Forum Discussion
Custom HTTP health monitor failing when using NTLM authentication
I've been trying to get a custom HTTP health check monitor working using NTLM authentication.
Test from cli works fine but from the LTM monitor it isn't and is locking the active directory account.
I've copied the password from the curl command below several times and pasted it into the password field on the monitor to ensure the creds match, that said I've listed the monitor settings below clearly showing the password.
If anyone has experienced a similar issue and found a workaround for this your help would be most welcomed.
The LTM version is BIG-IP 11.2.1 1217.0
Below shows parameters are working from cli but not from monitor.
[test@LBtest:Active:Standalone] config curl -v --ntlm -u 'F5testaccount@test.com:$F5testaccount&123' -H 'Host: server1.test.com' http://10.1.1.11/_layouts/Healthcheck/Healthcheck.aspx * About to connect() to 10.1.1.11 port 80 (0) * Trying 10.1.1.11... connected * Connected to 10.1.1.11 (10.1.1.11) port 80 (0) * Server auth using NTLM with user 'F5testaccount@test.com'
GET /_layouts/Healthcheck/Healthcheck.aspx HTTP/1.1 Authorization: NTLM TlR User-Agent: curl/7.19.7 (i686-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8y zlib/1.2.3 libidn/0.6.5 Accept: / Host: server1.test.com
< HTTP/1.1 401 Unauthorized < Server: Microsoft-IIS/7.5 < SPRequestGuid: 0c257 < WWW-Authenticate: NTLM TlR= < WWW-Authenticate: Negotiate < X-Powered-By: ASP.NET < MicrosoftSharePointTeamServices: 14.0.0.6126 < X-MS-InvokeApp: 1; RequireReadOnly < Date: Fri, 24 Jan 2014 21:28:38 GMT < Content-Length: 0 < * Connection 0 to host 10.1.1.11 left intact * Issue another request to this URL: 'http://10.1.1.11/_layouts/Healthcheck/Healthcheck.aspx' * Re-using existing connection! (0) with host 10.1.1.11 * Connected to 10.1.1.11 (10.1.1.11) port 80 (0) * Server auth using NTLM with user 'F5testaccount@test.com' GET /_layouts/Healthcheck/Healthcheck.aspx HTTP/1.1 Authorization: NTLM TlR= User-Agent: curl/7.19.7 (i686-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8y zlib/1.2.3 libidn/0.6.5 Accept: / Host: server1.test.com
< HTTP/1.1 200 OK !!!!ommitted for brevity
status: pass
* Connection 0 to host 10.1.1.11 left intact * Closing connection 0
Monitor health checks Not Working and is locking the active directory account.
LTM Monitor config:
ltm monitor http HC_test.com { defaults-from /Common/http destination : interval 5 partition Network_Test password $F5testaccount&123 recv pass send "GET /_layouts/Healthcheck/Healthcheck.aspx HTTP/1.1\r\nHost: server1.test.com" time-until-up 0 timeout 16 username test\F5testaccount }
Hi, try removing the DOMAIN\ from your username.
For example: F5testaccount rather than test\F5testaccount
Mike
- mikeshimkus_111Historic F5 Account
Hi, try removing the DOMAIN\ from your username.
For example: F5testaccount rather than test\F5testaccount
Mike
- Oxenburger_1420NimbostratusHi Mike, Removing the domain worked thanks! PS. The pool when into an up state for a few minutes then down again at which point I though the account locked out again but it hadn't so was a separate issue occurring here. Cheers, Dave
- Eddie_27920Nimbostratus
Hi I did this and got cert error:
Disregard please...
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com