Forum Discussion
jeff_estes_4238
Altostratus
AltostratusMS Moss2007 and HTTP Profile
I have a virtual server setup for LBing connections to MS Moss (sharepoint) 2007. I followed the F5 Deployment guide for Sharepoint 2007. The only way I can get the connection to work is to NOT use the HTTP Profile. In fact none of the HTTP Profiles seem to work. At first I thought it was a compression issue as the http-wan-optimized-compression profile has compression enabled but I do not have the compression module. I would like to use an irule to look at HTTP_Responce, but I need an HTTP Profile applied before I can use the irule. Has anyone else had this problem?
Thanks
Jeff
Oleg_68900Nimbostratus
Jeff,
I do have SharePoint 2003 and facing exactly the same problem.
Seemed like a bug for me on how http profile handling NTLM authentication.
You posted it 08/06/2008 and nobody replied yet…
Just wondering if you found a solution already?
jeff_estes_4238I was able to get over my problem, it appeared my Client SSL profile was not properly configured, so the LTM was not terminating the SSL connections and the HTTP profile was not able to inspect the traffic. Once I got the Client SSL profile to work, the HTTP profile was able to be applied to the VS.
You mentioned an authentication problem... I also experienced an authentication issue, but that had to do with the certificate the MS Domain Controller was sending when setting up the secure LDAP. My LTM was rejecting the cert due to "unknown CA" as the MS Domain Controller was using a self singed certificate. Once I added the MS DC's root CA to the LTM's ca-bundle I was able to perform the secure LDAP. Hope this helps.- Oleg_68900Jeffrey,
Thank for reply, my problem was different.
But I still wonder how did you manage to troubleshoot authentication problem?
What tools did you use? Is there a way to go into debug mode on F5 and see what is going on under the hood?
I did post a solution for my problem also:
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=25&postid=27044&view=topic
If you can’t follow the link, you can find it at:
Forums > Solutions > F5/Microsoft Solutions > moving M$ SharePoint Portal Server 2003 from BIG-IP v4.x to v9.x - jeff_estes_4238I used tcpdump on my external interface and saved it as a .cap file (tcpdump -s0 -nni vlan_Public -w /var/temp/ssl_ldap_profile.cap) Since I only had the one virtual server on the LTM I did not need to add a filter. I then used wireshark to view the traffic. I took a close look at all the TLSv1 protocol frames and found one that had Alert unknown CA in the info portion. Following the TCP stream showed the actual LDAP packet that had the cert info in it.
Hope this helps