Forum Discussion
raZorTT
Cirrostratus
CirrostratusServer side NTLM SSO and user UPN
Hi all
I've configured the F5 iApp for Exchange/CAS to allow our Microsoft Dynamics 365 tenancy to communicate to our on-prem exchange via EWS.
https://devcentral.f5.com/questions?pid=55703
The F5 authenticates to Exchange using a NTLMv2 SSO configuration (exchange has basic auth disabled).
I have been able to successfully test the connection using the testing tool provided in D365. However when I use a user with a UPN that is different to the domain, Exchange comes back with an error about enabling basic auth.
Successful - svc_d365@org.local (org.local matches our domain)
Failed - svc_d365@corp.local (user is in org.local domain, just with a different UPN)
"The Exchange Server settings for authentication could have been set to something other than Basic Authentication. Basic Authentication is required for connecting Microsoft Dynamics 365 (online) with Exchange Server."
Our F5 shows basic authentication between D365 and F5 as being successful. I have to get APM log level increased to debug to see the SSO logs to get more information.
But can anyone suggest why a different UPN would cause an issue? I didn't think NTLM used the UPN?
Cheers, Simon
Stanislas_Piro2Cumulonimbus
Hi,
The issue is F5 provide basic auth to clients, but if sso fails, f5 forward 401 ntlm response to client which cause this test tool error.
Try to change session.logon.last domain variable with the real domain name in VPE variable assign