🧩Scenario Description

Since a long time periodically I hear about quit a mysterious scenario. At least, it looks like this from first sight.

Some users are able to get access to other users’ mailboxes, without any permissions and any configuration steps. At least, at Microsoft we had critsits related to Active Sync mobile devices and also, I know about the same issue with Outlook clients.

Unfortunately, I don’t have any screenshots to demonstrate, how it looks like. But I think, you will recognize this issue if you’ll see it.

In all specific cases users were not provided with any additional permissions – like full access or any access on MAPI level.

⚠️Connection reuse on Netscaler

The common thing between all these cases was Citrix NetScaler, that was used as load balance solution for Exchange Servers. Netscaler has a so called “connection reuse” feature. There’s also similar feature called “connection multiplexing”, but as far as I’m concerned, described root cause is related to this 🔗https://support.citrix.com/article/CTX135155/how-to-stop-clients-from-connection-reuse-on-a-netscaler-virtual-server

Disabling this stopped the issue. I’m not aware of deep investigations of this issue from both Microsoft and Citrix. But if somebody who doesn’t have appropriate permissions is able to get access to your critical VIP users’ data it’s not something you will be happy with.

If you have support with Citrix, then it would be better consult them on how to disable this in case you experience this issue or for additional recommendations they have. For the last case, my customer couldn’t disable this feature per official article, and they needed some additional recommendations from vendor support.

End.