HAProxy community

HAProxy 2.2 with Exchange 2019 - Continious password prompt

Hello,

i’m a bit stuck setting up my HAProxy reverse proxe in combination with Exchange.

I have several webservers but only 1 public IP so i opted for HAProxy as reverse Proxy.

All my websites work except for the Exchange 2019 - Outlook connection.

When i fire up outlook from an external connection i continuously get prompted for a password.
Internally (or when i configure my hosts file to point to the reverse-proxy) everything works great.

I’m a bit at a loss what the problem could be.
I’ve stripped my config file to remove my public address etc. and i removed the other sites/acl’s.
Can you please take a look at my config and tell me how i f-ed up? :slight_smile:

Here is my cfg file: https://pastebin.com/Gk56CmCn

Thanks in advance for any advise :slight_smile:

What do you have for the following on your CAS?

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
KeepAliveTime

The KeepAliveTime key is not present.

add the key, and set it for a value that is equal or less than your HA backend server timeout value.

I personally I have mine set to 30 minutes, and have my HA backend timeouts for client (front end) and server timeout (backend) set to the same
“KeepAliveTime”=dword:001b7740
or 1800000 for decimal. unit is milliseconds

thanks for the advice.
Unfortunately: no dice :frowning:

i set the reg-key; restarted the CAS server, double checked HAproxy time-out values but still continuous password prompts :frowning:

whats your updated cfg look like?

Hi, this is my current config: https://pastebin.com/KSMaYbhe

try comment/remove all of the http-keep-alive

ie
timeout http-keep-alive
option timeout http-keep-alive

i don’t get it…the password pop-ups keep coming back.

ntlm should be proxied correctly…

perhaps it an issue with your stickiness. what happens if you only configure a single backend without the cookie/stickiness etc…