APM AD Pool member selected

Question

Is there a way to determine in APM logs which AD server was selected during the authentication agent? I'm having users reporting authentication errors on their phones, where their username and password fields are already filled, have between 3-10 attempts before authentication is successful.

kevin_stewart · Answer

Have you set Access to debug logging? You should see the server information and failed AD auth attempts.&nbsp;

zuke · Answer

Kevin, is this the log setting to which you are referring? &nbsp;
&nbsp;

keesvandenbos · Answer

Yep, that's the setting.
Is your AD pool (attached to your AD AAA agent object) configured with Group Priority activation and what health monitor are you using on that pool?&nbsp;
Cheers,&nbsp;
Kees&nbsp;

kevin_stewart · Answer

I'd recommend using TMSH:
modify sys db log.accesscontrol.level value debug

zuke · Answer

Thanks Kevin.&nbsp;
Kees, I forgot that creating APM pools defaults to priority group activation. Viewing the pool statistics, only one of the servers is receiving traffic which debunks my original theory that one of the two servers is having a problem. &nbsp;
Now that I know only one of the two AD servers is getting traffic, I need to figure out why some users are getting denied multiple times before authenticating.&nbsp;
The APM log says "general GSSAPI error."&nbsp;

Forum Discussion

APM AD Pool member selected

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Interrogate Pool Member Priority Group from iRule

Dynamic Pool Member Selection Via DNS

pool members can't connect to another Virtual Server

Inquiry on F5's Maintenance Mode Feature for Pool Members

Enable/Disable pool member

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS