Leveraging BIG-IP APM for seamless client NTLM Authentication
Many customers express interest to use F5 Access Policy Manager for transparent seamless authentication for their users. There are a couple of leading use cases that drive that desired behavior:
...
Published Jul 22, 2014
Version 1.0
paulfish
Nimbostratus
NimbostratusFor anyone reading this article and trying to use any code forward of 14.1.0 you should know NTLM is broken.
https://cdn.f5.com/product/bugtracker/ID797541.html
Further if you go to a Kerberos config and you leave this setting enabled from this guide.
For Source Port, select Preserve Strict.
You will get resets on the VIP, it won't show up in testing until someone else tries using it. I put it through Dev, went to production and released it. Then I raised a Sev2, it wasn't immediately obvious for support either. It's taken 24 hours to resolve....