F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

THi's avatar
THi
Icon for Nimbostratus rankNimbostratus
Oct 22, 2014

Looks like you are doing an AD auth or AD query called 'CEO AD Query' for the user 'adil.test', which is not successful and then goes to 'fallback' branch in the APM VPE flow, ending to 'Deny' endpoint. Thus denying the logon and closing/deleting the session.

 

Your credentials may not be correct or the AAA (AD) server may not be properly configured in BIG-IP Access Policy. Have you set the proper credentials for the AD server in Access Policy AAA config? AD query needs credentials whilst AD Auth may not. These came to my mind first.

 

You may need to troubleshoot a bit more. If you haven't done yet, you can set the logging level for Access Policy to debug level (System->Logs->Configuration: Access Policy Logging). Try to log in to the virtual server again and then run an Access Policy all sessions report, and there clicking the correct session ID link in the report list, to see the flow in more detail for troubleshooting. The debug level reveals the whole flow in detail. You will also see all relevant APM session variables and their values.