Forum Discussion
F5 NTLM Machine Account/Kerberos Constrained Delegation
ActiveSync clients use NTLM credential authentication for some protocols. In order to support this, APM uses "Passthrough Authentication" which requires SMB, which requires port 445. Unfortunately it's technically not feasible to support all ActiveSync clients without it.
Whats odd, is that we had this iApp deployed 2 years ago with only OWA and Async flowing through it. Now we spun up another instance on a new VIP which will include all three (adding Outlook Anywhere). With the old deployment, we haven't allowed 445 to our AD environment.
Either way, this is some good info and ill take this our our systems guys and IT security.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com