Forum Discussion
Health Monitor with NTLM authentication - iApp generated vs Custom built
I have been working on creating a Health Monitor for SharePoint which uses NTLM authentication. I basically mirrored an existing HTTPS Health Monitor that the Exchange 2010 iApp generated and then adjusted for the SharePoint application. After hours of troubleshooting it was determined that I can't specify "domain\username" in the username field and I needed to remove the trailing "/r/n" on the send string.
I have seen other forum topics regarding this but can someone explain why the Exchange 2010 iApp monitor generated\included both "domain\username", as well as, the trailing "/r/n" and it works.
I ran the iApp generated monitor from the CLI using cUrl and I didn't specify username and password. The receive string that the iApp expected "OutlookSession=" is returned.
Is the Exchange monitor somehow not using the "domain/username" account and was just placed there by the iApp template?
iApp generated: ltm monitor https exchange_2010.app/exchange_2010_testmail_owa_https_monitor { app-service /Common/exchange_2010.app/exchange_2010 cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from https destination : interval 30 password pswd-removed recv OutlookSession= send "GET /owa/auth/logon.aspx\?url=https://removed/owa/&reason=0 HTTP/1.1\r\nUser-Agent: Mozilla/4.0\r\nHost: host-removed\r\n" time-until-up 0 timeout 91 username domain-removed\user-removed
Custom Built: ltm monitor https sharepoint_2010_https_monitor { cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from https destination : interval 30 password pswd-removed recv "Home" send "GET /removed HTTP/1.1\r\nUser-Agent: Mozilla/4.0\r\nHost: host-removed" time-until-up 0 timeout 91 username user-removed
I also have a TAC case on this topic as well.
Hi Paul, which version of BIG-IP are you running? The SharePoint iApp that ships with v11.4 includes an option to use NTLM for the health monitor. An RC version of this iApp is also avaialble for pre-11.4 BIG-IP.
The OWA monitor is actually not logging on to OWA; rather, it's checking that it can access the logon.aspx page, which is set to anonymous access by default. That's probably why it doesn't matter when you change the CR/LF in the send string.
Mike
- mikeshimkus_111Historic F5 Account
You can find a version of the template that uses NTLM here: https://devcentral.f5.com/wiki/iApp.Microsoft-SharePoint-2013-iApp-Template.ashx
- paul_125686Nimbostratus
Hi Mike,
Thanks for the response. We are running 11.3 HF5. I used the Sharepoint iApp that was on the system but it never asked for username or password as part of the template. I used a similar monitor (Exchange 2010 iApp generated) which I assumed was using the fields populated in the username field (domain\username)". Based on the cUrl test I see it doesn't need username at all for the monitor to get the expected response.
I guess the template just populated the fields even though it doesn't require them.
Thanks again.
- mikeshimkus_111Historic F5 Account
Hi Paul, which version of BIG-IP are you running? The SharePoint iApp that ships with v11.4 includes an option to use NTLM for the health monitor. An RC version of this iApp is also avaialble for pre-11.4 BIG-IP.
The OWA monitor is actually not logging on to OWA; rather, it's checking that it can access the logon.aspx page, which is set to anonymous access by default. That's probably why it doesn't matter when you change the CR/LF in the send string.
Mike
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com