Mdm server internal error
Hi All, I have a F5 APM with End point Management Systems configured to make connection with microsoft intune to update the mdm complaince database in the F5. We have running this configuration for many years and since 14 feb, the F5 is not able to make connection to microsoft intune to update the mdm complaince database. in tthe GUI i see the following error message: "Mdm server internal error". The hardware is running on version 15.1.8.2. Has anyone the same issue or have solve the issue. Thanks.
F5OS share APM VPN licence across tenant clusters
Hello, I have deployed a pair of r5900 series appliances. On these appliances, I have an Active/Standby tenant cluster of F5 BIG IP running with the APM module provisioned and an APM configuration dedicated to SSL VPN using the F5 Edge Client. The F5OS chassis are using 3 licences : r5900 Best bundle APM 1000 VPN Users (x2) This means that the production environment can handle up to 2000 concurrent users connected at the same time, on the APM-enabled BIG-IP tenants. My question is the following : Can I create 2 new tenants running BIG-IP with APM module and create a new APM configuration for VPN testing purposes ? How are the "APM 1000 VPN Users" licence shared across tenants running on the same r5900 chassis ? In the official F5OS documentation, I have noticed that every tenants inherits the licences provisionned on the F5OS chassis. But there is no explanation regarding the sharing of the VPN seats included in the APM VPN licences. Thank you.APM Local DB multiple groups
Hi, I'm using APM with localdb authentication and performing a group lookup and resource assign ACLs based on the localdb group. It works well with one group and one set of ACLs per group. But what if I want a user to have ACLs from more than one group? do I assign multiple groups to the user? I've sort of tried this but it did not work. Only ACL from one group are applied. Is this sort of functionality supported or is the group field in localdb meant for only one group?
APM/OAuth2 : auto apply changes made by discovery
Hi, I've setup OAuth2 to Azure EntraID following this documentation. It works well but I'm only facing a serious issue. In the OAuth provider configuration, I've enabled the discovery job to run once per day. This allows the BigIP to fetch any new certificate and/or JWT as provided by the app on EntraID. The problem is that when the certificate or the JWT change, you have to re-apply the per-session policy in order for the change to take effect. And on multiple occasion, the access to our critical applications failed because the changes were'nt applied in a timely manner. Is there a way to automatically apply the changes made by the OAuth discovery job ? Running version : BigIP 17.1.1.1
CLI Command for specific machine "Session Deleted due to user inactivity"
Hello, I have this command that I use to search for a specific machine in the apm logs: zgrep -i "Username 'MACHINE_NAME_GOES_HERE'" /var/log/apm* |wc -l Then I have this one to search for the line “Session deleted due to user inactivity”. It produces a number from ALL machines that encountered this message: zgrep -i "Session deleted due to user inactivity." /var/log/apm* | wc -l I'm wondering if there is a command or another method to look up how many times a specific machine encountered a session deletion due to user inactivity?
Order of resource assignment when user assigned multiple network access resources
Good day, What logic or method is used by the F5 APM to choose which network access resource takes affect when a user is assigned multiple network access resources? In my environment (BIG IP Virtual Edition APM+LTM 16.1.4 two node cluster) we are assigning different network access resources based on group membership. Some users are members of multiple groups that are being assigned different resources, which often is resulting them in having the "general user" settings and address pool take affect instead of the Executive settings and pool, to which they are also assigned. I haven't been able to determine the logic that APM is applying to determine which resources take precedence. It doesn't appear to be the order in the Advanced Resource assignment. It almost looks alphabetical. Thanks ChrisHow to Disable fields after AD Password expired
Hi everyone. We have a F5 v17.1.0.3 with APM Profile configured in standard mode customization configuration. We would like to disable the fields "New Password" and "Verify Password" after the AD responds with message "Password Expired". The AAA error message we modified without problems, editing the AAA error message custom. Its possible to disable these fields "New Password" and Verify Password? Regards.
APM Session timeout splash
Hi All, We are using APM as oauth client to provide SSO for applications hosted behind LTM, the problem we are facing now F5 is not automatically providing any sign about session timeout, user has to refresh the screen to get the authentication page again is there anyway to implement the timeout splash same as above for max session timeout ? any hit will be appreciated
[APM] URL stops working , location : /my.policy?ORG_URI=1f931c35
hello Team , We have a strange issue . User is able to access the url but sometimes the url doesn't work and when he checks in developer tool it has a status code of : 302 Found. After 10-15min it starts to work without any intervention. Response Headers : Connection : close Content-Length:0 Location : /my.policy?ORIG_URI=1f931c35 We are using APM for ACL and URL filtering , so where can I find my.policy ? I did not find any logs with this id 1f931c35 in cat apm or cat ltm logs , cat pktfilter logs , cat urlfilter logs .. Kindly please advice .
