Forum Discussion
SharePoint Issues with F5 LTM and APM.
Is there a way for the APM to pass-through credentials to a server for users that are already logged in to their domain computers with domain credentials?
We have a new SharePoint 2010 site that is being used internally and externally. Right now everyone needs to authenticate through the F5 before accessing the site. However, I want people who are already logged in to the domain to not have to go through the extra login step each time. If the users browse via netbios name, the credentials are passed through and no login is needed - however, I would rather not have users browsing to sites in that fashion.
My second issue is my calendar items are not working properly when pumped through the F5. For instance, when users try to interact with the calendar (clicking to the next month, etc) it just says "Loading..." indefinitely. I have gone through the deployment guide and added a snippet of code as an iRule that was identified as correcting a similar issue with the top-bar Ribbon, but it doesn't seem to have any effect on this particular problem. Any ideas?
Thanks in advance!
- Jared,
- Jared,
- Jared_46987AltostratusJust an update for anyone else in case this issue occurs for others: the calendar issue ended up being a problem with compression applied to SharePoint content from the F5. Once we turned off compression and the OneConnect policy, the calendar and some other ribbon functionality started working again.
- dubdubNimbostratusHi Jared,
- Jared_46987AltostratusPosted By dubdub on 09/11/2012 06:00 AM
Hey Jen -
Here is the solution that worked for me:
I added the "Check Source IP" variable to the beginning of my SharePoint access policy. Within that variable, go to Branch Rules, then Advanced, and enter this expression:
expr { [mcget {session.userlocation}] == "internal" }
Ok - now I have my completed Access Policy (see the attached picture for the full VPE). Now, go to Local Traffic -> iRules -> Data Group List and create a new list. I called mine "dg-internal-networks". Then select "Address" as the field type. Now you can add address records (i.e. a single IP address, or an entire network) to the list. I then created an iRule called "ir-apm-set-internal-netflag" and populated it with the following code:
when ACCESS_SESSION_STARTED {
Now we're going to save the iRule and then apply this iRule to the virtual server in question. Once the iRule is applied, and assuming your Access policy is set correctly, you should be good to go. In the case of SharePoint, I had to add my sites public address to the "Intranet Trusted Sites" section within Internet Explorer before it would work correclty. This is also assuming your using NTLM on the backend and not kerberos.
If you need some more help, just let me know!!
Jared
- dubdubNimbostratusHi Jared,
- Jared_46987Altostratus
Jen - sorry I forgot a big part of this....when your adding the action inside your Access Policy, its actually called "Client-Side Check Capability". I then gave it the name "Check Source IP". Once you initially create that, go to Branch Rule and then change the existing rule. Copy in the code from above and you should be set (I also renamed it from Full to Internal).
I'm getting an editor error when trying to embed an image, so you can just grab it from my Dropbox:
http://dl.dropbox.com/u/61610234/Src_IP_VPE.JPG
- dubdubNimbostratusThis worked perfectly! Thank you!! :)
- Jared_46987AltostratusGlad it worked!!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com