Cirrus401 received for MS exchange 2013 using iApp
Good day,
Our client currently has TMG sitting in front of their Exchange servers. TMG is set to be replaced by APM and APM will pass authentication
BIG-IP Access Policy Manager (APM)
Provides secure access and proxied authentication (pre-authentication) for HTTP-based Client Access services: Outlook Web App, Outlook Anywhere, ActiveSync, and Autodiscover). The BIG-IP APM presents a login page Users provide credentials through the BIG-IP APM form; the BIG-IP APM then authenticates the user to Active Directory.
We have till now managed to get user to sign in successfully to their mail accounts via OWA and via application on their mobile devices.
However when we try and use the application from a laptop using the normal Outlook application the users are not able to sign in.
I have included the APM log as an attachment (screen grab) It also seems that the account is passed successfully via APM as indicated in active sessions (screen grab)
The deployment guide was followed when configuring the iAPP
We have configured an account with administrative rights to add the machine account successfully A delegation account was created with administrative rights and we are able to generate a ticket with the keytab file received
When APM is removed from the config the users are able to access mailboxes without a problem. Which leads us to believe that it is definitely something on our APM configuration
Has anyone done a similar setup and can provide some insight on where we can focus for the config
APM log:
Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: Result: Allow: svc_f5test.47462fdb8deca11e9ccbbd2ec449fbca Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: sid = 505883eb Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: Setting svc_f5test.47462fdb8deca11e9ccbbd2ec449fbca => policy_succeed Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: Matches ActiveSync Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: method: OPTIONS Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: Src IP: 168.x.x.8 Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: User-Agent: Outlook/16.0 (16.0.10325.20064; x64) Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: HTTP uri: /Microsoft-Server-ActiveSync Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: HTTP len: Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: Recv'd HTTP Basic Authentication Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: Disable ECA Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: Lookup APM session by UUID svc_f5test.47462fdb8deca11e9ccbbd2ec449fbca Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: Found APM session 505883eb Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: Disable WEBSSO Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: HTTP response: status: 401 Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: HTTP response: Server: Microsoft-IIS/8.5 Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: HTTP response: Content-Length: 0 Nov 20 12:03:08 slot1/METVIP1BL1 debug tmm2[14267]: 0149ffff:7: /GlobalApps/Exhange_2013_customer.app/exch:GlobalApps:505883eb: HTTP response: WWW-Authenticate: Basic realm="197.x.x.28"