Forum Discussion
Jonathan_Perroz
Nimbostratus
NimbostratusBIG-IP APM/LTM with Exchange 2010 and NTLM Authentication
Guys
Ive tried to deploy the above solution using the iApp template for exchange. Slightly different deployment as im trying to do it with route domains. I understand there are issues with aut...
Hello Jonathan, could you please confirm you are using the latest iAPP template for Exchange 2010/2013? Deployment guide with instructions to downloading the latest iAPP: http://www.f5.com/pdf/deployment-guides/microsoft-exchange-iapp-dg.pdf.
Once you have confirmed you are using the latest iAPP I would suggest reading through Appendix E. of the deployment guide linked above. There is some configuration required on Exchange and within the iAPP as well as on the big ip to get outlook anywhere (which is used by outlook clients) to work for NTLM auth to APM and Kerberos to the back end exchange servers.
Let me know if you have any further questions.
Jonathan_PerrozJames Thanks for replying. Im using the latest iAPP .5.1 release. If i install the APM/LTM functions on the same route domain the iAPP works fine, and I can see the S4U Proxy infomation when the Outlook client is connecting. I also see the deligation happen, with the reverse look up on the CAS server too. However if I seperate out these roles, the logs show %h@REALM. Ive followed the guide and included the delegation for the URLs i.e Outlook and AutoDiscover :(- What do you mean by separate out the roles? Separate APM and LTM into different route domains? Could you include the snippet of APM log that contains one of the failed sessions compared to the successful? You may want to open a support case for tracking at this point if you have not figured it out yet.
- Just a note: If you mean route domains I would suggest reading through the linked SOL. https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17148.html