Forum Discussion
NimbostratusAPM - authentication does not work when pool of AD servers are used
Dear All
I am facing issue with APM AD authentication.
Access ›› Authentication
When i use single AD server, authentication works fine.
The moment i change to pool of AD servers, it stops working.( i tried adding only the known working AD server)
I am just using a simple APM policy.
Please help.
Thank you
5 Replies
Amine_KadimiMVP
Can you share configuration of AAA > AD for both working and not working configurations?
Do you have any relevant entries in access logs? Did you increase the log level of Access Policy to debug? (Configuring the BIG-IP APM Logging Levels (12.x and newer) (f5.com))
BravoDear Amine
Please see the configurations.
The one used as "pool" is not working
The one used as "Direct" is working.
The logs shows as below:
01490010:5: /Common/Azure_AD_Servers:Common:f040bbbf: Username ''
Feb 25 13:19:24 exlb-f502.azure.com err apmd[14492]: 01490107:3: /Common/Azure_AD_Servers:Common:fb31d8a4: AD module: authentication with 'xxxx' failed: Cannot contact any KDC for realm 'ZZZ.COM', principal name: arul@ZZZ.COM (-1765328228)Thank you
Arul
What is the status of the pool member?
I also think you should use a tcp health monitor with port 88 to make sure the DC is up and running.
