Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Error after setting NTLM authentication in iAPP

I am using the f5.microsoft_exchange_2010_2013_cas.v1.5.0 iAPP template, primarily for Outlook anywhere with auto discover, and after setting up the option for NTLM I get the following error after clicking finished:

script did not successfully complete: (list element in quotes followed by "-account-name" instead of space while executing "string map $map_array($item) $access_form" (procedure "iapp_apm_config" line 68) invoked from within "iapp_apm_config apm_map" invoked from within "if { $new_apm } { set aaa_pool [subst $apm_aaa($new_aaa_pool)] set pre_proc_map " [expr { $is_exchange_2010 ? "ses..." line:2561)

Does anyone know how to resolve this error?

Thanks,

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Specifically, what is the name of the NTLM machine account object you are selecting in the iApp?

0
Comments on this Answer
Comment made 30-Apr-2015 by Bryan Vance 134
The object name is f5 machine account and the account name is f5pair
0
Comment made 30-Apr-2015 by Bryan Vance 134
The F5 version is 11.6.0
0
Comment made 30-Apr-2015 by mikeshimkus
Aha! Generally, BIG-IP won't let you create objects with spaces or special characters in the name, however the NTLM machine account seems to not have any name validation. I just tested and was able to create accounts with all kinds of forbidden characters in the name. Some of them work with the iApp, but most don't. For now, you should be able to work around this by using a machine account name with only alphanumeric characters and underscores. We will get the deployment guide updated with this information and file a bug against the behavior. Thanks for bringing it to our attention!
0
Comment made 01-May-2015 by Bryan Vance 134
I set up a new machine account following your advice and I no longer get this error, but I now get the following error: 01070734:3: Configuration error: apm ntlm ntlm-auth: For ntlm_auth (/Common/Exchange-2013_.app/exch_ntlm_combined_https) domain controller windc must be a fully qualified domain name (FQDN) I set the KDC to the FQDN but still get this new error. Thanks for all of your help,
0
Comment made 01-May-2015 by mikeshimkus
Did you use an FQDN in response to the "Which Active Directory servers in your domain can this BIG-IP system contact?" question in the APM section? I believe this is where the iApp pulls the DC names to populate the NTLM auth config object.
0
Comment made 01-May-2015 by Bryan Vance 134
That did it! I appreciate your help.
0
Comment made 5 months ago by Rosieodonell 368

I am getting the same error and I can't find the "Which Active Directory servers in your domain can this BIG-IP system contact?" question in the APM section?" Is this information in the iapp or is it located in "Access"?

Its the last part that is holding me up in this template.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Bryan, can you tell me which version of BIG-IP you are running on, as well as which options you chose when deploying the iApp?

thanks

0