Forum Discussion
NimbostratusAPM RPC test - Not all the required authentication methods were found.
I am using APM with Exchange 2013. Everything works except RPC over HTTP connectivity. When I run a test using Microsoft Remote Connectivity Analyzer, it states, "Not all the required authentication methods were found. Methods Found: Basic, Methods Required: NTLM".
I used the iAPP to generate the iRules.
The APM log shows the following for RPC:
debug tmm[25768]: 01490000:7: HTTP uri: /rpc/rpcproxy.dll
debug tmm[25768]: 01490000:7: HTTP len:
debug websso.0[26355]: 014d0001:7: ctx: 0x9d9d7e8, CLIENT: TMEVT_EOF
debug websso.0[26355]: 014d0001:7: ctx: 0x9d9d7e8, CLIENT: TMEVT_SHUTDOWN_PROXY
debug tmm[25768]: 01490000:7: Matches RPC
debug tmm[25768]: 01490000:7: method: RPC_IN_DATA
debug tmm[25768]: 01490000:7: Src IP: 111.111.111.111
debug tmm[25768]: 01490000:7: User-Agent: MSRPC
debug tmm[25768]: 01490000:7: HTTP uri: /rpc/rpcproxy.dll?a3e42228-fa25-40a4-b7c1-70571d7792b3@taot.com:6002
debug tmm[25768]: 01490000:7: HTTP len: 0
debug websso.0[26355]: 014d0001:7: ctx: 0x9da2f28, SERVER: TMEVT_SHUTDOWN_PEER
debug websso.0[26355]: 014d0001:7: ctx: 0x9d9d7e8, CLIENT: TMEVT_SHUTDOWN_PEER
debug websso.0[26355]: 014d0001:7: webssoContext destructor ...
debug websso.0[26355]: 014d0001:7: webssoConfig destructor
debug apd[23502]: 01490000:7: modules/Authentication/Identity/ifmap_connection.cpp func: "ifmap_send_keep_alive()" line: 121 Msg: Found 0 IF-MAP connections
iRules impacting SSO and RPC:
SSO_iRule:
when ACCESS_ACL_ALLOWED
set req_uri [string tolower [HTTP::uri]]
if { $req_uri contains "/owa/auth" } {
WEBSSO::select [set foo /Common/exchange.app/exch_form_basedv2_sso]
}
unset req_uri
}
RPC iRule:
when ACCESS_ACL_ALLOWED {
set sessionid [ACCESS::session data get "session.user.sessionid"]
switch -glob -- [string tolower [HTTP::path]] {
"/microsoft-server-activesync*" {
pool /Common/exchange.app/exchange_as_pool
COMPRESS::disable
CACHE::disable
return
}
"/owa*" {
pool /Common/exchange.app/exchange_owa_pool
return
}
"/ews*" {
pool /Common/exchange.app/exchange_oa_pool
COMPRESS::disable
CACHE::disable
return
}
"/ecp*" {
pool /Common/exchange.app/exchange_owa_pool
return
}
"/oab*" {
pool /Common/exchange.app/exchange_oa_pool
persist none
return
}
"/rpc/rpcproxy.dll*" {
pool /Common/exchange.app/exchange_oa_pool
COMPRESS::disable
CACHE::disable
return
}
"/autodiscover*" {
pool /Common/exchange.app/exchange_ad_pool
persist none
return
}
default {
pool /Common/exchange.app/exchange_owa_pool
}
}
}
when HTTP_RESPONSE {
if { [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate"} {
ONECONNECT::reuse disable
ONECONNECT::detach disable
NTLM::disable
}
if {[HTTP::header exists "Transfer-Encoding"]} {
HTTP::payload rechunk
}
}
1 Reply
Stanislas_Piro2Cumulonimbus
Hi,
F5 create a builtin feature in APM to manage Exchange instead of irules.
create a Exchange profile and assign it to Access profile.
The exchange profile configure client side authentication and server side SSO for every Exchange Application.
in this profile, NTLM requirements are checked (NTLM Auth require Kerberos SSO, NTLM Machine account, ...)
