UC Insights from in CITES

blog navigation


abn@illinois.edu Jul 18, 2013 6:50 am

During a scheduled maintenance window, some planned changes to Exchange and related services were not completed successfully. This resulted in a degradation of service for some Exchange users who use ActiveSync or Outlook Anywhere beginning Friday, July 12, 2013. A solution for the ActiveSync issue was provided Friday morning and the Outlook Anywhere issue was resolved on Sunday.

ActiveSync clients that were correctly configured to include the UOFI domain or UPN in their credentials when authenticating were not affected. ActiveSync clients that were not configured to include the UOFI domain or UPN received authentication messages or simply failed to connect, depending on the specific client. Prior to Thursday night, pre-authentication for ActiveSync connections was performed on the Threat Management Gateways (TMG). Authentication for ActiveSync connections is now performed on the Client Access Servers (CAS). TMG and CAS are configured to handle authentication the same way, but CAS does not appear to be applying the UOFI domain as default when it is not populated on the mobile device. Instead of making an untested change to the CAS servers, the least risky solution was to have affected clients change their configuration to include the UOFI domain or UPN.

Outlook Anywhere clients worked correctly while on campus, but were blocked by the firewall when originating from non-campus IP space. A temporary DNS change was made to mitigate this issue until a firewall change is made this week.

Future Plans
CITES is using the test Exchange environment to determine the best way to proceed. The testing results will be fully evaluated next week before deciding on a plan of action.
The firewall and load balancer configurations will be changed so that activesync.illlinois.edu and outlookanywhere.illinois.edu are routed as appropriately.

Reply to abn@illinois.edu at 6:50 am