Exchange 2007At the office we use Pound as a reverse proxy for Microsoft Exchange 2007 (and previously Microsoft Exchange 2003). This has been working fine with Exchange 2003, but with Exchange 2007 we were having some challenges.

Basicly when you would use Internet Explorer to log into OWA, you would most likely get a 500 Internal server error. In for instance Firefox, it would always work just fine. We did have this problem with Exchange 2003, but less frequent.

The Pound logfiles would show something along the lines of:
Dec 16 15:00:39 proxy pound: e500 can’t read header
Dec 16 15:00:39 proxy pound: response error read from 192.168.123.123:80: Succes

This is very simular to this old post on the Pound mailing list.

I asked 2 colleages of mine to look into this challenge and they managed to find the solution, the next is all thanks to them! Kudos to those guys, I would just like to share it with the rest of the world :)

Basically we had 2 issues.

  1. Pound can’t handle empty POST’s

    We resolved this issue by patching Pound, this however didn’t resolve our issue.

    Although we didn’t get any more 500 Internal Server errors from Pound, we were now getting a 400 Bad Request from Exchange.

  2. We have a startup page setup on every browser at the office, that pointed towards the URL of our Sharepoint extranet.

    Here you would be authenticated through NTLM. If you would then go to /owa (on the same URL as sharepoint, just a different subdirectory), Internet Explorer would refuse to POST towards a non NTLM authenticated page.If you would go to /owa directly, in stead of authenticating on the extranet URL first, it would work just fine.

    The solution
    The solution was actually very easy, just set OWA to Integrated Authentication.

NOTE
We patched pound to be able to support multiple Webdav methods, the ones Microsoft use are non standard. The patch was fairly easy, if anyone needs it feel free to place a comment.

References:
http://blogs.msdn.com/david.wang/archive/2005/12/01/HTTP-POST-Fails-for-Anonymous-Authentication.aspx
http://www.outlookpower.com/issues/issue200207/owa001.html

Be Sociable, Share!