Forum Discussion
Kevin_Stewart
Sep 06, 2013Employee
But if we go through the F5 to get to dc, that's when it fails. No passing of token.
And that's the nature of my first question. Does the client actually have to go through the F5 to get to the DC or does it just use the F5 to get to the app? When you're talking about Kerberos specifically, the client will make at least TWO requests - one to the KDC (an accessible domain controller in its environment), and then the other to the application. Have you defined, or do you require that the client attempt to contact the domain controller through the F5? Are these local clients that would otherwise already have access to the KDC, locally?
Is this a simple load balancing VIP, or are you establishing an SSL VPN?