Is OWA 2010 fully supported in the 7.0R2 firmware?
If so, could anyone provide guidance on how this should be configured?
I am currently attempting to build support on a SA4500 cluster with 7.0R2, connecting to OWA 2010 using the built-in application profile-- and performance is terrible / not-suitable-for-production use.
Our Exchange 2010 server does have SP1 installed. I saw some posts about SP1 being an issue-- Is there any documentation on this? If it is a problem, will SP1 be supported soon? Would we need to downgrade Exchange to provide remote access across Juniper?
Any assistance would be greatly appreciated.
Web Application Resource Profile settings are as follows:
Type: Microsoft OWA 2010
Description: (No Entry)
Base URL: https://owa_server/owa
Unmanaged device: Checked
Attachments: (neither option checked)
Autopolicy: Web Access Control: Checked
resource: https://owa_server:443/* Allow
Autopolicy: Caching: Checked
resource: https://owa_server:443/owa/attachment.ashx?attach=1* Unchanged
resource: https://owa_server:443/owa/WebReadyView.aspx?t=att&* No-Cache
resource: https://owa_server:443/* Smart
Autopolicy: Web Compression: Checked
Autopolicy: Single Sign-On: (Not Checked)
Autopolicy: Client Authentication (Not Checked)
OWA 2010 with SP1 is not supported currently, though OWA 2010 without SP1 is.
I've also tested R2, and it does not work.
Reply from JTAC:
Got a confirmation from the advanced level team that Exchange 2010 SP1 does not support with 7.0R1 Unfortunately, the feature requested by you is not currently supported in the IVE. However I do believe that it would be of great value to have this feature in our box. As per process, we request you to contact your Juniper Sales Team as they are best qualified to follow-up on this with the Product Line Managers.
Jtac informed me today that 7.0R3 which was released a few days ago, supports 2010 SP1, the documentation does not reflect that yet, but they mentioned it would be updated within the next few days. We will be deploying it in our lab tonight and review.
As for R2, they claim it is supported but we had to change some priveldges on the admin account we use for the SSL, it was detailed and Juniper has no documentation on it, so not sure why they keep saying R2 is supported and not provide the documented changes that need to occur. Below is what ws done in case anyone needs it:
These instructions were compile from KB2624 and working with Juniper Technical Support. The KB article is not entirely accurate so follow the instructions outlined below. These instructions have been tested with Windows 2008 R2 and IVE 7.0R2.
On Windows 2008 R2 Domain Controller
1. Launch AD Users and Computers
2. Right Click the Computers Container and Select "Delegate Control"
3. Click "Next" on the Welcome Screen
4. Click "Add" Button and enter the Group or User that is configured on the IVE (Aut Servers Section of the IVE "Admin Username")
5. Click "Next" once the user has been selected
6. Select "Create a custom task to delegate" and click the "Next" button
7. Select "Only the following objects in the folder" and Check "Computer objects" and Check "Create selected objects in this folder" and "Delete selected objects in this folder" and click the "Next" button
8. Select "Creation/deletion of specific child objects" and check "Create All Child Objects" and "Delete All Child Objects" and click the "Next" button
9. Click "Finish"
On the IVE
1. Aut Servers -> (select Athentication/Authorization Server)
2. Update the Primary and Secondary Domain Controllers to point to the Windows 2008 R2 Domain Controllers (also make sure NTP is updated to point to these if you are using the old Domain Controllers as the NTP Server Address. This setting is update from the Overview Page -> Click "Edit" link next to the current time. Enter the new NTP Server Address.)
3. Check the option "Domain Controller is a Windows 2008 server"
4. Verify the Admin Username and Admin Password matches the account setup with the delegated permissions on the Computer Container (please note that our admin account is specic for the IVE per a prior JTAC KB article)
5. Click "Save" Button
6. Click "Test Configuration" Button
You may recieve the following message once the tests have complete. The warning message is normal.
Warning. Either the server is not a domain controller of the domain or the Netbios name of the domain is different from the active directory (LDAP) name