exchange 2016 APM S4U Issues when AD domain and Email domain differ

Guys

I am wondering if you can help. I am currently deploying a green field exchange 2016 deployment through a BIG IP APM/LTM combo. This is two seperate F5 appliances, whereby the first is APM and the second is LTM. I have deployed the solution using the latest Exchange 2016 iAPP however when accessing the services externally I get S4U ticket issues.

In this deployment, the internal AD domain, and the external mail domain are two different addresses. For the sake of this I will refer to the AD domain, as AD.LOCAL, and email as EMAIL.COM.

Ive added the EMAIL.COM suffix to AD Sites and Services, such that a user is able to login with a UPN of ADDRESS@EMAIL.COM or USERID@AD.LOCAL

However I am seeing S4U ticket issues in the APM.log file.

DNS is working correctly, and I have setup the SPNs as per the build guide with the correct AD deligation accounts. Ive got to the limits of my knowledge

Has anyone had similar problems?

application delivery

BIG-IP Access Policy Manager (APM)

Forum Discussion

exchange 2016 APM S4U Issues when AD domain and Email domain differ

Recent Discussions

UCS backup not loading Big IP DNS pool

Application only need to access from 2 uris

XC Bot defense question

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

BIG-IP Oauth Client and AS

Related Content

Enriching AFM with public domain Threat Intelligence

Exchange 2016

Exchange 2019

domain blocking

Rustls with NGINX, Password Based Key Exchange, & Llama Drama

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS