No problem, I did forget to say that it wasn't specific to the Netscalers and MS has come across the issue before with other load balancers. It was to do with re-use of the connection and returning the wrong authenticated user session.
It was impossible to replicate. On 16 May 2017 20:00, "Kennedy, Jim" <kennedy...@elyriaschools.org> wrote: > Much appreciated. > > > > No Netscaler here, but we do have a reverse proxy..and it happened right > when I switched to Forms. I have rolled that back and am going to cross my > fingers as a 2016 upgrade has been ordered with a new front end proxy/load > balancer. > > > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Tony Patton > *Sent:* Tuesday, May 16, 2017 10:40 AM > *To:* Exchange List > *Subject:* Re: [Exchange] Weird email access/wrong mailbox. > > > > I found the RCA report from the issue, which had the following, and OWA > is/was using Forms based Auth: > > As the investigations continued MS and Celestix determined that their > solutions were working exactly as designed and that the culprit was a > setting on the Citrix Netscaler load balancer. Citrix recommended that > multiplexing was disabled and all agreed that there was no issue regarding > authentication, all parties concurred that multiplexing was the cause of > the issue and Microsoft advised that in every instance where they had seen > breaches of this kind, once multiplexing had been disabled the issue never > re-occurred: > > "We have seen this with a number of other customers in the past and this > has been conclusively shown to happen when Citrix Netscaler multiplexing is > in use. At this point in time we do not have any data from your environment > to confirm our suspicions but, based on your architecture and our historic > experiences, our strong recommendation is to disable Multiplexing on the > Citrix NetScaler -http://support.citrix.com/article/CTX124713” > > > > The issue wasn't reported again after the NW team disabled multiplexing, > but I've no information on whether it was at the service level or globally. > > > > On 15 May 2017 at 19:43, Kennedy, Jim <kennedy...@elyriaschools.org> > wrote: > > Interesting, nothing out of the ordinary in my logs. Network guy just came > by, he had it happen to him also. And all three were on the same weekend. > I did make a recent auth change from Basic to Forms about a week and a half > before this started to make a SSO system we have work with it. > > > > Wonder if the Proxy server is tripping over cookies or something from the > Form. Going to ponder it, but I may just switch it back. This is Exch > 2010 and we have never had this issue until now. Same proxy server in > place for several years….no recent updates. I missed last patch Tuesday due > to vacation. > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Tony Patton > *Sent:* Monday, May 15, 2017 1:46 PM > *To:* Exchange List > *Subject:* Re: [Exchange] Weird email access/wrong mailbox. > > > > We had that issue early last year/late 2015 with OWA with one of our > customers. I can't remember off-hand, but it was something to do with > multiplexing(?) between the Netscalar load balancers and Celestix UAG > servers. > > > > We weren't able to replicate the issue or find anything relevant in the > logs on the Exchange servers. The UAG servers are supported by the > Security team. > > > > I'll try and find the relevant information tomorrow when I'm back in the > office. > > > > Tony > > > > On 15 May 2017 18:12, "Kennedy, Jim" <kennedy...@elyriaschools.org> wrote: > > Just got back from vacation and I have two tickets on some odd mailbox > access. Both are phones, they would not have been on our network and would > have been coming in from the net through our reverse proxy for OWA. > > > > Going to just paste what they said, I have no idea where to look. > > > > “Today while my class was watching a video I accessed my email on my > phone. The page reloaded on its own, and I was in someone else's school > email.” > > > > “I had a very strange thing happen over the weekend to my email. I was > checking my email through the browser on my phone and I clicked out of an > email I was reading and back to my inbox. When I did this I had someone > else's email!! I tried to refresh and I didn't get my email back.” > > > > > > >