Crossed OWA Sessions

OWA has become one of the most coveted features in any Exchange installation. The ability to safely and securely access email from any web browser is hugely convenient and loved by all. However, the backend behind OWA, while normally straightforward, can present some configuration challenges for large organizations. Seemingly innocuous settings on load balancers, can have a huge impact on the operation of OWA, which as a web service is performing a bit of magic in delivering mail from multiple mailbox servers to users.

One particularly problematic issue is when using a load balancing infrastructure in front of OWA to balance users across multiple CAS servers. Under certain circumstances, load balancers can actually cause OWA sessions to be crossed so that users log in and briefly see another user’s mailbox contents for a finite but definitely tangible amount of time. While the breach may not be long, it is real and in some cases the errant user will even bee able to navigate the mailbox of the other user.

The issue arises in the way many load balancers cache content to improve performance in website loads and will be more prominent with large deployments with thousands of users rather than small deployments where caching of content will be at a lower volume. The load balancer in these cases actually caches chunks and sections of users mailboxes and the links etc, contained therein are logged in on the CAS server itself, so the load balancer, in an attempt to speed up the load time, will deliver another users content to a session without regard to the fact that the content in question needed to be authenticated to be accessed.  Users will often not realize until it is too late, that they are in another users mailbox thanks to the malfunctioning load balancing infrastructure.  Its easy to see how this scenario is problematic.

I haven’t seen this specific scenario addressed clearly and in plain language with most load balancers, and is for that reason that this post exists. Many load balancers will have a list of optimal settings, but its easy to see how these can be overlooked by administrators, who are used to deploying load balancing infrastructure for other static content and don’t realize the potential for these crossed sessions in OWA.

The solution, and this applies to nearly any load balancer out there, is simple. Any settings related to caching content of sessions or optimization needs to be disabled unless the load balancer you are working on has specifically stated that it has integrated settings for OWA.  Ensure that no part of the OWA sessions are being cached on the device, and if you had it enabled and now need to disable, run whatever command is necessary to flush the cache after you are done.

Hope this post can help save someone hours of troubleshooting this issue as it is obscure.

Cheers.

5 comments:

  1. Die beste Methode, um alle Spieler in der fifa UT zu erhalten, ist die Verwendung von a fifa coin generator.
    In nur wenigen Minuten können Sie die besten Spieler gewinnen.

    ReplyDelete
  2. لحسن الحظ ، من السهل تنظيف حمام الطيور دون التنظيف إذا اتبعت الخطوات الصحيحة. ستستغرق هذه التقنية من 20 إلى 30 دقيقة ، على الرغم من أنه في معظم الوقت ، ستتمكن من حضور مهام أخرى بينما ينظف الحمام نفسه. في حين أن التقنية الأساسية مناسبة لحمامات الطيور من أي مادة ، فهي الأكثر فعالية في حمامات الطيور الخرسانية أو الأحواض البلاستيكية. إذا كان حمامك فريدًا ودقيقًا ، فعليك اتخاذ الاحتياطات اللازمة لحمايته قبل تجربة هذه التقنية.
    شركة تنظيف بالدمام
    شركة تنظيف بالاحساء
    شركة كشف تسربات المياه بالاحساء

    ReplyDelete
  3. They are aware of rich gatherings and the ability to show up in the tasteful expansion.Ahmedabad Housewife Escorts agency Our Agency is extraordinary compared to other agencies in Indore.Escorts Agency in Ahmedabad, you can totally satisfy your sexual needs in the most ideal manner.Model Escorts in Gurgaon Every one of our young ladies is tasteful and receptive.Escorts in Goa They will never baffle you. When you get their administrations, you will come back over and over to get them.Escorts in Goa Our Service is exceptionally regular all over in Goa.

    ReplyDelete


Copyright © 2010 Paul Guenette and Matthew Sleno.