Forum Discussion

seilemor_131269's avatar
seilemor_131269
Icon for Altostratus rankAltostratus
Mar 21, 2014

APM - editing Sharepoint documents

Hello,

 

I´ve a problem and hope that you can help me. I've published a internal SharePoint via a iApp to external users. I´ve used the current iApp template and in the configuration I activated the usage of APM. If I test the connection now I must authenticate at the logon page and with the SSO ntlm setting I´m also authenticated at the sharepoint. I can create tasks and so on. The one thing which will not work is if I try to edit a document which is stored in the SharePoint. Excel show a error that it can not reach the document. If I deactivate APM in the iApp I can edit the documents without any error.

 

I´ve checked the setting for the "cookie persistance" and tried out to add the hostname to the trusted sites in the internet explorer. I also tried out to create a portal access. Nothing helped me... I think that there is a issue while the authentication from excel against the apm.

 

Does anyone have idea? I think that the possibility to edit the documents direct out of the sharepoint is a major feature which we needed. I do not think I'm the only one who has this problem.

 

 

  • I think I´ve found my problem. It seems that APM can not work with WebDav. If I want to edit a document out of the SharePoint we can see in the APM log that the user handler is a Microsoft WebDav client. In the APM log we also see that there are regarding the WebDav communication unknown HTTP methods.

     

    err apd[21063]: 01490000:3: HTTPParser.cpp func: "parseHttpRequestHeader()" line: 172 Msg: Unknown HTTP method: PROPFIND

     

    It seems that APM will discard connections with unkown HTTP methods. After I´ve insert a iRule which will deactivate HTTP if the method is unknown I can edit the documents. The following iRule has helped me... https://devcentral.f5.com/wiki/irules.DisablingHTTPProcessingForUnrecognizedHTTPMethods.ashx

     

    • ge0ff73_32053's avatar
      ge0ff73_32053
      Icon for Nimbostratus rankNimbostratus
      We are also running into issues with WebDAV in our SharePoint 2013 environment. Are you running 11.4 ? We are having issues around using "Explorer View" with SharePoint 2013 behind APM and LTM.
    • seilemor_131269's avatar
      seilemor_131269
      Icon for Altostratus rankAltostratus
      We´re using sharePoint 2007 and 2010. 2013 is at the moment not installed on our servers. The BigIP Version is 11.4.1. Explorer View worked for me. Have you tried to disable the APM module if it then work? Have you checked the APM log for errors regarding the errors which I´ve posted in my first post?
    • ge0ff73_32053's avatar
      ge0ff73_32053
      Icon for Nimbostratus rankNimbostratus
      I just tried using Explorer View and it usually works the first time. If I close it out and try again after 45 seconds or so, it fails. I did just see the following in my APM logs (11.4) when doing it: Mar 31 11:55:34 DMDC-F5-LAB02 debug apd[6083]: 01490000:7: HTTPParser.cpp func: "parseHttpRequestHeader()" line: 164 Msg: HTTP Method received: PROPFIND Mar 31 11:55:34 DMDC-F5-LAB02 err apd[6083]: 01490000:3: HTTPParser.cpp func: "parseHttpRequestHeader()" line: 172 Msg: Unknown HTTP method: PROPFIND Mar 31 11:55:34 DMDC-F5-LAB02 err apd[6083]: 01490093:3: 00000000: Request header parsing failed while processing request from remote client
  • Check to see if you have a persist cookie one of the issue is when you open Office documents from SharePoint it creates a new session and you have to re-authenticate. When Word, Excel, or any of the office products don't handle form based authenticate well. If you have a persisted cookie F5 will recognize that there's a session already and let the request proceed. link text There are a couple of other entries on devCentral use the search to find them some are really good. Also if you look at the deployment guide for APM and SharePoint You need client IP restriction and cookie based persistence

     

  • The cookie persistence is key here. For anyone else fumbling thru this in the future, set it, despite the security implications and general mess that it creates. There's no sane way to harness APM so that it will simply do NTLM instead of redirects that I've come across yet.

     

    Also from what I've found over the last week despite APM now "supporting" many of the methods used by WebDAV older Office applications, e.g. 2007, just won't work properly thru APM.

     

    New Office apps, such as 2013, will work without a hitch. Though I don't know about 2010.

     

    From what I can see using Fiddler/WebTrace/etc, Office 2007 was heavily reliant on the PROPFIND method. 2013 doesn't even use it, and relies on the cell storage service provided by Sharepoint which only really needs GET/POST/HEAD with an occasional OPTIONS request on folders.

     

  • Here is a write-up with similar characteristics. Write up by Joe