Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Outlook Anywhere and NTLM authentication

Cédric_Canitro1
Nimbostratus
Nimbostratus

Hello,

 

I am trying to achieve Outlook Anywhere with basic-NTLM and Kerberos SSO.

 

I followed the DG and am stucked at NTLM authentication.

 

When I create the NTLM Machine Account the logs say that it joined the domain, then I create the NTLM Auth Configuration with my domain and DCs. After that I see this messages in the logs:

 

nlad[11851]: 01620000:3: <0x2b3374f71700> nlclnt[12a02a8c0] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC 192.168.

I added some Exchange groups to the machine account and enabled delegation for http with Exchange servers. I then try to renew machine account password but I have this error:

 

adutil[16625]: 01490274:5: (null):Common:00000000: New master key received. adutil[16625]: 01490200:3: ERROR: Could not connect to domain domain controller of realm 'EXAMPLE.AD' adutil[16625]: 01490200:3: WARNING: machine account update for 'f5apm' failed: Preauthentication failed, principal name: f5apm@EXAMPLE.AD. Invalid user credentials. (-1765328360)

Then I took a look at Kerberos trafic and could see that the bigip can't get a Kerberos ticket: 0691T000006ApxyQAC.png

 

At this step I am not even talking about Kerberos SSO which I think has nothing to do with NTLM.

 

I have found K33692321 but it doesn't help. I also took a look at K08915521. It says that it may be a domain name or NetBIOS name issue but I know that my domain is EXAMPLE.AD and NetBIOS EXAMPLE.

 

Does someone already managed to make this work ? It is a standard configuration so am I missing something Windows side ?

 

Best regards

 

0 REPLIES 0