, in this case traffic on port 110 and 995

lastly for the moment you could change the persistence to Source IP, this would be a workaround until the certificates have been checked by support

Avatar
0
Tharaka Sandaruwan

Hi Support,

I have changed the Exchange 2013 HTTPS Scheduling Method Round Robin to Sorce IP hash, Now both two load balancer are working without an issue and no OWA issue is happening. But I don't understand what is the impact difference between Round Robin and the Sorce IP hash, that I have changed Could you please advise me ? 

Avatar
0
Tony Vaughan

Morning,

the scheduling option "Source IP hash" is similar to persistence

Source IP hash - This method looks at the source IP address that sent the request to the LoadMaster and will create a HASH value for it and if the HASH value is different then it gets sent to a different Real Server.

with this set the Loadmaster will try to send the same client back to the same server,
I would still recommend that you take a look at the certificates being used by the exchange server