Forum Discussion

jforaker's avatar
jforaker
Icon for Nimbostratus rankNimbostratus
May 16, 2008

Super HTTP monitor not working with NTLM

Hello everyone. I am attempting to use the external monitor script that Kirk Bauer provided on the wiki for Super HTTP monitor (http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/SuperHTTPMonitor.html).

 

 

We have a need to monitor our sites using NTLM authentication. We use a domain account for authorization and want to check for the 200 OK status after the NTLM authentication. I have created the script in the /usr/bin/monitors and I have the proper permission. The monitor is getting called from the LTM external monitor. We are running 9.3.1 HF1

 

 

[root@F501:Active] monitors pwd

 

/usr/bin/monitors

 

[root@F501:Active] monitors ls -l Super_HTTP_monitor

 

-rwx------ 1 root webusers 14686 May 13 20:11 Super_HTTP_monitor

 

[root@F501:Active] monitors b monitor SharePoint_external list

 

monitor SharePoint_external {

 

defaults from external

 

interval 15

 

timeout 46

 

AUTHTYPE "ntlm"

 

DEBUG "1"

 

LOG_FAILURES "1"

 

PASSWORD ""

 

run "Super_HTTP_monitor"

 

URI_PATH "/Pages/Default.aspx"

 

USERNAME ""

 

}

 

[root@F501:Active] monitors

 

 

 

 

The script appears to be connecting to the webserver and completing the NTLM authentication. However the status check for 200 is failing since the first HTTP response seen on the output is 401. I’m not too good in writing scripts but I can troubleshoot them a bit. I see that the status code gets checked in the script with the following code:

 

 

Validate Check Conditions

 

[ -n "$status_code" ] || [ -n "$not_status_code" ] && {

 

local actual_status_code=$(head -n 1 "$tmpfile" | sed "s/^HTTP\/.\.. \([0123456789][0123456789][0123456789]\) .*$/\1/")

 

 

The first line of the temp file is the 401 response. The 200 OK response is the next server response. Here are the first 25 lines of the tmpfile the script checks.

 

 

 

root@F501:Active] monitors head -n 25 /var/run/.10.35.120.219.80.tmp

 

HTTP/1.1 401 Unauthorized

 

Content-Length: 1539

 

Content-Type: text/html

 

Server: Microsoft-IIS/6.0

 

WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADgAAAACAgACdpOsRUS8WK8AAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=

 

X-Powered-By: ASP.NET

 

MicrosoftSharePointTeamServices: 12.0.0.6219

 

Date: Fri, 16 May 2008 20:43:08 GMT

 

 

HTTP/1.1 200 OK

 

Date: Fri, 16 May 2008 20:43:08 GMT

 

Server: Microsoft-IIS/6.0

 

X-Powered-By: ASP.NET

 

MicrosoftSharePointTeamServices: 12.0.0.6219

 

X-AspNet-Version: 2.0.50727

 

Set-Cookie: WSS_KeepSessionAuthenticated=80; path=/

 

Cache-Control: private, max-age=0

 

Expires: Thu, 01 May 2008 20:43:08 GMT

 

Last-Modified: Fri, 16 May 2008 20:43:08 GMT

 

Content-Type: text/html; charset=utf-8

 

Content-Length: 37210

 

 

 

 

 

[root@F501:Active] monitors

 

 

 

 

 

So my first question is how do I get the monitor to check the right server response? Is the server reponse the correct one for an NTLM authenticated session?

 

 

Thanks,

 

Jeff Foraker

 

management
monitoring
  • Patrick_Chang_7's avatar
    Patrick_Chang_7
    Historic F5 Account
    Jun 06, 2008
    head -n 1 tells the script to check only the HTTP status code in the first line of the response. This part of the script needs to be changed to check the second status code you get back.