Health Monitor with NTLM authentication - iApp generated vs Custom built
I have been working on creating a Health Monitor for SharePoint which uses NTLM authentication. I basically mirrored an existing HTTPS Health Monitor that the Exchange 2010 iApp generated and then adjusted for the SharePoint application. After hours of troubleshooting it was determined that I can't specify "domain\username" in the username field and I needed to remove the trailing "/r/n" on the send string.
I have seen other forum topics regarding this but can someone explain why the Exchange 2010 iApp monitor generated\included both "domain\username", as well as, the trailing "/r/n" and it works.
I ran the iApp generated monitor from the CLI using cUrl and I didn't specify username and password. The receive string that the iApp expected "OutlookSession=" is returned.
Is the Exchange monitor somehow not using the "domain/username" account and was just placed there by the iApp template?
iApp generated: ltm monitor https exchange_2010.app/exchange_2010_testmail_owa_https_monitor { app-service /Common/exchange_2010.app/exchange_2010 cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from https destination : interval 30 password pswd-removed recv OutlookSession= send "GET /owa/auth/logon.aspx\?url=https://removed/owa/&reason=0 HTTP/1.1\r\nUser-Agent: Mozilla/4.0\r\nHost: host-removed\r\n" time-until-up 0 timeout 91 username domain-removed\user-removed
Custom Built: ltm monitor https sharepoint_2010_https_monitor { cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from https destination : interval 30 password pswd-removed recv "Home" send "GET /removed HTTP/1.1\r\nUser-Agent: Mozilla/4.0\r\nHost: host-removed" time-until-up 0 timeout 91 username user-removed
I also have a TAC case on this topic as well.
Hi Paul, which version of BIG-IP are you running? The SharePoint iApp that ships with v11.4 includes an option to use NTLM for the health monitor. An RC version of this iApp is also avaialble for pre-11.4 BIG-IP.
The OWA monitor is actually not logging on to OWA; rather, it's checking that it can access the logon.aspx page, which is set to anonymous access by default. That's probably why it doesn't matter when you change the CR/LF in the send string.
Mike