Forum Discussion
Hi Joshua, which version of the iApp are you running?
- Joshua_Bines_12Oct 04, 2016Cirrus
Exchange 2016 v1.0
- mikeshimkus_111Oct 05, 2016Historic F5 Account
Can you take a look at your Exchange virtual server and tell me if you have the /Common/_sys_APM_Exchange rule assigned to it? 11.4 and later should use the Exchange APM profile, and should not have the iRule directly assigned.
- Joshua_Bines_12Oct 06, 2016Cirrus
these irules are applied to the vs.
external.mail.company.com_owa_redirect_irule7
I found the machine account and name had hashs "-" so I removed them and recreated the iapp just in case but no luck.
tcpdump from the f5 show kerberos ports are opening for owa but we get no kerberos connections for autodiscover etc.... really odd
- Joshua_Bines_12Oct 06, 2016Cirrus
This issue is on our lab device. Wondering if this is the cause
481987-6 : Allow NTLM feature to be enabled with APM Limited license
Component: Access Policy Manager
Symptoms: When a BIG-IP system has an APM Limited license, NTLM is silently disabled and the connection goes through.
This breaks many (all) use-cases for Exchange + APM.
Conditions: APM and Exchange are deployed together with APM Limited / Lite license.
Impact: Exchange cannot be used with APM Limited license when NTLM frontend authentication is selected, which is used in essentially all APM + Exchange deployments.
Fix: The NTLM frontend authentication (ECA) feature can now be used with an APM Limited license. Typically, this is for Exchange deployments.
- mikeshimkus_111Oct 06, 2016Historic F5 Account
Yes, that would do it. I disagree that it breaks all use cases with Exchange, however, since we support Basic and Forms client-side auth as well.
- Joshua_Bines_12Oct 10, 2016Cirrus
Unsure if I should laugh or cry... anyways will upgrade to 11.6 and see if it works with the same config.
Thanks