Forum Discussion

Ray_Sbrusch_941's avatar
Ray_Sbrusch_941
Icon for Nimbostratus rankNimbostratus
Feb 06, 2012

SharePoint 2007, OneConnect, & NTLM

We are using LTM and Web Accelerator version 11.1.0 to front SharePoint 2007. The SharePoint site uses NTLM authentication.

 

 

I started testing using the iApp template, and when that failed I followed the instructions in the version 10 deployment guide for SP 2007. Both the iApp template and the guide use a OneConnect profile and an NTLM connection pool.

 

 

 

Certain actions within the SharePoint site caused strange errors. For example, when someone tried to create a site, a small bar would appear in the top of the browser window with the code "11b e59." Internet Explorer would pop up a message saying "Errors on this webpage might cause it to work incorrectly." The detailed message would say "Message: Unterminated string constant."

 

 

 

I created a custom OneConnect profile and set the mask to 255.255.255.255, but it did not resolve the issue.

 

 

 

My only solution was to set the OneConnect profile to None, which also set the NTLM connection pool to None.

 

 

 

Questions:

 

1. Has anyone seen this before and resolved it?

 

2. Is there significant value in using OneConnect if the F5 and WFE servers are in the same data center.

 

 

 

Thanks!

 

Ray

 

4 Replies

  • Perhaps I am incorrectly blaming OneConnect. If I leave the default OneConnect profile enabled, and set the NTLM connection pool to None, the site actions seem to complete correctly. So perhaps NTLM connection pooling is the root cause.
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Hi Ray, typically what we've seen is the opposite-when using OneConnect with NTLM, you will need to enable the NTLM connection pool to prevent errors. You should still see benefit from using OneConnect even if the SharePoint servers are local to the BIG-IP.

     

     

    Are you offloading SSL from the servers to the BIG-IP?
  • Mike - We are not offloading SSL; this is plaintext HTTP on both sides of the Big-IP.

     

     

    Thanks!
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Is it possible to remove Web Accelerator from the mix, and see if you get the errors going through plain LTM? This actually sounds like it may be a bug with connection pooling, but it'll take more investigation.

     

     

    I'm curious about the iApp template. Can you tell me how it failed?