Hi all...I am setting up a new BIG-IP environment (v.11.5.1) to front multiple backend services. What is the simplest way to have multiple services (i.e. webservice1.company.com, webservice2.complany...
Okay, just to be clear, the delegation account (used by APM) and the web service MUST be in the same domain. You don't need, and should not use multiple SSO profiles. You just need the one SSO profile.
If it still fails after removing the second SSO profile, take a tcpdump from the BIG-IP
tcpdump -lnni [vlan between APM and KDC] -Xs0 -w [write to file.pcap]
Or run a wireshark capture from the KDC directly and observe the Kerberos traffic. The error you see there will be more descriptive than the APM log.