Forum Discussion
Thomas_Gobet
Nimbostratus
I may have a confusion, I've just read from the begining your request.
I thinked you it was Outlook Web Access question, but it's Outlook Anywhere...
You will find informations on this here
If you want to check the domain on ntlm informations, the condition is :
mcget {session.ntlm.last.username} == your_domain_name
Rabbit23_116296
Dec 02, 2013Nimbostratus
have followed that link which does not mention multiple domain accounts used to access the same service - Outlook Anywhere is working but only for one domain.
This is the error I get from the debug APM log -
kerberos: can't get S4U2Self ticket for user @ - cannot resolve servers for KDC in realm "" (-1765328164)
We do have a two way forest root trust and Kerberos constrained delegation works in the current environment (dns is also solid). I have tried playing with all the variations of settings in KRB5.CONF on the load balancer. I am trying to replicate the Microsoft TMG behavior which uses it's computer account for Kerberos Constrained Delegation. It appears as if the APM works a little different, do I need another SSO configuration with a user account in the other domain I want to get to work? Anyone that has actually worked with this have any idea I would appreciate it.