Ensuring Cisco Unity UM Validation when using Exchange 2013 and Citrix NetScalers

When using Citrix NetScalers to load balance Exchange services, a comment/question I’ll receive on occasion is as follows, “With the NetScalers in place, my mail works, but my Unity voicemails are not delivered to the Inbox.  Why is that?”

Within the Unity management interface, if you Test the connection between Unity and Exchange, you may see a “401: Incorrect service account name or password” error as shown below:

1_UnityError

In my experience, customers will have this problem if they point Unity to the same NetScaler Virtual IP (VIP) Address that is load balancing the Exchange CAS servers, in this example 10.11.12.13.

If you read the Citrix NetScaler/Exchange 2013 Deployment Guide released by Citrix, you’ll see the recommended Method and Persistence settings for the OWA/SSL services on page 14 and shown below:

2-Exchange13_OWA_vServer

I believe the problem with Unity stems from COOKIEINSERT being set as the Persistence method for the OWA virtual server object.  Certainly this configuration works great with Exchange-based SSL services, but it causes a disruption in the interaction with Unity.

To resolve the Unity validation 401 error and allow voicemails to be sent to an Inbox, you will need to create a new virtual server using the following values:

  • Name:  Unity_Connection_to_Exchange_2013_SSL (or whatever you prefer)
  • Protocol:  SSL
  • Port:  443
  • Services:  Use the same services in use by the Exchange OWA virtual server (Exchange CAS SSL Services)
  • Cert:  Same certificate used by Exchange OWA virtual server
  • Method:  Least Connection
  • Persistence:  SOURCEIP

3_NewVirtualServer

With the new virtual server created, return to the Unity configuration page and set the new VIP, in this case 10.11.12.14, and test the connection.  You should be good to go at this point if you are load balancing Exchange 2013.

4_TestUnity

If you are load balancing Exchange 2010, you’ll still need an additional VIP, but the virtual server needs to be setup a little differently in that I’ve had to set the Protocol to TCP and the Port to *

Leave a comment

Filed under Citrix, Load Balancers, Microsoft

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s