Forum Discussion
Rabbit23_116296
Nimbostratus
NimbostratusExchange 2010 SP3, iApp template 2012_04_06 and Big IP 11.4.1 Build 608.0 - EWS issue
As per subject, is this combination supported? When using APM and Outlook anywhere I am having the following problem:
Dec 12 10:06:31 lhr4-lb-01 debug tmm3[9610]: 01490000:7: Enable ECA: select_ntlm:/exchange/exchange-2010-application.app/exch_ntlm_exchange-2010 -application_combined_https
Dec 12 10:06:31 lhr4-lb-01 err eca[7202]: 0162000e:3: Invalid argument (/exchange/exchange-2010-application.app/exch_ntlm_exchange-2010-applicat ion_combined_https)
Dec 12 10:06:31 lhr4-lb-01 err eca[7202]: 0162000e:3: Invalid metadata (select_ntlm:/exchange/exchange-2010-application.app/exch_ntlm_exchange-2 010-application_combined_https)
Dec 12 10:06:31 lhr4-lb-01 debug tmm2[9610]: 01490000:7: Matches RPC
Dec 12 10:06:31 lhr4-lb-01 err eca[7202]: 0162000e:3: Invalid argument (/exchange/exchange-2010-application.app/exch_ntlm_exchange-2010-applicat ion_combined_https)
Dec 12 10:06:31 lhr4-lb-01 err eca[7202]: 0162000e:3: Invalid metadata (select_ntlm:/exchange/exchange-2010-application.app/exch_ntlm_exchange-2 010-application_combined_https)
Looking at this script block, is the object_name correctly formatted in the iApp template?
Ntlm-auth requires a specially-named prefix to match a system irule.
if { $key == "ntlm,ntlm-auth,combined_https" ||
$key == "ntlm,ntlm-auth,oa_https" ||
$key == "ntlm,ntlm-auth,edge" } {
regsub ".app/exchange" $object_name \
".app/exch_ntlm_${app}" object_name
}
Hi Rabbit23, the first thing you should do is go to downloads.f5.com and download the iApp template zip file. You should be using the f5.microsoft_exchange_2010_2013_cas.v1.2.0.tmpl iApp template.
I have seen that error before, and it usually results from some issue with the NTLM machine account on APM. Can you go to the properties of that account and click the renew password button?
If that doesn't work, sometimes deleting and recreating the machine account will help.
thanks
Mike
Rabbit23_116296thanks - I reverted back to 11.3 and got it to work then. I am using 1.2 version of the template.
tried recreating the NTLM machine account but am able to reset the computer account password successfully.
You have 11.3 and 11.4 on the same BIG-IP?
- Rabbit23_116296
I boot into different partitions when troubleshooting stuff like this. I have two BIG IP appliances (one per data center).
One was freshly installed with 14.1 with identical configuration as far as Kerberos, APM and NLTM is concerned and it still throws:
Dec 12 18:05:16 AMS4-LB-01 err eca[10482]: 0162000e:3: Invalid argument (/exchange/exchange.app/exch_ntlm_exchange_combined_https) Dec 12 18:05:16 AMS4-LB-01 err eca[10482]: 0162000e:3: Invalid metadata (select_ntlm:/exchange/exchange.app/exch_ntlm_exchange_combined_https) If you have it working in 11.3, and you try to use the same machine account in 11.4, it will fail with that error.
You'll need to delete the computer account in AD and recreate it every time you switch between them.
- Rabbit23_116296
i completely get that, which is why I have multiple machine accounts based on BIG ip version.
I would like to know if anyone has this working on BIG IP 11.4.1
Yes, I have it working.
- Rabbit23_116296
11.4.1, any hotfixes or are you on my build?
It's been tested both on 11.4.1 and 11.4.1 HF1. You may want to open a support case with F5 at this point. If you do, please post the case number here so I can track it.
- Rabbit23_116296
thanks - 1-353570648
Might be worth mentioning I am running exchange 2010 SP3 RU2 and that I am able to get this working using BIG IP 11.3
