Jump to content
Welcome to our new Citrix community!

Exchange Active-Sync not working after update to Citrix ADC 13.0 build 71.44


Yuri de Haer

Recommended Posts

Hello everyone,

 

After updating the Citrix ADC (VPX) form version 13.0 build 58.32 to build 71.44 the Exchange Active Sync service didn't work anymore.

On an Android Mobile (iOS as well) the service was not reachable and every time I tried to connect, the service was replying that my credentials were not correct.

The connection with Outlook (mapi / RPC) and webmail worked perfectly as well as OWA.

I did some troubleshooting but eventually I did an vm restore  back to build 58.32 and by then the Active Sync service did work again.

 

The Exchange platform consist of 2 Exchange 2013 CU 23 servers in a so called DAG (HA) cluster on Windows 2012 (non R2) servers with the december 2020 security patches (windows + .NET).

For OWA and ECP, the authentication uses the 'AAA application traffic'.

 

Is there anyone who had de same issues with Exchange Active Sync with Citrix ADC version 13.0 build 71.44?

 

 

Kind regard,

 

 

Yuri de Haer

 

Here is some configuration code used for Exchange in the Citrix ADC configuration:

add serviceGroup LBSG_Exchange SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
set ssl serviceGroup LBSG_Exchange -sslProfile ns_default_ssl_profile_backend
bind serviceGroup LBSG_Exchange ExchangeServer-01 443
bind serviceGroup LBSG_Exchange ExchangeServer-02 443

add lb vserver LB_Exchange SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver LB_Webmail_FB-Auth SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180 -AuthenticationHost aaa.companyname.nl -Authentication ON -authnProfile auth-prof_webmail
add lb vserver LB_Webmail_Basic-Auth SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180 -authn401 ON -authnVsName aaa.companyname.nl
set ssl vserver LB_Webmail_FB-Auth -sslProfile ns_default_ssl_profile_frontend
set ssl vserver LB_Webmail_Basic-Auth -sslProfile ns_default_ssl_profile_frontend
set ssl vserver LB_Exchange -sslProfile ns_default_ssl_profile_frontend
bind ssl vserver LB_Webmail_FB-Auth -certkeyName webmail-companyname-nl_2020
bind ssl vserver LB_Webmail_Basic-Auth -certkeyName webmail-companyname-nl_2020
bind ssl vserver LB_Exchange -certkeyName webmail-companyname-nl_2020
bind lb vserver LB_Exchange LBSG_Exchange
bind lb vserver LB_Webmail_FB-Auth LBSG_Exchange
bind lb vserver LB_Webmail_Basic-Auth LBSG_Exchange

add cs action CSA_Webmail_FB-Auth -targetLBVserver LB_Webmail_FB-Auth
add cs action CSA_Webmail_Basic-Auth -targetLBVserver LB_Webmail_Basic-Auth
add cs policy CSP_OAB -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/oab\")"
add cs policy CSP_EAS -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/Microsoft-Server-ActiveSync\")"
add cs policy CSP_AUTODISCOVER -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/AutoDiscover\")"
add cs policy CSP_EWS -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/ews\")"
add cs policy CSP_ECP -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/ecp\")"
add cs policy CSP_OWA -rule "HTTP.REQ.HEADER(\"User-Agent\").SET_TEXT_MODE(IGNORECASE).CONTAINS(\"Mozilla\")"
add cs policy CSP_MAPI -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/mapi\")"
add cs policy CSP_RPC -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/rpc\")"


add cs vserver CS_Exchange SSL 192.168.8.10 443 -cltTimeout 180 -persistenceType NONE
set ssl vserver CS_Exchange -sslProfile ns_default_ssl_profile_frontend
bind ssl vserver CS_Exchange -certkeyName webmail-companyname-nl_2020
bind cs vserver CS_Exchange -policyName CSP_EWS -targetLBVserver LB_Webmail_Basic-Auth -priority 100
bind cs vserver CS_Exchange -policyName CSP_EAS -targetLBVserver LB_Webmail_Basic-Auth -priority 110
bind cs vserver CS_Exchange -policyName CSP_OAB -targetLBVserver LB_Webmail_Basic-Auth -priority 120
bind cs vserver CS_Exchange -policyName CSP_AUTODISCOVER -targetLBVserver LB_Webmail_Basic-Auth -priority 130
bind cs vserver CS_Exchange -policyName CSP_MAPI -targetLBVserver LB_Exchange -priority 140
bind cs vserver CS_Exchange -policyName CSP_RPC -targetLBVserver LB_Exchange -priority 150
bind cs vserver CS_Exchange -policyName CSP_ECP -targetLBVserver LB_Webmail_FB-Auth -priority 160
bind cs vserver CS_Exchange -policyName CSP_OWA -targetLBVserver LB_Webmail_FB-Auth -priority 170

Link to comment
Share on other sites

  • 6 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...