Just tried to deploy the Exchange iApp and, when using APM, it just fails.
When I navigate to OWA Bigip I see shortly an error page from the browser ("site cant be reached) when it is accessing /my.policy , and then a /vdesk/hangup.php page with "Access was denied by the access policy".
The policy is the default one for the iApp: Logon Page > AD . But the user is never prompted to enter the username + password.
Access Policy Report shows it going directly to the Fallback Deny.
MAPI, EWS, ActiveSync also do not work. Just show a "site cant be reached" page).
If I disable APM on the iApp then everything works. So I'm sure the sites can be reached, and BigIP can reach the real servers.
Any idea what can be the problem? I'm clueless.
I did some further troubleshooting and it seems the setting that is breaking this to begin with is the NTLM Pool.
If I remove it, I can move forwards.
But then I get a problem with NTLM:Disable function on iRule (on ltm log).
I changed it to ECA:disable and was able to move through.
But still I got issues when going to autodiscover. I see messages on ltm log complaining about HTTP:uri after response. I removed the iApp_login_timeout and owa_redirect_irule7 iRules and everything is working now.
I must be missing something, because the iApp is supposed to work out of the box.
This is BigIP 16.0.1.
not 100% sure if that iApp is also supported in TMOS 16, specially as iApps are stopping in favour of FAST: https://support.f5.com/csp/article/K13422
It says to only be tested up to 13.
So maybe it no longer is supported with the latest versions.