Forum Discussion
APM - authentication does not work when pool of AD servers are used
Can you share configuration of AAA > AD for both working and not working configurations?
Do you have any relevant entries in access logs? Did you increase the log level of Access Policy to debug? (Configuring the BIG-IP APM Logging Levels (12.x and newer) (f5.com))
- BravoFeb 27, 2024Nimbostratus
Dear Amine
Please see the configurations.
The one used as "pool" is not working
The one used as "Direct" is working.
The logs shows as below:
01490010:5: /Common/Azure_AD_Servers:Common:f040bbbf: Username ''
Feb 25 13:19:24 exlb-f502.azure.com err apmd[14492]: 01490107:3: /Common/Azure_AD_Servers:Common:fb31d8a4: AD module: authentication with 'xxxx' failed: Cannot contact any KDC for realm 'ZZZ.COM', principal name: arul@ZZZ.COM (-1765328228)Thank you
Arul
- Feb 27, 2024
What is the status of the pool member?
I also think you should use a tcp health monitor with port 88 to make sure the DC is up and running.- BravoFeb 27, 2024Nimbostratus
In the pool i am using single IP ( which is the same IP , when i use DIRECT)
In logs i notice this -
: /Common/Azure_AD_Servers:Common:a9df6506: Session variable 'session.ad.last.errmsg' set to 'Cannot contact any KDC for realm 'xxx.COM', principal name: arul@xxx.COM'
I have checked DNS and ntp settings too, still no good
Thank you
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com