Outlook fails to connect to a load-balanced Exchange 2013 cluster through Direct Access 2012 R2

We have a load-balanced Exchange 2013 SP1 cluster, running MAPI over HTTP.

Client connectivity inside our own network works just fine, while clients connected over Direct Access does not connect. The Outlook logs on the client show absolutely no error at all.

The Direct Access server is running 2012 R2, the clients are all Windows 8.1. Everything is patched.

I've been searching like crazy the last couple of weeks, and the only interesting hits I get are about TMG 2010 (UAG) filtering out the requests due to the source IP changing (the exchange load balancer). There is a Knowledge Base Article (982604) that describes this, and a rather hefty blog post about the issue from premier support, but sadly the script does not work on our server since it's not TMG and it's Windows Server 2012 R2..

I'm at a loss here. I'll give this question a week, then I'll raise a premier support case with Microsoft.

Solution 1:

I've hit this sort of problem previously(on a HAproxy based solution), in my case it was Exchange 2010 and ISA 2006 Server with the RPC filter enabled. We disabled the RPC filter and happy days again...

I did a little searching around myself and I found this :

http://geek.martinwahlberg.com/problem-using-forced-tunneling-mode-in-directaccess

Which suggest problems with Outlook, DirectAccess and tunnel mode that never got resolved(other than a possible client reg hack..) so I did wonder if it was the same thing. he's got his case ID in the comments so if you do go to MS you might be able to add some weight to your case.