Forum Discussion
AltostratusHTTP portal with the NTLM auth flow is broken on XC.
We are trying to protect an OWA365 portal with XC, but some requests with NTLM authentication show an Error 503 - Service Unavailable message in XC.
I think that is the NTLM auth process because when try the same HTTP GET with "Authorization: Basic" it works fine.
curl -v https://autodiscover.example.com/autodiscover/autodiscover.xml -H "Authorization: Basic ZG9tYWluXHVzZXI6UHJ1ZWJhc2RlcGFzc3dvcmQ="
< HTTP/2 200
< cache-control: private
< content-type: text/xml; charset=utf-8
< request-id: 00000000-0000-0000-0000-000000000000
< server: volt-adc
<
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="20:00:00.0000000" Id="000000000">
But the browser always fails. First, it responds with a 401 HTTP code. After sending the credentials, XC shows a 503-03 error: 'Service unavailable'.
method: GET
host: autodiscover.example.com
req_path: /autodiscover/autodiscover.xml
req_body: —
api_endpoint: UNKNOWN
scheme: https
rsp_code: 503
rsp_code_details: upstream_reset_before_response_started{remote_reset}
Do F5-XC have an OWA template or something about the NTLM user portal?
XC distributed cloud does not support NTLM but it should not as NTLM is end of life from Microsoft . You should switch to kerberos as XC supports this when set to HTTP1.1 for client and server side.
3 Replies
- Nikoolayy1
MVP
XC distributed cloud does not support NTLM but it should not as NTLM is end of life from Microsoft . You should switch to kerberos as XC supports this when set to HTTP1.1 for client and server side.
andresneri1Hi Nikoolayy1 !
Thank you for your help. We set the LB (client an server side) to HTTP1.1 and the flow worked fine !
- Nikoolayy1
This means that you were using WWW-Authenticate set to Negotiate probably and Kerberos is used if available as XC last I worked on it couple of months ago did not support NTLM even with http1.1 set.