IIS on a 2012 R2 ARR and URL Rewrite. This might be more of an apple thing…got more info late yesterday from our network guy. After i moved away from Forms he showed me more oddness with the IOS devices. It all seems to stem from the device using an old book mark to the full URL for Forms……
I keep checking the loading dock for my Kemp box. ☺ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, May 17, 2017 9:13 AM To: exchange@lists.myitforum.com Subject: RE: [Exchange] Weird email access/wrong mailbox. What is your reverse proxy? I’ve never seen this issue with WAP, ARR, UAG, or TMG…. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: Tuesday, May 16, 2017 2:54 PM To: Exchange List Subject: RE: [Exchange] Weird email access/wrong mailbox. Much appreciated. No Netscaler here, but we do have a reverse proxy..and it happened right when I switched to Forms. I have rolled that back and am going to cross my fingers as a 2016 upgrade has been ordered with a new front end proxy/load balancer. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Tony Patton Sent: Tuesday, May 16, 2017 10:40 AM To: Exchange List Subject: Re: [Exchange] Weird email access/wrong mailbox. I found the RCA report from the issue, which had the following, and OWA is/was using Forms based Auth: As the investigations continued MS and Celestix determined that their solutions were working exactly as designed and that the culprit was a setting on the Citrix Netscaler load balancer. Citrix recommended that multiplexing was disabled and all agreed that there was no issue regarding authentication, all parties concurred that multiplexing was the cause of the issue and Microsoft advised that in every instance where they had seen breaches of this kind, once multiplexing had been disabled the issue never re-occurred: "We have seen this with a number of other customers in the past and this has been conclusively shown to happen when Citrix Netscaler multiplexing is in use. At this point in time we do not have any data from your environment to confirm our suspicions but, based on your architecture and our historic experiences, our strong recommendation is to disable Multiplexing on the Citrix NetScaler -http://support.citrix.com/article/CTX124713” The issue wasn't reported again after the NW team disabled multiplexing, but I've no information on whether it was at the service level or globally. On 15 May 2017 at 19:43, Kennedy, Jim <kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>> wrote: Interesting, nothing out of the ordinary in my logs. Network guy just came by, he had it happen to him also. And all three were on the same weekend. I did make a recent auth change from Basic to Forms about a week and a half before this started to make a SSO system we have work with it. Wonder if the Proxy server is tripping over cookies or something from the Form. Going to ponder it, but I may just switch it back. This is Exch 2010 and we have never had this issue until now. Same proxy server in place for several years….no recent updates. I missed last patch Tuesday due to vacation. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Tony Patton Sent: Monday, May 15, 2017 1:46 PM To: Exchange List Subject: Re: [Exchange] Weird email access/wrong mailbox. We had that issue early last year/late 2015 with OWA with one of our customers. I can't remember off-hand, but it was something to do with multiplexing(?) between the Netscalar load balancers and Celestix UAG servers. We weren't able to replicate the issue or find anything relevant in the logs on the Exchange servers. The UAG servers are supported by the Security team. I'll try and find the relevant information tomorrow when I'm back in the office. Tony On 15 May 2017 18:12, "Kennedy, Jim" <kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>> wrote: Just got back from vacation and I have two tickets on some odd mailbox access. Both are phones, they would not have been on our network and would have been coming in from the net through our reverse proxy for OWA. Going to just paste what they said, I have no idea where to look. “Today while my class was watching a video I accessed my email on my phone. The page reloaded on its own, and I was in someone else's school email.” “I had a very strange thing happen over the weekend to my email. I was checking my email through the browser on my phone and I clicked out of an email I was reading and back to my inbox. When I did this I had someone else's email!! I tried to refresh and I didn't get my email back.”
