ndaems_145583
Apr 02, 2019Nimbostratus
Exchange Hybrid Free/Busy - APM 401 error with original iApp
Hi
We are trying to deploy Exchange iApp in a Hybrid deployement
Everything works well except the Free/Busy feature in O365.
After doing some research we found a workaround by adding 2 URL at in the hybrid_bypassed iRule
"/ews/exchange.asmx" "/autodiscover/autodiscover.xml"
If we don't bypass these 2 URL it's not working and we can see that Kerberos Ticket Failed
exch:Common:2e80dc30: User testo365@mydomain.com from RD0004FFD126D7 is authenticated
exch:Common:2e80dc30: Received User-Agent header: ExchangeServicesClient%2f15.20.1709.009.
exch:Common:2e80dc30: Following rule 'fallback' from item 'SSO Credential Mapping' to ending 'Allow'
exch:Common:2e80dc30: Access policy result: LTM+APM_Mode
exch:Common:2e80dc30: Received client info - Hostname: Type: unknown Version: 0 Platform: unknown CPU: unknown UI Mode: Full Javascript Support: 0 ActiveX Support: 0 Plugin Support: 0
exch:Common:2e80dc30:Kerberos: can't get S4U2Self ticket for user testo365@mydomain.com - Server not found in Kerberos database (-1765328377)
exch:Common:2e80dc30: Kerberos: Failed to get ticket for User: 'testo365@mydomain.com' accessing service: 'HTTP/exchange.MYDOM.ROOT@MYDOM.ROOT'
exch:Common:2e80dc30: failure occurred when processing the work item
exch:Common:2e80dc30: Session deleted due to admin initiated termination.
exch:Common:2e80dc30: Session statistics - bytes in: 3908, bytes out: 817
Few questions:
- Does APM support Alternative UPN as SSO logon ?
- Is there any risk to bypass additional URL
Thank you
Regards
Nicolas