I have set up the IISARR as per recommended documents I have found on the web. It is currently set up for both Lync and Exchange. Lync works beautifully.
The exchange flow is: external port 443->firewall NAT-> IISARR DMZ IP address (10.10.10.21:443)->both autodiscover and Mail farms setup->HLB VIP 192.168.1.69->(2) Exchange servers.
Internally a user can successfully reach OWA and authenticate by hitting the HLB VIP for the Exchange.
Externally the user gets a 500 internal server error.
Lync has one binding for DMZ 10.10.10.20 port 443 and Exchange has DMZ 10.10.10.21 port 443. Both have separate certificates assigned.
ServerFarms:
Autodiscover.company.com-> server 192.168.1.69
Mail.company.com-> server 192.168.1.69
URL ReWrite for the mail.company.com (matches subject on the certificate):
Requested URL: Matches Pattern
Using: Wildcards
Pattern: *
Conditions:
Local grouping: Match ALL
Input: {HTTPS} Type: Matches the Pattern Pattern: on
Input: {HTTP_HOST} Type: Matches the Pattern Pattern: mail.company.com/* (have also tried mail.company.com)
Action:
Action type: Route to Server farm
Action Properties:
Scheme: https:// Server Farm: mail.company.com path: /{R:0}
URL ReWrite for the autodiscover.company.com:
Requested URL: Matches Pattern
Using: Wildcards
Pattern: *
Conditions:
Local grouping: Match ALL
Input: {HTTPS} Type: Matches the Pattern Pattern: on
Input: {HTTP_HOST} Type: Matches the Pattern Pattern: autodiscover.company.com/* (have also tried autodiscover.company.com)
Action:
Action type: Route to Server farm
Action Properties:
Scheme: https:// Server Farm: autodiscover.company.com path: /{R:0}
Order of Rules is:(Inbound)
Lync13_LoadBalance_SSL
Mail.company.com_LoadBalance_SSL
Autodiscover.company.com_LoadBalance_SSL
Routing rules for both are set to use URL ReWrite to inspect incoming requests but no SSL Offloading.
I have tried pointing a specific server instead of the HLB as well.
I have the Failed requests logging on, but do not show any errors in the folder for them.
I see the request hitting the IISARR in the IIS logs.
I am at a loss at this point. Any ideas?