Hi graham,
Unfortunately, Microsoft is obfuscating the RPC protocol into HTTP protocol
which may required both ends of the socket to understand which version of RPC
will be encapsulated within the HTTP payload. since you try to force Zen LB to
terminate and proxy the request to the backend MS exchange servers, there may
be an RPC incompatibility problem.
One possible solution is to enable SSL /TLS in all backend MS Exchange servers
and to prevent Zen LB from proxying RPC over HTTPS, Just use the Zen LB TCP
profile to define the VIP to route all SSL / TLS traffic to the backend MS
Exchange OWA IIS interface and RPC redirect folders.
Then, you need to use the MS trick to export the private key along with the
signed certificate and import it to any additional MS Exchange severs.
1) Generating CSR in MS Exchange IIS
Select one of your MS Exchange servers to create a Certificate Signing Request
(CSR) via the IIS web site associated with Ms Exchange which will create an
X.509 private and public key pairs and a CSR file to be signed by an external
Root Certificate Authority (rootCA)
2) Sign the CSR with the openSSL rootCA you indicated you had genrated and
ensure all servers and clients imported your rootCA into the MS Windows
Trusted Root CA repository
Get the CSR from the MS Exchange server and sign it with your openSSL
environment
3) Import rootCa and the MS Exchange server
3a. Import the openSSL rootCA via MMC snap-in
3b. Import the openSSL signed MS Exchnage server certificate via IIS
pending certificate screen where the
CSR was generated
4) Now follow the instruction link below to transfer IIS 7 certificates along
with its associated private key
5) Import rootCa and the source MS Exchange server certificate and private to
the rest of all Ms Exchange servers
Follow the instruction link below to transfer IIS 7 certificates along with
its associated private key
6) Configure Zen LB VIP to handle SSL / TLS via its TCP profile.
You may try to use the Zen Load Balancer TCP profile, then specify the
Farm Virtual IP and Virtual port and associated them with the MS
Exchange backend servers which are listening for SSL / TLS traffic.
Please do not setup nor associate any certificates with the farm
definition for your VIP entries in the Zen LB. Just pretend your farm
VIP traffic were being setup for port 80, but simply specify the ports
you are using for SSL / TLS. All traffic will be routed to the backend
where certificates processing will be handled as before Zen LB was used.
Links:
Install SSL Certificate Outlook Web Access
(OWA)http://www.geocerts.com/install/owa
Configure Outlook Anywhere to Use an SSL Certificate with
Redirectionhttp://technet.microsoft.com/en-us/library/bb310764%28v=exchg.141%29.aspx
How to Import and Export SSL Certificates in IIS 7
Transferring IIS 7 Certificate
Fileshttp://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm
Regards,
YPSlinux
________________________________
From: Graham Morley <[email protected]>
To: "'[email protected]'"
<[email protected]>
Sent: Monday, January 21, 2013 4:27 AM
Subject: [Zenloadbalancer-support] Zen and Outlook Anywhere Issues
Hi All,
I’m new to the Zen Loadbalancer and I’m having some issues getting is working
as part of an Exchange 2007 solution.
I’m try to use v2 (stable) as a solution to balance and terminate HTTPS
connections to an Exchange 2007 environment. Everything is working great for
OWA (Outlook Web Access), but it’s not working for OA (Outlook Anywhere – RCP
over HTTPS).
Here’s what I know:
- I’m using a self-signed certificate for testing, which was created
with OpenSSL and I have added this to my Trusted Root Certificates store on the
machine I’m testing from.
- OWA (Outlook Web Access) works great, the certificate shows
correctly in the browser (IE 9), so no problems there.
- When I try to connect using OA (Outlook Anywhere), I just get a
response from Outlook saying ‘Server Unavailable’.
- In the configuration for the Farm, I have the RPC extensions enabled.
To try and troubleshoot this, I’ve used Wireshark to do a packet trace of a
working solution (which uses MS ISA Server for the HTTPS termination) and from
Zen.
The main difference that I can see is that with Zen Loadbalancer, I get a TLS
“Encrypted Alert 21’ messages and then the connection is reset.
I could really using some help in trying to troubleshoot this, as I’m keen to
use Zen to replace MS ISA Server, but need to resolve this OA (Outlook
Anywhere) issue.
So any pointers on:
- Could it be the Certificate?
o It is self-signed, but this works fine for OWA and is trusted on the
machine I’m testing from…
- Is there some logging that I could enable in Zen to understand and
troubleshoot the problem better?
- Has anyone else experienced this problem?
- Could this be a Bug? (It’s much more likely something I’ve done
incorrectly)
Any help would be greatly appreciated. I’m happy to supply more information if
it’s required.
Kind Regards,
Graham.
___________________________________________________________________________
The All England Lawn Tennis Club (Championships) Limited (company number
7546773) is a company registered in England & Wales whose registered office is
at Church Road, Wimbledon SW19 5AE. The All England Lawn Tennis & Croquet Club
Limited (company number 7546718) is a company registered in England and Wales
whose registered office is at Church Road, Wimbledon SW19 5AE. The Club’s
grounds are owned by The All England Lawn Tennis Ground plc (company number
168491, registered in England and Wales) whose registered office is at 1 Little
New Street, London EC4A 3TR.
This email and its contents (including attachments) are confidential, and must
not be disclosed without the sender’s permission. If you receive this email in
error please notify the sender immediately and then delete it from your system.
Emails may be monitored in accordance with English law.
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122412
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
