Alexander_01_13
May 26, 2014Nimbostratus
Problem with Kerberos in iApp for Exchange 2013
Hey,
I have set up an iApp for Exchange 2013 (f5.microsoft_exchange_2010_2013_cas.v1.3.0) on BIGIP 11.4.1.
Now, Autodiscover won't work and to me it looks like some kerberos problem.
I have reviewed the config following https://devcentral.f5.com/articles/apm-cookbook-single-sign-on-sso-using-kerberos, but instead of
fetched S4U2Self ticket for user: test.user@F5.DEMO
I get the following:
May 26 17:52:10 F5BIGIP03 info websso.1[13873]: 014d0011:6: 1c8813d7: Websso Kerberos authentication for user 'testuser' using config '/PTA_Gruppe/PTAexchange.app/exchange_ntlm_kerberos_sso'
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0046:7: 1c8813d7: adding item to WorkQueue
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0018:7: sid:1c8813d7 ctx:0x8f9e528 server address = ::ffff:172.17.27.192
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0021:7: sid:1c8813d7 ctx:0x8f9e528 SPN = HTTP/exmbx01.domain.com@DOMAIN.COM
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0023:7: S4U ======> ctx: 1c8813d7, sid: 0x8f9e528, user: testuser@DOMAIN.COM, SPN: HTTP/exmbx01.domain.com@DOMAIN.COM
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0001:7: Getting UCC:testuser@DOMAIN.COM@DOMAIN.COM, lifetime:36000
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0001:7: fetched new TGT, total active TGTs:1
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0001:7: TGT: client=host/bigip_ntlmuser@DOMAIN.COM server=krbtgt/DOMAIN.COM@DOMAIN.COM expiration=Tue May 27 03:52:10 2014 flags=40600000
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0001:7: TGT expires:1401155530 CC count:0
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0001:7: Initialized UCC:testuser@DOMAIN.COM@DOMAIN.COM, lifetime:36000 kcc:0x9054ae8
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0001:7: UCCmap.size = 1, UCClist.size = 1
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0001:7: S4U ======> - NO cached S4U2Proxy ticket for user: testuser@DOMAIN.COM server: HTTP/exmbx01.domain.com@DOMAIN.COM - trying to fetch
May 26 17:52:10 F5BIGIP03 debug websso.1[13873]: 014d0001:7: S4U ======> - NO cached S4U2Self ticket for user: testuser@DOMAIN.COM - trying to fetch
May 26 17:52:10 F5BIGIP03 err websso.1[13873]: 014d0005:3: Kerberos: can't get S4U2Self ticket for user testuser@DOMAIN.COM - Server not found in Kerberos database (-1765328377)
May 26 17:52:10 F5BIGIP03 err websso.1[13873]: 014d0024:3: 1c8813d7: Kerberos: Failed to get ticket for user testuser@DOMAIN.COM
I suppose that I have committed some really simple error. Can anyone give me a hint where I have to look?
Thank you!
Regards, Alex