F5 iApp Exchange 2016 AD - Authentication Fail - UPN suffix mismatch

Question

Hi Everybody&nbsp;
We are in the process of deploying Exchange 2016 / Outlook 2016 with F5 v11.6.0 (build 4.0.420) and APM. Our reference is the Exchange 2016 deployment guide (https://www.f5.com/pdf/deployment-guides/microsoft-exchange-2016-dg.pdf). We are using the latest iApp . Without APM it seems to be working fine, but as soon as we enable APM we are having athentication problems with Outlook Anywhere.&nbsp;
When we start Outlook 2016, it tries to authenticate using UPN firstname.lastname@company.com. The internal domain used however is company.local instead of company.com. So we are running into the problem described here (https://support.f5.com/csp/article/K12252), where UPN suffix does not equal domain suffix. I get the same error "... Please verify Active Directory and DNS configuration...." when doing a manual adauth test via CLI. We cannot seem to get the workaround descibed to work (replace APM AD Auth with LDAP).&nbsp;
Does anybody have a reference or can tell me if it is even possible to configure the APM (i.e. modify the iApp) to use LDAP instead of AD Auth with SSO in this scenario? Any advice would be greatly appreciated.&nbsp;
Thanks in advance.&nbsp;
Ingo&nbsp;

anesh · Answer

This discussion might help&nbsp;

Forum Discussion

F5 iApp Exchange 2016 AD - Authentication Fail - UPN suffix mismatch

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

SSL protocol mismatch

Cipher suite mismatch advertisement/warning

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

Distributed caching of authentication requests with NGINX Ingress Controller