I have recently been working on KEMP’s ESP with exchange 2013 and haven’t had the change to work ESP for Exchange 2010 until now. Whist building some labs in preparation for a customer who has a Exchange 2010 environment, I ran into a few issues as a lot of the information out there focuses on exchange 2013 (which is expected).
I have collated some useful info for all those out there configuring KEMP ESP for MS Exchange 2010.
Lab Configuration:
1x KEMP VLM 100 running KEMP’s 7.0-4 Firmware
1x Exchange Server 2010 SP3 running on MS Server 2012
Hints & Tips:
1. To simplify and to reduce workloads download the Exchange 2010 ESP template from KEMP http://kemptechnologies.com/files/downloads/documentation/Templates/Exchange_2010/1.4/Exchange2010ESP.tmpl
This Template is configured for use with SSL offload.
2. Configure the SSO Domain – make sure you are running the latest version of KEMP’s firmware 7.0-6 as you get a test user feature. This screen shot shows version 7.0-4
3. Ensure you are using Port 443, not port 80 on your sub interfaces.
4. On all Sub interfaces, You will need to select the SSO and add the allowed virtual hosts – I used a wild card to simplify things. OWA is the only Sub interface that requires client and Server authentication.
5. On the OWA sub interface, the Pre-Authentication Excluded Directories field should be left blank. On MS Exchange 2013 you will need to populate this box with the Exchange Guid. Please see Jaap Wesselius‘s Blog for more details on exchange 2013. http://www.jaapwesselius.com/2013/05/08/kemp-edge-security-pack-for-exchange-2013/
6. Ensure you have configured your Exchange OWA to use Basic Authentication also ensure you run a IISReset to make the change.
7. If you are not using SSL Offload, you will need to select Reencrypt on the Virtual Service.
8. Ensure your Content Matching rules are as follows:
| Operation | Name | Match Type | Options | Header | Pattern | |
|---|---|---|---|---|---|---|
| 1 | ActiveSync | RegEx | Ignore Case | /^\/microsoft-server-activesync.*/ | ||
| 2 | Autodiscover | RegEx | Ignore Case | /^\/autodiscover.*/ | ||
| 3 | ECP | RegEx | Ignore Case | /^\/ecp.*/ | ||
| 4 | EWS | RegEx | Ignore Case | /^\/ews.*/ | ||
| 5 | Login | RegEx | Ignore Case | /^\/lm_auth_proxy.*/ | ||
| 6 | OAB | RegEx | Ignore Case | /^\/oab.*/ | ||
| 7 | OWA | RegEx | Ignore Case | /^\/owa.*/ | ||
| 8 | PowerShell | RegEx | Ignore Case | /^\/powershell.*/ | ||
| 9 | RPC | RegEx | Ignore Case | /^\/rpc.*/ | ||
| 10 | Root | RegEx | /^\/$/ |
There you have it……. ESP configured
For more information on Load Balancing and ESP on Exchange 2010 Please see:
http://kemptechnologies.com/files/support/documentation/KEMP_Exchange_2010_Deployment_Guide.pdf
Ryan Mangan's IT Blog 
Leave a Reply