I'm new in F5 products and need to configure Exchange 2013 with APM, we do not have LTM so i can't use the iApp and i have some issues with Outlook Anywhere.
I've made a virtual server with a pool containing my CAS and using the correct certificates for SSL. Everything is ok with the OWA.
I have an Access Profile exchange_ap with an Exchange configuration and Kerberos SSO.
In Kerberos SSO i have the KDC ip address, realm, account (i've assigned an SPN HOST/f5_apm-kcd.mydomain.com), SPN Pattern HTTP/mycas.mydomain@MYDOMAIN.COM.
I made the NTLM Machine Account and Auth Config.
I made an Active Directory AAA Servers profil with 3 domain controlers.
In Exchange Profile i chosen NTLM front end authentification and the Kerberos SSO.
When i use Outlook it stay on "Trying to connect..." and i obtain this log :
In the exchange_ap Access Policy i tried
Should i use something else for the SSO Token Password?
I am missing something else?
This is an expected log message since you are using NTLM which will not provide the password to the APM. This is why you use Kerberos Constrained Delegation on the backend. Can you turn on Access Policy and SSO logs to Debug and see what is happening in the /var/log/apm log file?
Seth is right for the logs.
Kill all apm sessions after each test and make a "bigstart restart websso" after each test in order to kill all TGT tokens if you prefer to make an end to end test.
Log is here : http://pastebin.com/fTwk06Pv
Searching for password I found this :
line: 317 Msg: variable "session.logon.last.password" was not found in the local cache for session "87d969c2"