SharePoint Server Farm F5 LoadBalancer with SSL

Harun Kara 156 Reputation points
2020-10-20T06:41:54.207+00:00

Hi All,

I have a 2x2 MinRole HA SharePoint Server Farm. 2 App servers, 2 WFE servers. I have had the customer set up F5 LoadBalancer with SSL being handled with F5. I have setup my alternate access mapping as follows.

public url is the dns set up for f5. and in internal urls i have added http/s version of app server, and the two web servers.

33450-aam.png

As for problems I have faced, I found out when i want to pick a date from calendar the widget is not loaded from server. It throws a x-frame set to deny error.
33532-calendar.png

One other problem i found out is that workflows dont work and throw an ssl connection can not be established error.

33518-workflow.png

could it be caused by my misconfigured aam? or could it be caused by f5 load balancing itself? I have set up exactly same way in another customer. ff5 ssl with 2 wfe and everything works fine there which makes think it might be caused by f5 config but i dont know what might be going on in that side of things.

Microsoft 365 and Office SharePoint Server For business
0 comments No comments
{count} votes

Accepted answer
  1. Harun Kara 156 Reputation points
    2020-10-22T05:51:56.533+00:00

    So full solution is as follows:

    x-frame error was fixed with an F5 config change.

    And the workflow was fixed by applying ssl bridging/pass-through templates for sharepoint 2016 both tried and tested. F5 templates and config guide is here: https://www.f5.com/services/resources/deployment-guides/microsoft-sharepoint-2016-big-ip-v114-v12-ltm-apm-asm-afm-aam

    edit: farm with the problem was sharepoint 2019, i had no such problems with sharepoint 2016 farms when it comes to f5 ssl offloading

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Itch Sun-MSFT 2,566 Reputation points
    2020-10-21T06:27:45.38+00:00

    Hi @HarunKara-9729

    According to the error message you provided, please check if the following two articles are helpful to you:

    Sharepoint 2016 popup Refused to display in a frame because it set X-Frame-Options to SAMEORIGIN

    System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

  2. Harun Kara 156 Reputation points
    2020-10-21T10:42:53.807+00:00

    We have solved the Calendar X-frame error. It appeared that there was a specific setting to deny x-frame through f5. So we got that fixed.

    But things get weird when it comes to workflow error.

    I have a seperate sharepoint 2016 farm where we have ssl offloading, AAM set up the same way and workflow is able work fine. But in this farm which is sharepoint server 2019 workflow insists on using SSL between f5 and sharepoint servers. As its not set up that way workflow fails.

    How can i make sharepoint workflow use http between f5 and sharepoint servers?

    edit: the only way so far to get it working was, change AAM to use one front end server fqdn as public url. Publish workflow. Change back to above setup for f5 ssl loadbalancing. If i do it this way, it will use the wfe fqdn in workflow and work fine. BUT if i want to change anything in workflow and publish again it goes back up using SSL again and fails.

    Does this mean F5 SSL Offloading is not supported in SharePoint 2019?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.