This week I migrated from TMG to Sophos UTM for publishing our Exchange servers using passthrough authentication on the UTM. Since then users with mobile devices are complaining that they get random password prompts when the device wants to sync. After entering the correct password, it works for some time until they receive the password prompt again some time later.
It's not happening for all users, but random for some.
when the issue occurs, the WAF logs report the following:
2015:01:29-09:11:29 firewall-1 reverseproxy: [Thu Jan 29 09:11:29.269404 2015] [proxy_http:error] [pid 30725:tid 3987327856] (70007)The timeout specified has expired: [client :53509] AH01102: error reading status line from remote server :443
2015:01:29-09:11:29 firewall-1 reverseproxy: [Thu Jan 29 09:11:29.269438 2015] [proxy:error] [pid 30725:tid 3987327856] [client :53509] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync
2015:01:29-09:11:29 firewall-1 reverseproxy: id="0299" srcip="" localip="" size="434" user="" host="" method="POST" statuscode="502" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipThreatsFilter_XssAttacks" time="300130669" url="/Microsoft-Server-ActiveSync" server="" referer="-"
When disabling the WAF virtual servers and switching back to the DNAT rule which points to our TMG server, the issues are gone. So it looks like it's not a problem with our Exchange servers but with WAF.
Any idea what might cause this?
This thread was automatically locked due to age.
