Forum Discussion
F5 mapi over http Preauthentication failed via APM
hello,
I am deploying Exchange2016 using Iapp Exchange 2016 v1.02.
APM should authenticate users againt AD and then forward the traffic to the F5 LAN to load balance traffic to Exchange2016 CAS servers.
we are migrating from exchange2010/o365 to exchange2016/0365.
below is the diagram for reaching on premise mailbox from internet :
external users -->Internet --> F5 DMZ(LTM+APM V12.1.2))--> F5 LAN(LTM 12.1.2) --> (AD srv, Exch2016 srv)
In the Iapp i choose basic authentication for external outlook clients in F5 DMZ config.
the mapi over http authentication fail via APM !
My question : Is the F5 exchange Iapp v1.02 config suitable for external mapi over http APM authentification ?
- Dave_WEmployee
Hello, yes you should be to support MAPI with the iApp, per the deployment guide:
https://www.f5.com/content/dam/f5/corp/global/pdf/deployment-guides/microsoft-exchange-2016-dg.pdf
"You can configure the BIG-IP system to support any combination of the following services supported by Mailbox servers: Outlook Web App (which includes the HTTP resources for Exchange Control Panel), Exchange Web Services, Outlook Anywhere (RPC over HTTP, including the Offline Address Book), ActiveSync, Autodiscover, POP3, IMAP4, and MAPI over HTTP. "
- raydakis10Cirrus
Hello dave,
Thanks for your answer.
I've done the configuration using Iapp 1.02 (we use basic authentication + ntlmv2).
but mapi authentication on F5 DMZ still failed via APM.
for testing i've used https://testconnectivity.microsoft.com/.
error message is : "Testing the address book "Check Name" operation for user xxx against server xxx. An error occurred while attempting to resolve the name".
see attached the diagram of the VPE.
Thanks,
- Heinrichm5Altocumulus
What does your APM log say when you attempt to authenticate? If you do not have a lot of APM for other applications it should be manageable by following the log in cli bash
tail -f /var/log/apm
Bear in mind that your exchange servers might not have been configured for basic auth.
I have seen external MAPI work well with APM, this was configured with NTLM for validating the klient and then kerberos to the backend server.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com