Outlook Enterprisevault APM+LTM authentication issue

Question

Hi,&nbsp;
Very first to the community.&nbsp;
We are migrating our TMG to F5 ADC.&nbsp;
Most of the applications has been migrated but I am facing issue with Outlook and Enterprisevault&nbsp;
Outlook the CAS server and Enterprisevault has been configured for multi-mode of authentication (Basic and Integrated) for reason. Internal clients access the outlook and EV based on integrated authentication and external clients connect the outlook and EV through Basic authentication.&nbsp;
TMG handles only the external clients and this works perfect. Now when we are bringing in the F5 instead of the TMG, we are facing issues with EV for external clients. OWA is working perfect. I am only having issues while accessing the archived mails on EV from outlook. &nbsp;
For the OWA, the default microsoft login page is replaced with the F5 APM page, meaning the authentication is handled by APM. &nbsp;
I dont have much experience with APM. But figured out that the issue is because of the mixed mode configured on EV as if I only enable Basic authentication on EV everything works as expected, but internal clients will be prompted for credential, which is not I wanted. &nbsp;
Any help/suggestion or previous experience, can you please share ?&nbsp;

lucas_thompson_ · Answer

EV likely resides on a separate server, based on prior support cases. However, the specific configuration can vary significantly by site.&nbsp;
You'll have to begin by capturing the client traffic and try to figure out specifically isn't being handled the way you want. APM is simply a proxy and can be configured any way you like, but you have to define exactly how you want it to behave. &nbsp;
Suggest probably packet-capture TMG behavior first (on both sides of the device), then APM's behavior (on both sides of the device). Compare the two behaviors and we can provide suggestions of how to make APM do whatever TMG is doing.&nbsp;

shihab_hamsa_23 · Answer

Thank you for the input Lucas,
 what I have seen is that, in TMG they are configured to accept Form Based Authentication from the client and delegate Basic authentication to Backend servers.
 Now the backend servers both CAS and EV are configured on both Basic and Integrated authentication. This is not happening with F5. As when I configure the authentication to be form based, first case is that, my clients from external network is being prompted for user credentials multiple times for OWA before they could actually get the inbox. It seems that the Form based authentication is not working as it was expected for the SSO. But when the EV is accessed over outlook, things seems like, its getting negotiated with NTLM and not basic.
How can we set the basic authentication delegation from form based to the backend ?

Forum Discussion

Outlook Enterprisevault APM+LTM authentication issue

2 Replies

Recent Discussions

Viprion files on blades.

redirect not working

active/active Support Declarative Onboarding

Reliable resources for identifying IP addresses

minimum tmos software version for connect CIS (openshift)

Related Content

Outlook NTL Authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

Distributed caching of authentication requests with NGINX Ingress Controller

Application Programming Interface (API) Authentication types simplified