For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vladimir_Akhmarov's avatar
Vladimir_Akhmarov
Icon for Cirrus rankCirrus
Aug 11, 2024

APM EWS Remote Connectivity Analyser

Hello   Found strange issue with APM protecting Exchange 2019   Deployed configuration using Appendix C: Manual configuration tables from https://www.f5.com/pdf/deployment-guides/microsoft-exchan...
application delivery
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Aug 11, 2024

Depenging on how username is provided in login page, session.logon.last.domain variable might not be setted.

session.logon.last.domain is used be default on NTLM sso config.

As you have AD Auth on the VPE, I would suggest changing the sso configuration to use session.ad.last.actualdomain as the domain source and try again.

 

Vladimir_Akhmarov's avatar
Vladimir_Akhmarov
Icon for Cirrus rankCirrus
Aug 12, 2024

Unfortunately that did not helped me :(

 

I tried both options:

  1. Use session variable "session.ad.last.actualdomain" for NTLMv2 SSO object. That value exactly matches "ntlm-domain" under apm sso ntlmv2 /PARTITION/Exchange_ntlmv2
  2. Use session.logon.last.domain and set "ntlm-domain" to DOMAIN (NetBIOS domain name) under apm sso ntlmv2 /PARTITION/Exchange_ntlmv2

 

Seems that something else stops APM from attaching SSO to the back-end request

 

Moreover all my tests shows now that APM did not send any request to the /EWS/Exchange.asmx even after I reverted all the changes back. BIG-IP reboot did not helped :)