Skip to content

Archive

Category: Netscaler

During migration from Exchange 2010 to Exchange 2016 and using Netscaler as loadbalancer I stumbled upon a situation when it was no more possible to change password in the 2010-OWA, you’d get an errormessage, everything else worked. This happened when we switched over (DNS records) to the Exchange 2016 OWA.


Exception Details
-----------------
Message: ReferenceError: OwaOptionsUtil is not defined
Url: https://owa.domain.com/ecp/PersonalSettings/Password.aspx/emailadress@domain.com/

 
A Google search on “OwaOptionsUtil is not defined” did not give a single hit so I launched fiddler trying to see what was happening:

200 HTTPS owa.domain.com /ecp/PersonalSettings/Password.aspx/emailadress@domain.com/
302 HTTPS owa.domain.com /ecp/14.3.399.0/Scripts/owa.js
200 HTTP  Tunnel to owa.domain.com:443
200 HTTPS owa.domain.com /owa/

 
After some testing, it was obvious the Netscaler did something as it worked connecting directly to the 2010-OWA.

We had a content switching rule in the Netscaler matching “/owa” to redirect traffic from HTTP to HTTPS when users typed in “http://owa.domain.com” in the browser, but as seen in fiddler it also matches “/owa.js” which is called when changing password. There are several guidelines and examples on the net how to set up Exchange behind Netscaler and some of them present the same configuration as we had.

 
Solution:
Use HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(“/owa/”) expression in the content switching policy, note “/owa/” vs “/owa”.

 

I renewed a SSL certificate on my Exchange Servers and needed to update it on my NetScaler.
 
To import the SSL certificate to NetScaler you need to export and convert the certificate. This is common usage for using a “Windows Certificate” on a Linux system or in a Java certificate store.
 
The steps to accomplish this:

  • Export the certificate from Exchange to a .pfx-file.
  • Extract the Certificate and Private Key from the .pfx-file. Windows does not support doing this natively, you need to have OpenSSL installed.
  • Import the Certificate and the Private Key file to NetScaler (or another appliance).

 
 
 

Export the certificate from Exchange 2010 Management Console
 

Go to Server Configuration and select the certificate you want to export.
 
 
crtexport2
Enter filename and a password.
 
 
 
 

Export the certificate from Exchange admin center (Exchange 2013)
 

Go to Servers and select Certificates
 
 

Mark the certificate and klick the (more) icon and select Export Exchange certificate.
 
 

Enter UNC Path and Password.

 
 
 
 

Convert the exported certificate
For this step you need to install OpenSSL: https://www.openssl.org/community/binaries.html

Read more about the PKCS#12 file utility: http://www.openssl.org/docs/manmaster/apps/pkcs12.html

 
 
 
 

Import the certificate to NetScaler
crtexport8
Go to Traffic Management > SSL > SSL Certificates and click Update.
 
 
crtexport9
Use the dropdown on the “Browse” button to select Local file rather than first uploading the file to the NetScaler.