Forum Discussion

Oxenburger_1420's avatar
Oxenburger_1420
Icon for Nimbostratus rankNimbostratus
Jan 24, 2014

Custom HTTP health monitor failing when using NTLM authentication

I've been trying to get a custom HTTP health check monitor working using NTLM authentication.

Test from cli works fine but from the LTM monitor it isn't and is locking the active directory account.

I've copied the password from the curl command below several times and pasted it into the password field on the monitor to ensure the creds match, that said I've listed the monitor settings below clearly showing the password.

If anyone has experienced a similar issue and found a workaround for this your help would be most welcomed.

The LTM version is BIG-IP 11.2.1 1217.0

Below shows parameters are working from cli but not from monitor.

[test@LBtest:Active:Standalone] config curl -v --ntlm -u 'F5testaccount@test.com:$F5testaccount&123' -H 'Host: server1.test.com' http://10.1.1.11/_layouts/Healthcheck/Healthcheck.aspx * About to connect() to 10.1.1.11 port 80 (0) * Trying 10.1.1.11... connected * Connected to 10.1.1.11 (10.1.1.11) port 80 (0) * Server auth using NTLM with user 'F5testaccount@test.com'

GET /_layouts/Healthcheck/Healthcheck.aspx HTTP/1.1 Authorization: NTLM TlR User-Agent: curl/7.19.7 (i686-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8y zlib/1.2.3 libidn/0.6.5 Accept: / Host: server1.test.com

< HTTP/1.1 401 Unauthorized < Server: Microsoft-IIS/7.5 < SPRequestGuid: 0c257 < WWW-Authenticate: NTLM TlR= < WWW-Authenticate: Negotiate < X-Powered-By: ASP.NET < MicrosoftSharePointTeamServices: 14.0.0.6126 < X-MS-InvokeApp: 1; RequireReadOnly < Date: Fri, 24 Jan 2014 21:28:38 GMT < Content-Length: 0 < * Connection 0 to host 10.1.1.11 left intact * Issue another request to this URL: 'http://10.1.1.11/_layouts/Healthcheck/Healthcheck.aspx' * Re-using existing connection! (0) with host 10.1.1.11 * Connected to 10.1.1.11 (10.1.1.11) port 80 (0) * Server auth using NTLM with user 'F5testaccount@test.com' GET /_layouts/Healthcheck/Healthcheck.aspx HTTP/1.1 Authorization: NTLM TlR= User-Agent: curl/7.19.7 (i686-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8y zlib/1.2.3 libidn/0.6.5 Accept: / Host: server1.test.com

< HTTP/1.1 200 OK !!!!ommitted for brevity

    

status: pass

    

* Connection 0 to host 10.1.1.11 left intact * Closing connection 0

Monitor health checks Not Working and is locking the active directory account.

LTM Monitor config:

ltm monitor http HC_test.com { defaults-from /Common/http destination : interval 5 partition Network_Test password $F5testaccount&123 recv pass send "GET /_layouts/Healthcheck/Healthcheck.aspx HTTP/1.1\r\nHost: server1.test.com" time-until-up 0 timeout 16 username test\F5testaccount }

  • Hi, try removing the DOMAIN\ from your username.

     

    For example: F5testaccount rather than test\F5testaccount

     

    Mike

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Hi, try removing the DOMAIN\ from your username.

     

    For example: F5testaccount rather than test\F5testaccount

     

    Mike

     

    • Oxenburger_1420's avatar
      Oxenburger_1420
      Icon for Nimbostratus rankNimbostratus
      Hi Mike, Removing the domain worked thanks! PS. The pool when into an up state for a few minutes then down again at which point I though the account locked out again but it hadn't so was a separate issue occurring here. Cheers, Dave