Forum Discussion
CirrusRDP GW Servers with APM
Hi
Has anyone had any success for deploying the F5 to replace RDP Gateway Servers as per the following article, http://www.f5.com/pdf/deployment-guides/microsoft-remote-desktop-gateway-dg-rc1.pdf
I have followed the process but I am not having any luck.
This entry is being created when running a tcpdump: Internal error (ECA requested abort (Could not verify user (domain\admin) credentiA" peerremote
10 Replies
Michael_Koyfma1Sounds like you might have NTLM-related authentication issues. Are you sure you created an NTLM account for your BIG-IP, etc? What version of BIG-IP and the RDP client are you running? I'd suggest opening a support case to investigate the error.
SLHi I am on 11.6.0 HF3. RDP is the client that comes with Windows 8.1. I can see the account for the BIGIP in AD. Will get a call opened with F5.
phanton_109752Nimbostratus
make sure the time on your F5 and your AD domain are in sync - use the same NTP server, authentication won't work correctly otherwise
Michael_KoyfmanCirrocumulus
Sounds like you might have NTLM-related authentication issues. Are you sure you created an NTLM account for your BIG-IP, etc? What version of BIG-IP and the RDP client are you running? I'd suggest opening a support case to investigate the error.
- SLHi I am on 11.6.0 HF3. RDP is the client that comes with Windows 8.1. I can see the account for the BIGIP in AD. Will get a call opened with F5.
- phanton_109752make sure the time on your F5 and your AD domain are in sync - use the same NTP server, authentication won't work correctly otherwise
Hi Sulaiman, did you use the iApp template or set up the configuration manually? We recommend the iApp for this because it greatly simplifies the APM policy configuration:
https://devcentral.f5.com/wiki/iApp.Microsoft-Remote-Desktop-Gateway-APM-Gateway-iApp.ashx
I concur with Michael that you should open a support case with F5. From that error, it sounds like you may have a connectivity issue with your domain controllers or a problem with the BIG-IP machine account.
Mike
- SLHi I tried using the iApp and manunally both giving me the same errors. I also deleted the machine account and created new. Will get a call logged
cjbarr1234Altostratus
I was under the impression that this is a hard task because the LTM and APM have a hard time with Front-end NTLM. I believe they were fixing this moving forward with another version, but as for now we still have our legacy forefront tmg proxies handling this. If you do figure this out, let me know so I can go through the same migration steps as you!
Steph_69890Hi everybody!
I saw this subject and because I implemented successfully, I supposed my post fit here.
So, I implemented successfully this Remote Desktop Gateway with APM. But I facing a problem with the NTLM authentification when a user account need a password change. Is there anyone who has a solution for this problem?
Log from my APM when this problem append: Dec 15 11:07:02 mybigip warning eca[4887]: 01620002:4: [Common] 10.10.10.10:54646 Authentication with configuration (/Common/NTLM-Auth-Conf-acces-ts-ced-RDG) result: testusr@testdomain (MYPC): Fail (STATUS_PASSWORD_MUST_CHANGE)
I would like to let the user access the backend RDP server when the user need to change his password but block it when a wrong password is used. Any idea?
