18-Mar-201902:12 - last edited on 05-Jun-202321:48 by JimmyPackets
I am trying to achieve Outlook Anywhere with basic-NTLM and Kerberos SSO.
I followed the DG and am stucked at NTLM authentication.
When I create the NTLM Machine Account the logs say that it joined the domain, then I create the NTLM Auth Configuration with my domain and DCs. After that I see this messages in the logs:
nlad: 01620000:3: <0x2b3374f71700> nlclnt[12a02a8c0] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC 192.168.
I added some Exchange groups to the machine account and enabled delegation for http with Exchange servers. I then try to renew machine account password but I have this error:
adutil: 01490274:5: (null):Common:00000000: New master key received.
adutil: 01490200:3: ERROR: Could not connect to domain domain controller of realm 'EXAMPLE.AD'
adutil: 01490200:3: WARNING: machine account update for 'f5apm' failed: Preauthentication failed, principal name: f5apm@EXAMPLE.AD. Invalid user credentials. (-1765328360)
Then I took a look at Kerberos trafic and could see that the bigip can't get a Kerberos ticket:
At this step I am not even talking about Kerberos SSO which I think has nothing to do with NTLM.
I have found
K33692321 but it doesn't help.
I also took a look at K08915521. It says that it may be a domain name or NetBIOS name issue but I know that my domain is EXAMPLE.AD and NetBIOS EXAMPLE.
Does someone already managed to make this work ? It is a standard configuration so am I missing something Windows side ?