@Jiggz wrote:
Hi community,
I’ve been scratching my head with this problem for far too long now. The thing is, everything works fine with HAp and Exchange 2013 EXCEPT Outlook (2016) for MAC. In other words, the EWS protocol in Exchange seem to have problems with my config file and I can’t figure out why.
If I start Outlook for Mac it works just fine for a minute or two, but after that I just get disconnected from the Exchange server. I then stay connected again for a while, and the same thing happens over and over again. Very frustrating. (Windows Outlook works just fine, no problems there).
I’ve been looking at haproxy.log, but at the time of the disconnect there’s just no (new) information to be found there. In other words, everything looks normal (I just get disconnected for some reason)
I’ve been playing with timeout client and timeout server options to no avail. Could someone plz take a look at the following configuration file and tell me some good advice, thanks!
global log 127.0.0.1 local2 info chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 100000 user haproxy group haproxy daemon ssl-default-bind-options no-sslv3 ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-default-server-options no-sslv3 ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS tune.ssl.default-dh-param 2048 # turn on stats unix socket stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull #option http-server-close option forwardfor except 127.0.0.0/8 option redispatch #option contstats retries 3 timeout http-request 10s timeout queue 1m timeout connect 4s #timeout client 2m timeout client 1000s #timeout server 1m timeout server 1000s timeout http-keep-alive 10s timeout check 10s listen stats x.x.x.x:444 # VIP-IP stats enable stats refresh 300s stats show-node stats auth xxxx:xxxx stats hide-version stats uri /stats frontend fe_ex2013 # http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload http-response set-header X-Frame-Options SAMEORIGIN http-response set-header X-Content-Type-Options nosniff mode http bind *:80 bind *:443 ssl crt /etc/ssl/certs/exchange_certificate_and_key_nopassword.pem redirect scheme https code 301 if !{ ssl_fc } ## redirect 80 -> 443 (for owa) acl autodiscover url_beg /Autodiscover acl autodiscover url_beg /autodiscover acl mapi url_beg /mapi acl rpc url_beg /rpc acl owa url_beg /owa acl eas url_beg /Microsoft-Server-ActiveSync acl ecp url_beg /ecp acl ews url_beg /EWS acl oab url_beg /OAB use_backend be_ex2013_autodiscover if autodiscover use_backend be_ex2013_mapi if mapi use_backend be_ex2013_rpc if rpc use_backend be_ex2013_owa if owa use_backend be_ex2013_eas if eas use_backend be_ex2013_ecp if ecp use_backend be_ex2013_ews if ews use_backend be_ex2013_oab if oab default_backend be_ex2013 backend be_ex2013_autodiscover mode http balance roundrobin option httpchk GET /autodiscover/healthcheck.htm option log-health-checks http-check expect status 200 server ex1 1.1.1.1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt server ex2 2.2.2.2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_mapi
mode http
balance roundrobin
option httpchk GET /mapi/healthcheck.htm
option log-health-checks
http-check expect status 200
server ex1 1.1.1.1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt
server ex2 2.2.2.2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_rpc
mode http
balance roundrobin
option httpchk GET /rpc/healthcheck.htm
option log-health-checks
http-check expect status 200
server ex1 1.1.1.1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt
server ex2 2.2.2.2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_owa
mode http
balance roundrobin
option httpchk GET /owa/healthcheck.htm
option log-health-checks
http-check expect status 200
server ex1 1.1.1.1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt
server ex2 2.2.2.2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_eas
mode http
balance roundrobin
option httpchk GET /microsoft-server-activesync/healthcheck.htm
option log-health-checks
http-check expect status 200
server ex1 1.1.1.1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt
server ex2 2.2.2.2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_ecp
mode http
balance roundrobin
option httpchk GET /ecp/healthcheck.htm
option log-health-checks
http-check expect status 200
server ex1 1.1.1.1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt
server ex2 2.2.2.2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_ews
mode http
balance roundrobin
option httpchk GET /ews/healthcheck.htm
option log-health-checks
http-check expect status 200
server ex1 1.1.1.1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt
server ex2 2.2.2.2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_oab
mode http
balance roundrobin
option httpchk GET /oab/healthcheck.htm
option log-health-checks
http-check expect status 200
server ex1 1.1.1.1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt
server ex2 2.2.2.2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013
mode http
balance roundrobin
server ex1 1.1.1.1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt
server ex2 2.2.2.2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt#################
STMP and IMAP
#################
frontend fe_exchange_smtp
mode tcp
option tcplog
bind x.x.x.x:25 name smtp # VIP-IP, port not open to the public internet, only against (Postfix)
default_backend be_exchange_smtpbackend be_exchange_smtp
mode tcp
option tcplog
balance roundrobin
server ex1 1.1.1.1:25 weight 10 check
server ex2 2.2.2.2:25 weight 20 check### No need to Load Balance port 587 and 465. Postfix handles these.frontend fe_exchange_imaps
mode tcp
option tcplogbind x.x.x.x:143 name imap ### Not allowing unencrypted imap.
bind x.x.x.x:993 name imaps ### VIP-IP default_backend be_exchange_imapsbackend be_exchange_imaps
mode tcp
option tcplog
#balance roundrobin
balance leastconn
option redispatch
#stick store-request src
#stick-table type ip size 200k expire 30m
option tcp-checktcp-check connect port 143
tcp-check expect string * OK
tcp-check connect port 993 ssl tcp-check expect string * OK server ex1 1.1.1.1:993 weight 10 server ex2 2.2.2.2:993 weight 20
Posts: 1
Participants: 1