Exchange federation not working with KEMP LB

0

I have been trying to establish federation between 2 exchange servers (different external domains) to share free/busy information. I was able to do so, however, only without KEMPs. So, if HTTPS is pointing (from outside) directly to exchange server (NAT-ed), it works. however, using LB in place, it does not, regardless of what template is being used.

To give you idea, federation can be tested on the exchange server with the Get-FederationInformation -domainName <domain> which will query the domain and try to find it. It basically tries to connect via AutoDiscover but noa via standard autodiscover URL http://autodiscover." + domain + "/autodiscover/autodiscover.xml but rather with https://autodiscover.mydomain.com/autodiscover/autodiscover.svc/wssecurity 

With KEMP in place, it does not work, without, it does. Any idea?

4 comments

Avatar
0
Tony Vaughan

Hello,

unfortunately I don't have enough information on this
I would recommend opening a support case and one of the support engineers can go through this in more detail

Avatar
0
gjus

Thank you Tony, however, this is a bit complicated.

This environment is not yet set with a client and currently only being tested with free LBs in place in a test environment as a requirement. However, free LBs are not subject to support.

How can I open a ticket with KEMP then?

Thank you, 
G

Avatar
0
Tony Vaughan

Hello,

if this is designed to be in a production environment,
I would recommend deploying a trial instead of a free LoadMaster

without seeing your setup or environment I would try the following steps
create a new test VS with a basic setup and work up from there
e.g.
1 VS with no SSL offloading with a wildcard port no sub virtual services
if this works change the port to 443
if this works change the port to try offloading and re-encryption
if this works change to use sub virtual service,

this should help narrow down the issue to routing, content ,certificates or something else

Avatar
0
andreas.bahnmann

Hi,

 

we had a similar issue.

You have to disable any preauthentication (ESP) on the KEMP side - for autodiscover.domain.com and also for external-mailserver-namespace.domain.com

 

kind regards