Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Outlook Anywhere & APM

Hello,

I'm new in F5 products and need to configure Exchange 2013 with APM, we do not have LTM so i can't use the iApp and i have some issues with Outlook Anywhere.

I've made a virtual server with a pool containing my CAS and using the correct certificates for SSL. Everything is ok with the OWA.

I have an Access Profile exchange_ap with an Exchange configuration and Kerberos SSO. Image Text

In Kerberos SSO i have the KDC ip address, realm, account (i've assigned an SPN HOST/f5_apm-kcd.mydomain.com), SPN Pattern HTTP/mycas.mydomain@MYDOMAIN.COM.

I made the NTLM Machine Account and Auth Config.

I made an Active Directory AAA Servers profil with 3 domain controlers.

In Exchange Profile i chosen NTLM front end authentification and the Kerberos SSO.

When i use Outlook it stay on "Trying to connect..." and i obtain this log : Image Text

In the exchange_ap Access Policy i tried Image Text and Image Text

Should i use something else for the SSO Token Password? I am missing something else?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

This is an expected log message since you are using NTLM which will not provide the password to the APM. This is why you use Kerberos Constrained Delegation on the backend. Can you turn on Access Policy and SSO logs to Debug and see what is happening in the /var/log/apm log file?

Seth

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Seth is right for the logs.

Kill all apm sessions after each test and make a "bigstart restart websso" after each test in order to kill all TGT tokens if you prefer to make an end to end test.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Searching for password I found this :

line: 317 Msg: variable "session.logon.last.password" was not found in the local cache for session "87d969c2"

0