Can't change AD password through APM

 

Thanks for replying.

 

 

In test env. I can see that it start off by using UDP and then switches to TCP and then back again when APM is authenticating and changing password.

 

In prod I'm not seeing that, only tcp over port 88

 

I'm running the same tcpdump command in both test and prod.

 

tcpdump -s 0 -vnni 0.0:nnn -w active_directory.pcap '(host 10.0.155.10 or host 10.1.155.10 or host 10.10.155.10 or host 10.11.155.10)'

 

10.0.155.10, 10.1.155.10, 10.10.155.10, 10.11.155.10 are our DCs.

 

 

I've setup the AAA to use a pool and specified the DCs with their ip addresses.

 

Basically:

 

Domain Name: domain.com

 

Server connection: use pool

 

Domain Controller Pool Name: /Common/domain.com_ActiveDirectory_AAA_pool

 

Domain controllers: 10.0.155.10, 10.1.155.10, 10.10.155.10, 10.11.155.10

 

Server pool monitor: active_directory_kerberos_monitor

 

Admin name: BigIp_AD

 

Admin password: ******

 

Timeout: 15 sec

 

 

Monitor active_directory_kerberos_monitor does a tcp_half_open to port 88.

 

 

As a shot in the dark I removed the monitor from the AAA just to see if the monitor affected the ability to use UDP, but it didn't change anything.

 

 

 

/Andreas