err websso
I'm having issues working with APM for Sharepoint.
I'm running Big IP v12.1.3.
SSO is using NTLMv2.
I'm having error logs for internal users only, external users are using SSO with no problem..
The VPE branch for internal does the following blocks : userStart > IP Subnet Match (check if is Proxy IP) > Allow.
The other branch is sending logon page then performing SSO, which is working well.
Also in the browsing session I have sessions created for internal user, with username N/A and proxy IP address.
And I don't know if this is normal, but in the logs I'm receiving all logs in double.
See below : the logs collected for a single session from the creation to the deletion. 1.1.1.1 is the Proxy IP used by internal clients, and 9.9.9.9 is the sharepoint VIP.
notice tmm1[28968]: 01490506:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Received User-Agent header: Mozilla%2f5.0%20(Windows%20NT%2010.0%3b%20Win64%3b%20x64)%20AppleWebKit%2f537.36%20(KHTML%2c%20like%20Gecko)%20Chrome%2f76.0.3809.132%20Safari%2f537.36.
notice tmm1[28968]: 01490506:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Received User-Agent header: Mozilla%2f5.0%20(Windows%20NT%2010.0%3b%20Win64%3b%20x64)%20AppleWebKit%2f537.36%20(KHTML%2c%20like%20Gecko)%20Chrome%2f76.0.3809.132%20Safari%2f537.36.
notice tmm1[28968]: 01490500:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: New session from client IP 1.1.1.1 (ST=Luxembourg/CC=LU/C=EU) at VIP 9.9.9.9 Listener /my-partition/vs_https_apm_sharepoint (Reputation=Unknown)
notice tmm1[28968]: 01490500:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: New session from client IP 1.1.1.1 (ST=Luxembourg/CC=LU/C=EU) at VIP 9.9.9.9 Listener /my-partition/vs_https_apm_sharepoint (Reputation=Unknown)
notice apmd[1210]: 01490005:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Following rule 'My Proxy' from item 'IP Subnet Match' to ending 'Allow'
notice apmd[1210]: 01490005:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Following rule 'My Proxy' from item 'IP Subnet Match' to ending 'Allow'
notice apmd[1210]: 01490102:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Access policy result: LTM+APM_Mode
notice apmd[1210]: 01490102:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Access policy result: LTM+APM_Mode
notice apmd[1210]: 01490248:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Received client info - Hostname: Type: Mozilla Version: 5 Platform: Win10 CPU: x64 UI Mode: Full Javascript Support: 1 ActiveX Support: 0 Plugin Support: 1
notice apmd[1210]: 01490248:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Received client info - Hostname: Type: Mozilla Version: 5 Platform: Win10 CPU: x64 UI Mode: Full Javascript Support: 1 ActiveX Support: 0 Plugin Support: 1
err websso.3[29525]: 014d0026:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Could not find SSO username, check SSO credential mapping agent setting
err websso.3[29525]: 014d0026:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Could not find SSO username, check SSO credential mapping agent setting
err websso.3[29525]: 014d0027:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Could not find SSO password, check SSO credential mapping agent setting
err websso.3[29525]: 014d0027:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Could not find SSO password, check SSO credential mapping agent setting
err websso.3[29525]: 014d0028:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Master Decyrpt failed for ckDecrypt: Ciphertext does not begin with master key prefix
err websso.3[29525]: 014d0028:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Master Decyrpt failed for ckDecrypt: Ciphertext does not begin with master key prefix
err websso.3[29525]: 014d0043:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: SSO username is empty - SSO is disabled
err websso.3[29525]: 014d0043:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: SSO username is empty - SSO is disabled
err websso.3[29525]: 014d0026:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Could not find SSO username, check SSO credential mapping agent setting
err websso.3[29525]: 014d0026:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Could not find SSO username, check SSO credential mapping agent setting
err websso.3[29525]: 014d0027:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Could not find SSO password, check SSO credential mapping agent setting
err websso.3[29525]: 014d0027:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Could not find SSO password, check SSO credential mapping agent setting
err websso.3[29525]: 014d0028:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Master Decyrpt failed for ckDecrypt: Ciphertext does not begin with master key prefix
err websso.3[29525]: 014d0028:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Master Decyrpt failed for ckDecrypt: Ciphertext does not begin with master key prefix
err websso.3[29525]: 014d0043:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: SSO username is empty - SSO is disabled
err websso.3[29525]: 014d0043:3: /my-partition/apm_sharepoint:my-partition:ef98fbe0: SSO username is empty - SSO is disabled
.....
....
notice tmm1[28968]: 01490502:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Session deleted due to user inactivity.
notice tmm1[28968]: 01490502:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Session deleted due to user inactivity.
notice tmm1[28968]: 01490521:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Session statistics - bytes in: 34689, bytes out: 2092840
notice tmm1[28968]: 01490521:5: /my-partition/apm_sharepoint:my-partition:ef98fbe0: Session statistics - bytes in: 34689, bytes out: 2092840
Why those err websso messages keep going when the SSO block isn't even called in the VPE ?