Environment
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Support Pack 1 applied
Multiple secure and non secure protected resources
All protected resources work fine except for the Microsoft Outlook with Exchange over RPC
The Microsoft Outlook fat client is configured to point to the reverse proxy DNS name for exchange as described in http://technet.microsoft.com/en-us/library/aa996644.aspx
The Microsoft Outlook and exchange servers are configured as path based MH resources
Both are using SSL to back end
Situation
The Microsoft outlook client sends a request for the exchange path
based multihomed child but never gets the Outlook pages displayed
successfully - the session would just appear to hang infinitely.
Looking at the requests in more detail, it would appear that some
requests would get responded to, but others not. The Linux Access
Gateway (LAG) proxy processes the request for the Exchange RPC
server and sends a TCP connection open request to the back end Web
server. After the TCP 3 way handshake is done, the LAG NEVER sends
a client hello SSL request, but just issues a TCP FIN instead,
closing the TCP connection.
The icsdyn.log file just shows the following:
The icsdyn.log file just shows the following:
Oct 30 16:25:11 web : AM#504503000: AMDEVICEID#ag-149D3910BAE58169 :Looking at the requests for /rpc/rpcproxy.dll? in more detail, one could see that the HTTP method was using an RPC_IN_DATA type (see http://www.freelists.org/archives/isalist/09-2004/msg01167.html for more details). The LAG was dropping requests with this method and Outlook would fail as a result.
AMAUTHID#0:
AMEVENTID#75: Process request -1 'web.aens.net'
'/rpc/rpcproxy.dll?RUNT10:593'
[194.2.117.2:33971 -> 10.129.228.6:443]
Oct 30 16:25:11 web : AM#504503000: AMDEVICEID#ag-149D3910BAE58169 :
AMAUTHID#0:
AMEVENTID#75: Adding Error frames here
Oct 30 16:25:11 web : AM#504520000: AMDEVICEID#ag-149D3910BAE58169 :
AMAUTHID#0:
AMEVENTID#75: Browser req/resp[292, 0, 0] [timeToResp:-1 respDuration:-1]
curTime:292 ~ServerRequest [auth:0 acl:0 II:0] [rewrite 0 :0 0 0] [origin: 0,
0
, 0,0 retry:0 0]
Oct 30 16:25:11 web : AM#504503000: AMDEVICEID#ag-149D3910BAE58169 :
AMAUTHID#0:
AMEVENTID#76: Request is serviced by HTTP_DOMAIN_BASED_MULTI_HOMING_MASTER
serv
ice
Oct 30 16:25:11 web : AM#504503000: AMDEVICEID#ag-149D3910BAE58169 :
AMAUTHID#0:
AMEVENTID#76: Request will be serviced by host/domain based child service
'web.aens.net'
Oct 30 16:25:11 web : AM#504503000: AMDEVICEID#ag-149D3910BAE58169 :
AMAUTHID#0:
AMEVENTID#76: Path based child service resolution is successful
Oct 30 16:25:11 web : AM#504503000: AMDEVICEID#ag-149D3910BAE58169 :
AMAUTHID#0:
AMEVENTID#76: Process request -1 'web.aens.net'
'/rpc/rpcproxy.dll?RUNT10:593'
[194.2.117.2:33972 -> 10.129.228.6:443]
Oct 30 16:25:11 web : AM#504503000: AMDEVICEID#ag-149D3910BAE58169 :
AMAUTHID#0:
AMEVENTID#76: Adding Error frames here
Oct 30 16:25:11 web : AM#504520000: AMDEVICEID#ag-149D3910BAE58169 :
AMAUTHID#0: AMEVENTID#76: Browser req/resp[293, 0, 0] [timeToResp:-1
respDuration:-1]
curTime:293 ~ServerRequest [auth:0 acl:0 II:0] [rewrite 0 :0 0 0] [origin: 0,
0
, 0,0 retry:0 0]
Resolution
Apply the nam3sp1ir2.tar.gz patch (Access Manager 3 Support Pack 1
Interim Release 2). This proxy build will proxy requests with the
required RPC methods to the back end and allow the responses back
to the client.