Forum Discussion
BIG-IP APM/LTM with Exchange 2010 and NTLM Authentication
Guys
Ive tried to deploy the above solution using the iApp template for exchange. Slightly different deployment as im trying to do it with route domains. I understand there are issues with authentiation in route domains, i.e NTLM comes from the default route domain, and I dont have an issue with this.
When opening outlook, which has been configured for Outlook Anywhere access, I get a login prompt. When looking at the APM logs it tells me NTLM auth occured and that it was successful.
Does any one have any ideas? I can supply logs if needed :)
- JamesSevedge_23Historic F5 Account
Hello Jonathan, could you please confirm you are using the latest iAPP template for Exchange 2010/2013? Deployment guide with instructions to downloading the latest iAPP: http://www.f5.com/pdf/deployment-guides/microsoft-exchange-iapp-dg.pdf.
Once you have confirmed you are using the latest iAPP I would suggest reading through Appendix E. of the deployment guide linked above. There is some configuration required on Exchange and within the iAPP as well as on the big ip to get outlook anywhere (which is used by outlook clients) to work for NTLM auth to APM and Kerberos to the back end exchange servers.
Let me know if you have any further questions.
- Jonathan_PerrozNimbostratusJames Thanks for replying. Im using the latest iAPP .5.1 release. If i install the APM/LTM functions on the same route domain the iAPP works fine, and I can see the S4U Proxy infomation when the Outlook client is connecting. I also see the deligation happen, with the reverse look up on the CAS server too. However if I seperate out these roles, the logs show %h@REALM. Ive followed the guide and included the delegation for the URLs i.e Outlook and AutoDiscover :(
- JamesSevedge_23Historic F5 AccountWhat do you mean by separate out the roles? Separate APM and LTM into different route domains? Could you include the snippet of APM log that contains one of the failed sessions compared to the successful? You may want to open a support case for tracking at this point if you have not figured it out yet.
- JamesSevedge_23Historic F5 AccountJust a note: If you mean route domains I would suggest reading through the linked SOL. https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17148.html
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com