It is very important to know what version are you running in Centos.
2013/1/22 Graham Morley <[email protected]>
> Hi,****
>
> ** **
>
> Many thanks for the very detailed reply.****
>
> ** **
>
> I have now tested this as an option and it works as expected.****
>
> ** **
>
> But we were planning to terminate the SSL connection on the Load Balancer
> and then use HTTP to the backend Exchange servers. This was to overcome
> some challenges in our current environment.****
>
> ** **
>
> As part of my troubleshooting, I’ve now installed a very basic CentOS
> server with the latest version of Pound (version 2.6) and replicated what I
> was trying to do with the Zen Load Balancer.****
>
> ** **
>
> This works absolutely fine, for all aspects of “Outlook Web Access” and
> “Outlook Anywhere”.****
>
> ** **
>
> Does this possibly indicate a problem with the version of Pound that’s
> used on Zen Load Balancer? From what I can tell, both version 2 (stable)
> and version 3rc1 use Pound version 2.5****
>
> ** **
>
> If this is the likely cause of my RPC issues (as it appears to be), are
> there any plans to update the version of Pound that’s used with the Zen
> Load Balancer.****
>
> ** **
>
> I’m happy to test an updated version against my environment if that would
> be a help? Just drop me some pointers of how to upgrade the one in Zen.***
> *
>
> ** **
>
> Kind Regards,****
>
> ** **
>
> Graham.****
>
> ** **
>
> ** **
>
> *From:* y l [mailto:[email protected]]
> *Sent:* 22 January 2013 07:12
> *To:* [email protected]
> *Subject:* Re: [Zenloadbalancer-support] Zen and Outlook Anywhere Issues**
> **
>
> ** **
>
> Hi graham,
>
> Unfortunately, Microsoft is obfuscating the RPC protocol into HTTP
> protocol which may required both ends of the socket to understand which
> version of RPC will be encapsulated within the HTTP payload. since you try
> to force Zen LB to terminate and proxy the request to the backend MS
> exchange servers, there may be an RPC incompatibility problem.
>
> One possible solution is to enable SSL /TLS in all backend MS Exchange
> servers and to prevent Zen LB from proxying RPC over HTTPS, Just use the
> Zen LB TCP profile to define the VIP to route all SSL / TLS traffic to the
> backend MS Exchange OWA IIS interface and RPC redirect folders.
>
> Then, you need to use the MS trick to export the private key along with
> the signed certificate and import it to any additional MS Exchange severs.
>
> 1) Generating CSR in MS Exchange IIS
>
> Select one of your MS Exchange servers to create a Certificate Signing
> Request (CSR) via the IIS web site associated with Ms Exchange which will
> create an X.509 private and public key pairs and a CSR file to be signed by
> an external Root Certificate Authority (rootCA)
>
> 2) Sign the CSR with the openSSL rootCA you indicated you had genrated
> and ensure all servers and clients imported your rootCA into the MS
> Windows Trusted Root CA repository
>
> Get the CSR from the MS Exchange server and sign it with your openSSL
> environment
>
> 3) Import rootCa and the MS Exchange server
>
> 3a. Import the openSSL rootCA via MMC snap-in
> 3b. Import the openSSL signed MS Exchnage server certificate via IIS
> pending certificate screen where the
> CSR was generated
>
> 4) Now follow the instruction link below to transfer IIS 7 certificates
> along with its associated private key
>
> 5) Import rootCa and the source MS Exchange server certificate and private
> to the rest of all Ms Exchange servers
>
> Follow the instruction link below to transfer IIS 7 certificates along
> with its associated private key
>
> 6) Configure Zen LB VIP to handle SSL / TLS via its TCP profile.
>
> You may try to use the Zen Load Balancer TCP profile, then specify the
> Farm Virtual IP and Virtual port and associated them with the MS Exchange
> backend servers which are listening for SSL / TLS traffic. Please do not
> setup nor associate any certificates with the farm definition for your VIP
> entries in the Zen LB. Just pretend your farm VIP traffic were being setup
> for port 80, but simply specify the ports you are using for SSL / TLS. All
> traffic will be routed to the backend where certificates processing will be
> handled as before Zen LB was used.
>
>
>
> Links:
>
> Install SSL Certificate Outlook Web Access (OWA)
> http://www.geocerts.com/install/owa****
> Configure Outlook Anywhere to Use an SSL Certificate with Redirection****
>
> http://technet.microsoft.com/en-us/library/bb310764%28v=exchg.141%29.aspx
>
>
>
> How to Import and Export SSL Certificates in IIS 7****
> Transferring IIS 7 Certificate Files****
>
> http://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm
>
>
>
> Regards,
>
> YPSlinux****
>
> ** **
>
> ** **
> ------------------------------
>
> *From:* Graham Morley <[email protected]>
> *To:* "'[email protected]'" <
> [email protected]>
> *Sent:* Monday, January 21, 2013 4:27 AM
> *Subject:* [Zenloadbalancer-support] Zen and Outlook Anywhere Issues****
>
> ** **
>
> Hi All,****
>
> ****
>
> I’m new to the Zen Loadbalancer and I’m having some issues getting is
> working as part of an Exchange 2007 solution.****
>
> ****
>
> I’m try to use v2 (stable) as a solution to balance and terminate HTTPS
> connections to an Exchange 2007 environment. Everything is working great
> for OWA (Outlook Web Access), but it’s not working for OA (Outlook Anywhere
> – RCP over HTTPS).****
>
> ****
>
> Here’s what I know:****
>
> ****
>
> - I’m using a self-signed certificate for testing, which was
> created with OpenSSL and I have added this to my Trusted Root Certificates
> store on the machine I’m testing from.****
>
> - OWA (Outlook Web Access) works great, the certificate shows
> correctly in the browser (IE 9), so no problems there.****
>
> - When I try to connect using OA (Outlook Anywhere), I just get
> a response from Outlook saying ‘Server Unavailable’.****
>
> - In the configuration for the Farm, I have the RPC extensions
> enabled.****
>
> ****
>
> To try and troubleshoot this, I’ve used Wireshark to do a packet trace of
> a working solution (which uses MS ISA Server for the HTTPS termination) and
> from Zen.****
>
> ****
>
> The main difference that I can see is that with Zen Loadbalancer, I get a
> TLS “Encrypted Alert 21’ messages and then the connection is reset.****
>
> ****
>
> I could really using some help in trying to troubleshoot this, as I’m keen
> to use Zen to replace MS ISA Server, but need to resolve this OA (Outlook
> Anywhere) issue.****
>
> ****
>
> So any pointers on:****
>
> ****
>
> - Could it be the Certificate?****
>
> o It is self-signed, but this works fine for OWA and is trusted on the
> machine I’m testing from…****
>
> - Is there some logging that I could enable in Zen to understand
> and troubleshoot the problem better?****
>
> - Has anyone else experienced this problem?****
>
> - Could this be a Bug? (It’s much more likely something I’ve
> done incorrectly)****
>
> ****
>
> Any help would be greatly appreciated. I’m happy to supply more
> information if it’s required.****
>
> ****
>
> Kind Regards,****
>
> ****
>
> Graham.****
>
>
> ___________________________________________________________________________
>
> The All England Lawn Tennis Club (Championships) Limited (company number
> 7546773) is a company registered in England & Wales whose registered office
> is at Church Road, Wimbledon SW19 5AE. The All England Lawn Tennis &
> Croquet Club Limited (company number 7546718) is a company registered in
> England and Wales whose registered office is at Church Road, Wimbledon SW19
> 5AE. The Club’s grounds are owned by The All England Lawn Tennis Ground plc
> (company number 168491, registered in England and Wales) whose registered
> office is at 1 Little New Street, London EC4A 3TR.
>
> This email and its contents (including attachments) are confidential, and
> must not be disclosed without the sender’s permission. If you receive this
> email in error please notify the sender immediately and then delete it from
> your system. Emails may be monitored in accordance with English law.****
>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
> _______________________________________________
> Zenloadbalancer-support mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
> ****
>
> ___________________________________________________________________________
>
> The All England Lawn Tennis Club (Championships) Limited (company number
> 7546773) is a company registered in England & Wales whose registered office
> is at Church Road, Wimbledon SW19 5AE. The All England Lawn Tennis &
> Croquet Club Limited (company number 7546718) is a company registered in
> England and Wales whose registered office is at Church Road, Wimbledon SW19
> 5AE. The Club’s grounds are owned by The All England Lawn Tennis Ground plc
> (company number 168491, registered in England and Wales) whose registered
> office is at 1 Little New Street, London EC4A 3TR.
>
> This email and its contents (including attachments) are confidential, and
> must not be disclosed without the sender’s permission. If you receive this
> email in error please notify the sender immediately and then delete it from
> your system. Emails may be monitored in accordance with English law.
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnnow-d2d
> _______________________________________________
> Zenloadbalancer-support mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe): [email protected]
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
