Jump to content


Photo

OWA 2010 inactivity timeout

Started by Scott King , 10 November 2016 - 03:39 PM
4 replies to this topic

Best Answer Scott King , 28 March 2017 - 12:42 PM

Yes, I did finally resolve.  I had the  SSO and InitiateLogout options enabled in the traffic profile.  Citrix support had me disable these and then it worked.  Below are the commands they had me use:

 

add tm trafficAction owa.prof2 -persistentCookie OFF -InitiateLogout OFF -kcdAccount NONE -forcedTimeout RESET -forcedTimeoutVal 10

add tm trafficPolicy owa.pol_new2 true owa.prof2
bind lb vserver Exchange_OWA -policyName owa.pol_new2 -priority 100 -gotoPriorityExpression END -type REQUEST

 

My testing results after change - On Mac (Safari and Chrome) - OWA logout button works to logout session, but just closing browser does not immediately log out session.  Logs out after 2 minutes, regardless of the timeout setting.

 
On Windows (IE 11 and Chrome) - Logout button and browser close forces user to log in again.

Scott King Members

Scott King
  • 5 posts

Posted 10 November 2016 - 03:39 PM

I can't seem to figure out how to get the OWA client side to timeout due to inactivity.  I've had Citrix support case 72122046 opened for about 3 weeks now and they haven't been able to resolve. Support had me upgrade the firmware on the NetScaler from 10.1 to 11.0 build 68.12.nc to get the "Forced Timeout" feature available in the Traffic Policy, but still not working.  This feature in relation to OWA 2010 timeout is detailed here:  https://docs.citrix.com/en-us/netscaler/11-1/aaa-tm/ns-aaa-setup-traffic-setting-con/ns-aaa-sso-saml-tsk/ns-aaa-session-timeout-for-owa-2010-tsk.html

 

I can successfully authenticate with the AAA vServer with SSO (Basic Auth on the Exchange CAS side).  Has anyone had this issue that could point me in the right direction to resolve?  Thanks

 

-Scott



Chris Couper Members

Chris Couper
  • 3 posts

Posted 17 March 2017 - 05:38 PM

Hey Scott, did you resolve this? I also have the same problem and am curious if and how you resolved it.

 

Chris



Scott King Members

Scott King
  • 5 posts

Posted 28 March 2017 - 12:42 PM

Yes, I did finally resolve.  I had the  SSO and InitiateLogout options enabled in the traffic profile.  Citrix support had me disable these and then it worked.  Below are the commands they had me use:

 

add tm trafficAction owa.prof2 -persistentCookie OFF -InitiateLogout OFF -kcdAccount NONE -forcedTimeout RESET -forcedTimeoutVal 10

add tm trafficPolicy owa.pol_new2 true owa.prof2
bind lb vserver Exchange_OWA -policyName owa.pol_new2 -priority 100 -gotoPriorityExpression END -type REQUEST

 

My testing results after change - On Mac (Safari and Chrome) - OWA logout button works to logout session, but just closing browser does not immediately log out session.  Logs out after 2 minutes, regardless of the timeout setting.

 
On Windows (IE 11 and Chrome) - Logout button and browser close forces user to log in again.

Best Answer

Operations Support Members

Operations Support
  • 67 posts

Posted 04 May 2017 - 08:46 PM

Hey Scott
 
I am also trying to get an inactivity timeout to work with OWA 2010.
I have configured the same TM actions and policies as detailed in the article and this works OK.
What I have found is that it is not an inactivity timeout, it is actually a forced timeout, as the parameter implies.
Therefore the user gets their connection dropped even when composing an email, etc
 
Is this the same behavior that you have now with your configuration and the forced timeout ?
 
Cheers
Andy
 

 



Scott King Members

Scott King
  • 5 posts

Posted 05 May 2017 - 02:37 PM

The parameter name of "forced timeout" is a bit misleading in my opinion, but the URL I mentioned does actually says this is for inactivity:  "You can now force OWA 2010 connections to timeout after a specified period of inactivity."   My testing concluded that this did act as an activity timeout and not a force timeout despite activity.  I only piloted this on our test NetScaler and never moved this to production as I found out recently that we're moving our Exchange to the cloud.