Forum Discussion
Using APM with Windows Pre-logon feature
Hi All,
Trying to migrate a client from using Cisco AnyConnect over to a F5 and APM.
One feature the client utilises is the ability to establish the VPN connection before the user has completed their login through the Windows logon screen.
Have configured APM - and logging in through either the website or using the BIG-IP Edge Client manually all works fine. In the client download packages I have enabled 'User Logon Credentials Access Service' in the downloaded package and installed.
For testing on Windows 7 this is done by selecting Switch User first. Then at the bottom right a icon appears called Network Logon. Pressing this I get a 'APM Network Access' screen with a prompt for a username and password. Is this Username and Password supposed to be their local account or the VPN/APM account? Either way it always prompts again with a window called APM Network Access. It pre-populates the Server with the end-point, but then asks for a User name, Password and Domain.
Filling this in with domain credentials I get a popup with title 'APM Network Access' and saying 'Authenticated' - which hangs there for about 20 seconds and then a Windows error 'Logon failure: unknown user name or bad password'.
I am sure I have the credentials right, because when I enter them wrong I instead get 'Error 702: Device response received when none expected.' - which is not very user friendly.
Any ideas what I can use to try and diagnose this problem? Also, what are the two different sets of credentials it is asking for and can we get rid of one lot? Is there some clear documentation on how this is all supposed to work that I can refer to? Can see documents on configuring APM side of things, but a more 'user friendly' guide would be nice.
Thanks for any assistance. Jason
- Jason_Wilson_13NimbostratusIs anyone able to even point me to what this feature might be called from a Windows perspective? Need to try and work out why it is failing and don't have the right terminology to even try and research this issue. How can you debug this feature when you can't be logged in first to enable debugging in tool? Sure there is something there. Thanks, Jason
- haven't worked with this, but do you see the request coming up at the APM?
- vandenhoutenp_9Nimbostratus
Hi there,
Did you ever get a resolution for this?
- DannyG_34437Cirrus
Interested in this as well... Anyone?
- vandenhoutenp_9NimbostratusHi there, I managed to get this working with our setup using AD authentication. What do you have configured and where are you getting stuck? Thanks Peter
- kunjanNimbostratus
It's documented here
Select the Reuse Windows Logon Credentials check box. When selected, the client tries to use the credentials that were typed for Windows login to start the APM session.
Note: To use this option, you must also include the User Logon Credentials Access Service in the customized Windows client package for this connectivity profile
If looking for pre-logon using script may be can play with f5fpc /help
- srinivas_nory_2Nimbostratus
can some one advise me if there a permanent fix, we do have a custom client with user logon credential access sevice enabled but then it keeps prompting for the same.
- srinivas_nory_2Nimbostratus
can some one advise me if there a permanent fix, we do have a custom client with user logon credential access sevice enabled but then it keeps prompting for the same.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com