Forum Discussion

vineyard_166933's avatar
vineyard_166933
Icon for Nimbostratus rankNimbostratus
Dec 05, 2014

Open port range on Exchange Cas array object to enable Outlook Anywhere

Hi

 

Using Exchange 2010 SP3 and LTM 11.6.0

 

Outlook Anywhere is currently not working externally. The reason is it tries to proxy connections to the Excahnge CAS array object on port 6001-6004. The cas array is load balanced virtual server, part of an application service on LTM, and these ports are never configured and will be rejected.

 

Changed some Exchange configuration, the EXPR Outlook provider, to use a internal server and it now works internally only.

 

I wonder if something is configured wrong since i cant find many with the same issue. Found some but they never figured out what caused the issue and the solution was to not use HLB for RPC/MAPI.

 

So, I want to: 1. either open the port range. 2. somehow make Outlook anywhere connections proxy directly to CAS servers Explanation; make this: mail.hostname.com/rpc/rpcproxy.dll?CASARRAY:6002 Into something like this: mail.hostname.com/rpc/rpcproxy.dll?Exchangesrv:6002 3. help with finding my miss-configuration :)

 

Used fiddler to verify this is the issue.

 

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Hi, for Outlook Anywhere the only port that needs to be open on the client side is 443. RPC/MAPI is a completely different client type, which requires a 135 virtual server and either a wildcard virtual server or static port virtual servers for the the address book and mapi services.

     

    I think something must be misconfigured in your Exchange deployment. Did you use the iApp to set it up, and if so, which version?

     

    I'd like to see something from your fiddler capture, is it possible to post a screen cap here?

     

    thanks

     

    • vineyard_166933's avatar
      vineyard_166933
      Icon for Nimbostratus rankNimbostratus
      The iapp is 3 versions ago, but we also have the newest version downloaded and tested, it will give the same result.
  • Strange this, feels like OA should break every time implementing RPC/MAPI from Exchange iApp.

     

    Since LTM rejects all unspecified ports natively, and Outlook Anywhere sends RPC traffic to the RPC/Mapi VIP on 6001-6004 port range.

     

    OA will proxy traffic to DNS name specified in the Exchange RPCCLIENTACCESSSERVER property. And by recommendations the property points to the RPC/Mapi VIPs DNS name.

     

    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      OA and RPC/MAPI have nothing to do with each other. OA uses HTTP, and RPC/MAPI uses RPC. For OA, you'll see traffic being sent to 443. For RPC/MAPI, you should see an initial request to 135, then requests to either the 2 static ports or a range of ephemeral ports, depending on how you have Exchange set up.
    • vineyard_166933's avatar
      vineyard_166933
      Icon for Nimbostratus rankNimbostratus
      Yes, you are right. OA clients connect on 443 and rpc/mapi on 135 and two static ports. But after that, 6001-6004 is static default ports used to connect to cas and mailbox servers. If you want you can search for "rpc over http" on this url and there is a brief explanation: http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx In fiddler it will look like this: https://mail.hostname.com/rpc/rpcproxy.dll?CASARRAY.local:6002 HTTP/1.1 If there was a way to separate what CAS servers OA and rpc/mapi connects to it would be a solution also. Tested with remote connectivity analyzer also. OA works when specifying an internal exchange server. IE. when using 6001-6004 against a CAS server directly instead of the F5 VIP.
    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      I recommend opening a case with F5 support, and letting us know the case number. Support will ask you to provide your fiddler captures or tcpdumps that should help us understand what's going on. You are definitely using Outlook Anywhere. IIRC, the RPC endpoint information is used for internal communications between the CAS and mailbox servers. Are you pointing the CAS array FQDN at the LTM virtual server?