Good Morning People,

I've a network issue involving Cisco ACE and Microsoft Exchange. I'm a network consultant at a Cisco reseller in Brazil and we recently deployed a Cisco Exchange 2010 under the Cisco ACE(that's working fine including all other VIP's, Contexts, Routing and so on). But the big problem found for us is that when clients are conected into OWA(Outlook Web Access), in their sessions appears the following message below:

"If you can't receive alerts such as reminders or new e-mail notifications, or receive chat messages or see presence changes, make sure your network connection is working. If the problem continues, contact your helpdesk."

Another thing that's not working is a email update into OWA(When new messages are received they do not appear on OWA Inbox, being needed press the "F5 Key" every time).

I found in F5 documentation the same problem that was solved through firmware update (Link F5: http://support.f5.com/kb/en-us/solutions/public/12000/500/sol12589.html).

The more interesting thing that happens is that the reproduced "test" made through the Exchange Server Directly(Not passing into VIP) are working perfectly on both servers, but the reverse situation not, which leads us to believe that the problem is on ACE.

I Would like help in this question and would also help to know if someone have found the same problem before or deployed the same case with sucess.

Below is my complete ACE Context "VC_Exchange" configuration that's working fine except trought OWA:

---------------------------------------------------------------------------------------------------------------------------------------------
crypto chaingroup Chain01
  cert ExchangeServer.pfx
  cert intermediaria.crt

access-list any line 100 extended permit icmp any any
access-list any line 200 extended permit ip any any

probe tcp TCP110
  description Probe POP3
  port 110
  interval 2
  passdetect interval 5
  connection term forced
  open 1
probe tcp TCP135
  description Probe RPC
  port 135
  interval 2
  passdetect interval 5
  connection term forced
  open 1
probe tcp TCP25
  description Probe SMTP
  port 25
  interval 2
  passdetect interval 5
  connection term forced
  open 1
probe tcp TCP59531
  description RPC
  port 59531
  interval 2
  passdetect interval 5
  connection term forced
  open 1
probe tcp TCP59532
  description RPC
  port 59532
  interval 2
  passdetect interval 5
  connection term forced
  open 1
probe tcp TCP80
  description Probe HTTP
  port 80
  interval 2
  passdetect interval 5
  connection term forced
  open 1
probe tcp TCP995
  description Probe Secure-POP3
  port 995
  interval 2
  passdetect interval 5
  connection term forced
  open 1
rserver host SRVEX1_1
  ip address 192.168.0.160
  inservice
rserver host SRVEX1_2
  ip address 192.168.0.117
  inservice
rserver host SRVEX2_1
  ip address 192.168.0.161
  inservice
rserver host SRVEX2_2
  ip address 192.168.0.118
  inservice

serverfarm host SF_EXCHANGE_01_EXTERNO_PORT443
  probe TCP80
  rserver SRVEX1_2 80
    inservice
  rserver SRVEX2_2 80
    inservice
serverfarm host SF_EXCHANGE_01_EXTERNO_PORT80
  probe TCP80
  rserver SRVEX1_2 80
    inservice
  rserver SRVEX2_2 80
    inservice
serverfarm host SF_EXCHANGE_01_INTERNO_PORT110
  probe TCP110
  rserver SRVEX1_1 110
    inservice
  rserver SRVEX2_1 110
    inservice
serverfarm host SF_EXCHANGE_01_INTERNO_PORT135
  probe TCP135
  rserver SRVEX1_1 135
    inservice
  rserver SRVEX2_1 135
    inservice
serverfarm host SF_EXCHANGE_01_INTERNO_PORT25
  probe TCP25
  rserver SRVEX1_1 25
    inservice
  rserver SRVEX2_1 25
    inservice
serverfarm host SF_EXCHANGE_01_INTERNO_PORT443
  probe TCP80
  rserver SRVEX1_1 80
    inservice
  rserver SRVEX2_1 80
    inservice
serverfarm host SF_EXCHANGE_01_INTERNO_PORT59531
  probe TCP59531
  rserver SRVEX1_1 59531
    inservice
  rserver SRVEX2_1 59531
    inservice
serverfarm host SF_EXCHANGE_01_INTERNO_PORT59532
  probe TCP59532
  rserver SRVEX1_1 59532
    inservice
  rserver SRVEX2_1 59532
    inservice
serverfarm host SF_EXCHANGE_01_INTERNO_PORT80
  probe TCP80
  rserver SRVEX1_1 80
    inservice
  rserver SRVEX2_1 80
    inservice
serverfarm host SF_EXCHANGE_01_INTERNO_PORT995
  probe TCP995
  rserver SRVEX1_1 995
    inservice
  rserver SRVEX2_1 995
    inservice

parameter-map type ssl SSL_PARAMETER
  cipher RSA_WITH_3DES_EDE_CBC_SHA
  cipher RSA_WITH_AES_128_CBC_SHA priority 2
  cipher RSA_WITH_AES_256_CBC_SHA priority 3

sticky ip-netmask 255.255.255.255 address both STICKY_SF_EXCHANGE_01_INTERNO_PORT25
  timeout 5
  replicate sticky
  serverfarm SF_EXCHANGE_01_INTERNO_PORT25
sticky http-cookie ACE-Insert STICKY_SF_EXCHANGE_01_INTERNO_PORT80  cookie insert browser-expire
  timeout 5
  replicate sticky
  serverfarm SF_EXCHANGE_01_INTERNO_PORT80
sticky ip-netmask 255.255.255.255 address both STICKY_SF_EXCHANGE_01_INTERNO_PORT110
  timeout 5
  replicate sticky
  serverfarm SF_EXCHANGE_01_INTERNO_PORT110
sticky ip-netmask 255.255.255.255 address both STICKY_SF_EXCHANGE_01_INTERNO_PORT135
  timeout 5
  replicate sticky
  serverfarm SF_EXCHANGE_01_INTERNO_PORT135
sticky http-cookie ACE-Insert STICKY_SF_EXCHANGE_01_INTERNO_PORT443
  cookie insert browser-expire
  timeout 5
  replicate sticky
  serverfarm SF_EXCHANGE_01_INTERNO_PORT443
sticky ip-netmask 255.255.255.255 address both STICKY_SF_EXCHANGE_01_INTERNO_PORT995
  timeout 5
  replicate sticky
  serverfarm SF_EXCHANGE_01_INTERNO_PORT995
sticky ip-netmask 255.255.255.255 address both STICKY_SF_EXCHANGE_01_INTERNO_PORT59531
  timeout 5
  replicate sticky
  serverfarm SF_EXCHANGE_01_INTERNO_PORT59531
sticky ip-netmask 255.255.255.255 address both STICKY_SF_EXCHANGE_01_INTERNO_PORT59532
  timeout 5
  replicate sticky
  serverfarm SF_EXCHANGE_01_INTERNO_PORT59532
sticky http-cookie ACE-Insert STICKY_SF_EXCHANGE_01_EXTERNO_PORT80
  cookie insert browser-expire
  timeout 5
  replicate sticky
  serverfarm SF_EXCHANGE_01_EXTERNO_PORT80
sticky http-cookie ACE-Insert STICKY_SF_EXCHANGE_01_EXTERNO_PORT443
  cookie insert browser-expire
  timeout 5
  replicate sticky
  serverfarm SF_EXCHANGE_01_EXTERNO_PORT443

ssl-proxy service SSL_VIP_Exchange
  key ExchangeServer.pfx
  cert ExchangeServer.pfx
  chaingroup Chain01
  ssl advanced-options SSL_PARAMETER

class-map type management match-any REMOTE_ACCESS
  2 match protocol telnet any
  3 match protocol icmp any
  4 match protocol snmp any
  5 match protocol http any
class-map match-all VIP_EXCHANGE_01_EXTERNO_PORT443
  2 match virtual-address 10.10.0.151 tcp eq https
class-map match-all VIP_EXCHANGE_01_EXTERNO_PORT80
  2 match virtual-address 10.10.0.151 tcp eq www
class-map match-all VIP_EXCHANGE_01_PORT110
  2 match virtual-address 10.10.0.150 tcp eq pop3
class-map match-all VIP_EXCHANGE_01_PORT135
  2 match virtual-address 10.10.0.150 tcp eq 135
class-map match-all VIP_EXCHANGE_01_PORT25
  2 match virtual-address 10.10.0.150 tcp eq smtp
class-map match-all VIP_EXCHANGE_01_PORT443
  2 match virtual-address 10.10.0.150 tcp eq https
class-map match-all VIP_EXCHANGE_01_PORT59531
  2 match virtual-address 10.10.0.150 tcp eq 59531
class-map match-all VIP_EXCHANGE_01_PORT59532
  2 match virtual-address 10.10.0.150 tcp eq 59532
class-map match-all VIP_EXCHANGE_01_PORT80
  2 match virtual-address 10.10.0.150 tcp eq www
class-map match-all VIP_EXCHANGE_01_PORT995
  2 match virtual-address 10.10.0.150 tcp eq 995
class-map type http loadbalance match-any default-compression-exclusion-mime-type
  description DM generated classmap for default LB compression exclusion mime types.
  2 match http url .*gif
  3 match http url .*css
  4 match http url .*js
  5 match http url .*class
  6 match http url .*jar
  7 match http url .*cab
  8 match http url .*txt
  9 match http url .*ps
  10 match http url .*vbs
  11 match http url .*xsl
  12 match http url .*xml
  13 match http url .*pdf
  14 match http url .*swf
  15 match http url .*jpg
  16 match http url .*jpeg
  17 match http url .*jpe
  18 match http url .*png

policy-map type management first-match MGMT
  class REMOTE_ACCESS
    permit

policy-map type loadbalance http first-match LB_SF_EXCHANGE_01_EXTERNO_PORT443
  class class-default
    compress default-method deflate
    sticky-serverfarm STICKY_SF_EXCHANGE_01_EXTERNO_PORT443
    insert-http x-forward header-value "%is"
policy-map type loadbalance http first-match LB_SF_EXCHANGE_01_EXTERNO_PORT80
  class class-default
    compress default-method deflate
    sticky-serverfarm STICKY_SF_EXCHANGE_01_EXTERNO_PORT80
    insert-http x-forward header-value "%is"
policy-map type loadbalance first-match LB_SF_EXCHANGE_01_INTERNO_PORT110
  class class-default
    sticky-serverfarm STICKY_SF_EXCHANGE_01_INTERNO_PORT110
policy-map type loadbalance first-match LB_SF_EXCHANGE_01_INTERNO_PORT135
  class class-default
    sticky-serverfarm STICKY_SF_EXCHANGE_01_INTERNO_PORT135
policy-map type loadbalance first-match LB_SF_EXCHANGE_01_INTERNO_PORT25
  class class-default
    sticky-serverfarm STICKY_SF_EXCHANGE_01_INTERNO_PORT25
policy-map type loadbalance http first-match LB_SF_EXCHANGE_01_INTERNO_PORT443
  class default-compression-exclusion-mime-type
    sticky-serverfarm STICKY_SF_EXCHANGE_01_INTERNO_PORT443
  class class-default
    compress default-method deflate
    sticky-serverfarm STICKY_SF_EXCHANGE_01_INTERNO_PORT443
    insert-http x-forward header-value "%is"
policy-map type loadbalance first-match LB_SF_EXCHANGE_01_INTERNO_PORT59531
  class class-default
    sticky-serverfarm STICKY_SF_EXCHANGE_01_INTERNO_PORT59531
policy-map type loadbalance first-match LB_SF_EXCHANGE_01_INTERNO_PORT59532
  class class-default
    sticky-serverfarm STICKY_SF_EXCHANGE_01_INTERNO_PORT59532
policy-map type loadbalance http first-match LB_SF_EXCHANGE_01_INTERNO_PORT80
  class class-default
    compress default-method deflate
    sticky-serverfarm STICKY_SF_EXCHANGE_01_INTERNO_PORT80
    insert-http x-forward header-value "%is"
policy-map type loadbalance first-match LB_SF_EXCHANGE_01_INTERNO_PORT995
  class default-compression-exclusion-mime-type
    sticky-serverfarm STICKY_SF_EXCHANGE_01_INTERNO_PORT995
  class class-default
    sticky-serverfarm STICKY_SF_EXCHANGE_01_INTERNO_PORT995

policy-map multi-match VIPs
  class VIP_EXCHANGE_01_PORT25
    loadbalance vip inservice
    loadbalance policy LB_SF_EXCHANGE_01_INTERNO_PORT25
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 19
  class VIP_EXCHANGE_01_PORT80
    loadbalance vip inservice
    loadbalance policy LB_SF_EXCHANGE_01_INTERNO_PORT80
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 19
  class VIP_EXCHANGE_01_PORT110
    loadbalance vip inservice
    loadbalance policy LB_SF_EXCHANGE_01_INTERNO_PORT110
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 19
  class VIP_EXCHANGE_01_PORT135
    loadbalance vip inservice
    loadbalance policy LB_SF_EXCHANGE_01_INTERNO_PORT135
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 19
  class VIP_EXCHANGE_01_PORT443
    loadbalance vip inservice
    loadbalance policy LB_SF_EXCHANGE_01_INTERNO_PORT443
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 19
    ssl-proxy server SSL_VIP_Exchange
  class VIP_EXCHANGE_01_PORT995
    loadbalance vip inservice
    loadbalance policy LB_SF_EXCHANGE_01_INTERNO_PORT995
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 19
    ssl-proxy server SSL_VIP_Exchange
  class VIP_EXCHANGE_01_PORT59531
    loadbalance vip inservice
    loadbalance policy LB_SF_EXCHANGE_01_INTERNO_PORT59531
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 19
  class VIP_EXCHANGE_01_PORT59532
    loadbalance vip inservice
    loadbalance policy LB_SF_EXCHANGE_01_INTERNO_PORT59532
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 19
  class VIP_EXCHANGE_01_EXTERNO_PORT80
    loadbalance vip inservice
    loadbalance policy LB_SF_EXCHANGE_01_EXTERNO_PORT80
    loadbalance vip icmp-reply active
    nat dynamic 2 vlan 19
  class VIP_EXCHANGE_01_EXTERNO_PORT443
    loadbalance vip inservice
    loadbalance policy LB_SF_EXCHANGE_01_EXTERNO_PORT443
    loadbalance vip icmp-reply active
    nat dynamic 2 vlan 19
    ssl-proxy server SSL_VIP_Exchange

interface vlan 19
  description LADO-SERVER-EXCHANGE
  ip address 192.168.1.251 255.255.254.0
  alias 192.168.1.254 255.255.254.0
  peer ip address 192.168.1.252 255.255.254.0
  access-group input any
  nat-pool 1 192.168.1.240 192.168.1.245 netmask 255.255.254.0 pat
  nat-pool 2 192.168.1.246 192.168.1.250 netmask 255.255.254.0 pat
  service-policy input MGMT
  no shutdown
interface vlan 91
  description LADO-CLIENTE-VIP
  ip address 10.10.0.251 255.255.255.128
  alias 10.10.0.254 255.255.255.128
  peer ip address 10.10.0.252 255.255.255.128
  access-group input any
  service-policy input MGMT
  service-policy input VIPs
  no shutdown

ip route 0.0.0.0 0.0.0.0 10.10.0.253

---------------------------------------------------------------------------------------------------------------------------------------------

Thank you so much!!!