KB: Session timeout does not work as expected when publishing Exchange Outlook Web Access with UAG 2010
Here’s a new Knowledge Base article we published today. This one talks about an issue where the session timeout doesn’t work as expected when publishing OWA with UAG 2010:
=====
Symptoms
Microsoft Forefront Unified Access Gateway 2010 (UAG 2010) allows a user to define Inactive session timeout. The Inactive session timeout defines the maximum time a session can be inactive before it times out (see https://technet.microsoft.com/en-us/library/ee406216.aspx). When publishing Microsoft Exchange Outlook Web Access 2010 (OWA 2010) using UAG 2010, the session may stay active even if there is no activity for longer than the value defined in the "Inactive session timeout" field.
Cause
The UAG 2010 configuration has a setting for Ignore requests in timeout calculations that contains a list of URLs that are ignored in the calculation of the Inactive Session Timeout settings (see https://technet.microsoft.com/en-us/library/ee406216.aspx#BKMK_Global).
When a client issues a request to one of the URLs and methods define in this list that contain a body (like in a POST method), the request will still be counted as active even if it matches the settings in this list. In addition, some URLs are missing from the default list for OWA 2010.
Resolution
To resolve this issue complete the following:
1. Install Service Pack 1 Update 1 for Forefront Unified Access Gateway (https://support.microsoft.com/kb/2585140)
2. After installing SP1, add the following URLs and methods to the Ignore requests in timeout calculations settings for the "Microsoft Exchange Server 2010" application:
=====
For the most current version of this article please see the following:
J.C. Hornbeck | System Center & Security Knowledge Engineer
Get the latest System Center news on Facebook and Twitter :
App-V Team blog: https://blogs.technet.com/appv/
ConfigMgr Support Team blog: https://blogs.technet.com/configurationmgr/
DPM Team blog: https://blogs.technet.com/dpm/
MED-V Team blog: https://blogs.technet.com/medv/
Orchestrator Support Team blog: https://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: https://blogs.technet.com/momteam/
SCVMM Team blog: https://blogs.technet.com/scvmm
Server App-V Team blog: https://blogs.technet.com/b/serverappv
Service Manager Team blog: https://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: https://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: https://blogs.technet.com/sus/
The Forefront Server Protection blog: https://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : https://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : https://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: https://blogs.technet.com/b/isablog/
The Forefront UAG blog: https://blogs.technet.com/b/edgeaccessblog/