What will be the impact and side effects when disabling the SSL offloading for Exchange Servers behind Load Balancer?

Question

All of my exchange servers on-premise are behind Load Balancer, there are no more mailboxes OnPremise since all of my users have been migrated to Exchange Online. What will be the impact and side effects when disabling the SSL offloading?

WARNING: 'EXSVR01\RPC (Default Web Site)' has SSLOffloading set to true. Therefore, we can not configure Extended Protection. WARNING: 'EXSVR02\RPC (Default Web Site)' has SSLOffloading set to true. Therefore, we can not configure Extended Protection.> WARNING: Please address the following server regarding RPC (Default Web Site) and SSL Offloading: EXSVR01, EXSVR02> WARNING: The following cmdlet should be run against each of the servers:

Set-OutlookAnywhere 'SERVERNAME\RPC (Default Web Site)' -SSLOffloading $false -InternalClientsRequireSsl $true -ExternalClientsRequireSsl $true

The above was taken from the console of my Exchange Server 2016 when running Extended Protection Management script from the https://microsoft.github.io/CSS-Exchange/Security/ExchangeExtendedProtectionManagement/ .

Thank you in advance.

Answer 1

The question is if you have enabled SSL offloading on the load balancer for the Exchange Servers. If you are using the load balancer to encrypt and decrypt traffic to the Exchange Servers then you have to disable that on the Exchange Servers AND on the load balancers: https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection?view=exchserver-2019#scenarios-that-could-affect-client-connectivity-when-extended-protection-was-enabled