Forum Discussion

Dev_56330's avatar
Dev_56330
Icon for Cirrus rankCirrus
Jul 22, 2015

Access Denied - Credentials Missing when browsing SharePoint 2010

I have recently deployed an http profile to enable web acceleration though when ever I attempt to access the page, I receive an error that credentials are missing. I have a standard profile using TCP Lan optimization default settings, default http profile, SharePoint 2010 WA policy and cookie persistence. Lastly, when using performance layer 4 Virtual Server, I am able to browse the SharePoint page as expected. Thoughts?

 

  • Not quite sure what happened on the network but everything seems to be working fine right now...with the exception of a sporadic authentication prompt. Using fiddler, I don't understand when not going through the big Ip I get no '401 Unauthorized' but when browsing through the big Ip I get unauthorized one time and then a 304 for the same object. Example being a .jpg file that is on the front page of this site which I receive a 401 and then a 304 for the same exact object.

     

    • Dev_56330's avatar
      Dev_56330
      Icon for Cirrus rankCirrus
      To add to this, when not going through the big IP I access the home page with 'Sign In' available but when going through the Big IP it automatically signs me in. This is not a cached response from my browser because it is reproducible on demand by switching back and forth.
  • Should I be using explicit or transparent?

     

    Neither if this is a reverse proxy. I'd just use the standard (parent) HTTP profile here.

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Did you use the SharePoint iApp to deploy? Recommended if you are running BIG-IP v11.
  • A proxy authentication error is usually a 407 response? Are you getting a 407? And if so, do you have an HTTP profile applied that's configured to do explicit forward proxy?

     

    You're browser will send an authorization header (with NTLM token) if a) the server sends a 401 Unauthorized response with the "WWW-Authenticate: Negotiate" (or "WWW-Authenticate: NTLM") header, and b) the browser is configured to be able to send credentials to the website. in IE you do this by adding the URL to the Trusted Intranet Sites list.

     

  • Getting Proxy authentication required though there is no proxy in place.