Exchange 2010 SP2 and Citrix Netscalers – SSL gotcha

This is a quick note about a real issue that I ran into very recently. With the Microsoft Exchange 2010 SP2 update there are a number of things to be careful of. With any of the major rollups and service packs, there are often default configuration settings which are re-enabled as a part of the update.

If you’ve been running Exchange with Outlook Web Access then you have most likely hit the first of two issues which is that any customized OWA pages (logon, logoff etc.) are overwritten during updates. Make sure that you save any custom configurations, and if you have configured a different default theme to be used by your CAS servers in 2010, you may also have to reset the default again to your chosen theme.

The second issue which will really twist you up is if you are using a Network Load Balancer (NLB) such as the Citrix Netscaler appliance. The reason that this is an issue is because of the SSL offload capability which is one of the great advantages of these devices.

During the update of the CAS roles to SP2, the Default Web Site suddenly disappeared from the active monitoring despite the fact that the site itself was still up when accessed directly from the local server using the https://yourservername/owa URL. The key to this is that during the update the SSL option was re-enabled on the Default Web Site for the CAS server.

Because we use the NLB for managing the SSL we can safely uncheck the SSL Required option within IIS and as if by magic, the site is now available again through the load balanced configuration.

 

1 thought on “Exchange 2010 SP2 and Citrix Netscalers – SSL gotcha”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.