Hi,
I have Exchange 2019 DAG with 4 EX servers. IIS ARR 3.0 server was installed in DMZ zone for filtering purposes. I had to enable SSL offloading feature in order to forward http unencrypted traffic to upstream servers. Exchange 2019 has two CAS: frontend and backend. "SSL required" checkbox was unset on frontend side for all apps in EX servers. I found some articles how to set ARR for Exchange but not for 2019 and not for DAG. However, ARR works and Outlook app works fine through this reverse proxy. Only OWA caused the login page loop problem.
If I open owa web page, enter my credentials, page just redirects me to login page again with filled username. There are no errors in ARR logs:
2021-06-29 16:40:22 10.0.0.6767 POST /owa/auth.owa X-ARR-CACHE-HIT=0&SERVER-ROUTED=172.16.1.82&X-ARR-LOG-ID=cd3c9628-...-5aa42f0bf118&SERVER-STATUS=302 443 - 192.168.1.66 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/91.0.4472.124+Safari/537.36 https://mail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.domain.com%2fowa 302 0 0 13
2021-06-29 16:40:22 10.0.0.6767 GET /owa X-ARR-CACHE-HIT=0&SERVER-ROUTED=172.16.1.83&X-ARR-LOG-ID=b6e2f90d-...-50d96e4ec209&SERVER-STATUS=302 443 - 192.168.1.66 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/91.0.4472.124+Safari/537.36 https://mail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.domain.com%2fowa 302 0 0 6
2021-06-29 16:40:22 10.0.0.6767 GET /owa/auth/logon.aspx url=https%3a%2f%2fmail.domain.com%2fowa&reason=0&X-ARR-CACHE-HIT=0&SERVER-ROUTED=172.16.1.84&X-ARR-LOG-ID=a9cbe07a-...-d53c52885c89&SERVER-STATUS=200 443 - 192.168.1.66 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/91.0.4472.124+Safari/537.36 https://mail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.domain.com%2fowa 200 0 0 14
2021-06-29 16:40:24 10.0.0.6767 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fmail.domain.com%2fowa&X-ARR-CACHE-HIT=0&SERVER-ROUTED=172.16.1.81&X-ARR-LOG-ID=216288a5-...-a5c2db240935&SERVER-STATUS=200 443 - 192.168.1.66 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/91.0.4472.124+Safari/537.36 https://mail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.domain.com%2fowa&reason=0 200 0 0 54
2021-06-29 16:40:24 10.0.0.6767 GET /owa/auth/15.2.792/themes/resources/segoeui-regular.ttf X-ARR-CACHE-HIT=0&SERVER-ROUTED=172.16.1.82&X-ARR-LOG-ID=97e05718-...-84738c26e4eb&SERVER-STATUS=200 443 - 192.168.1.66 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/91.0.4472.124+Safari/537.36 https://mail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.domain.com%2fowa 200 0 0 78
What did I miss?
Thanks!