Forum Discussion
Greg_130338
Aug 12, 2015Nimbostratus
Kerberos Delegation and NTLM auth Exchange 2013
This is related to a previous post about the Exchange iApp. Everything is working for both internal and internal connections except from Outlook Anywhere clients attempting to connect to the external...
kunjan
Nimbostratus
The error is when domain controller configured (JHHCDC01.JHHC.COM) cannot be resolved or contacted. You can try to do packet capture on port 53 to see what's happening. Also, can try if APM can discover KDC without specifying the Domain controller.
adtest command might be helpful to do the isolation.
tmsh list apm ntlm ntlm-auth
to list the configGreg_130338
Aug 14, 2015Nimbostratus
OK. With the machine account recreated and NTLM auth config redone, I am able to successfully authenticate to both internal and external iApps. I guess I can only chalk this up to something was busted with the initial machine account perhaps? I am not sure.
I did notice in the ECA debug logs, I am actually sending NTLMv2 auth requests. In the appendix for the echange 2013 iApp there is a manual process for replacing the NTLM profile with an NTLMv2 profile. How is this working if NTLMv2 is being sent but the iApp is configured to accept NTLM? Is it necessary for me to follow the NTLMv2 config procedure at this time?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects