For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Steve_85547's avatar
Steve_85547
Icon for Nimbostratus rankNimbostratus
Aug 22, 2008

Sharepoint nightmares

Hello I was just wondering if anyone could take a look at the following symptoms and provide me a suggestion or idea:     1. I have a virtual server serving up a 4-node 2007 Sharepoint clu...
microsoft
partner
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 06, 2008
Hi Steve,

 

 

I'd suggest configuring a single port VIP (VIP:80 -> pool:80) to restrict clients to just the port that is required. If you do end up needing HTTPS access, you can configure a second VIP on 443 pointing to the same HTTP pool. Having a separate VIP per service makes it easy to tailor the profiles for the required protocols.

 

 

Apparently there are issues with OneConnect and NTLM so I think you're right to not use OneConnect.

 

 

You should be able to configure source address (with a /32 mask) or cookie insert persistence to persist either individual client IP addresses or client browser sessions. Destination address persistence is more suited for load balancing cache servers or external links--not web applications. Destination address persistence creates a persistence record on the BIG-IP based on the client's destination address. So all clients would be persisted to the same pool member if they're all requesting the same VIP address. The persistence record is stored on the BIG-IP for the configured timeout length, so there is nothing the client can do to force re-selection of the pool member.

 

 

Hope this helps,

 

Aaron