Hi,

This a reposting of a blog posting that Brad Hugh's made on a potential IE8 issue with OWA Load Balancing Scenarios
http://blogs.msdn.com/brad_hughes/archive/2009/10/15/internet-explorer-8-impacts-owa-load-balancing-scenarios.aspx

Within Internet Explorer 8 you have the possibility to open multiple tabs, and it's quite possible due to the new internal architecture (LCIE) a new process is spawned for this "TAB". And certain things are not shared between these processes such as keep-alives and session-ID.

So when you are load balancing CAS servers and are using "SSL Session-ID" to keep persistency to the same CAS server (required for OWA) then you potentially could have the case where a user needs to re-authenticate again. For example a user click on a new mail, which opens up in a new window causing a new process to be created. This new process will have a new session-id and as a result the connection is balanced to a different CAS server. The other CAS server cannot decrypt the presented cookie from the client and will ask for authentication again.

So have a close look at this blog posting of Brad and see his scenarios and possible mitigations.

Sincerely,

Tonino Bruno | ICT Consultant | Pro-Exchange Community