Hints and Tips for configuring KEMP ESP on MS Exchange 2010

I have recently been working on KEMP’s ESP with exchange 2013 and haven’t had the change to work ESP for Exchange 2010 until now. Whist building some labs in preparation for a customer who has a Exchange 2010 environment, I ran into a few issues as a lot of the information out there focuses on exchange 2013 (which is expected).

I have collated some useful info for all those out there configuring KEMP ESP for MS Exchange 2010.

Lab Configuration:

1x KEMP VLM 100 running KEMP’s 7.0-4 Firmware

1x Exchange Server 2010 SP3 running on MS Server 2012

Hints & Tips:

1. To simplify and to reduce workloads download the Exchange 2010 ESP template from KEMP http://kemptechnologies.com/files/downloads/documentation/Templates/Exchange_2010/1.4/Exchange2010ESP.tmpl

This Template is configured for use with SSL offload.

2.  Configure the SSO Domain – make sure you are running the latest version of KEMP’s firmware 7.0-6 as you get a test user feature. This screen shot shows version 7.0-4


3. Ensure you are using Port 443, not port 80 on your sub interfaces.


4. On all Sub interfaces, You will need to select the SSO and add the allowed virtual hosts – I used a wild card to simplify things. OWA is the only Sub interface that requires client and Server authentication.


5. On the OWA sub interface, the Pre-Authentication Excluded Directories field should be left blank. On MS Exchange 2013 you will need to populate this box with the Exchange Guid. Please see Jaap Wesselius‘s Blog for more details on exchange 2013. http://www.jaapwesselius.com/2013/05/08/kemp-edge-security-pack-for-exchange-2013/


6. Ensure you have configured your Exchange OWA to use Basic Authentication also ensure you run a IISReset  to make the change.


7. If you are not using SSL Offload, you will need to select Reencrypt on the Virtual Service.


8. Ensure your Content Matching rules are as follows:

Operation Name Match Type Options Header Pattern
1 ActiveSync RegEx Ignore Case /^\/microsoft-server-activesync.*/
2 Autodiscover RegEx Ignore Case /^\/autodiscover.*/
3 ECP RegEx Ignore Case /^\/ecp.*/
4 EWS RegEx Ignore Case /^\/ews.*/
5 Login RegEx Ignore Case /^\/lm_auth_proxy.*/
6 OAB RegEx Ignore Case /^\/oab.*/
7 OWA RegEx Ignore Case /^\/owa.*/
8 PowerShell RegEx Ignore Case /^\/powershell.*/
9 RPC RegEx Ignore Case /^\/rpc.*/
10 Root RegEx /^\/$/

There you have it……. ESP configured


For more information on Load Balancing and ESP on Exchange 2010 Please see:




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: