Forum Discussion

Cédric_Canitro1's avatar
Icon for Nimbostratus rankNimbostratus
Mar 18, 2019

Outlook Anywhere and NTLM authentication


I am trying to achieve Outlook Anywhere with basic-NTLM and Kerberos SSO.

I followed the DG and am stucked at NTLM authentication.

When I create the NTLM Machine Account the logs say that it joined the domain, then I create the NTLM Auth Configuration with my domain and DCs. After that I see this messages in the logs:

nlad[11851]: 01620000:3: <0x2b3374f71700> nlclnt[12a02a8c0] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC 192.168.

I added some Exchange groups to the machine account and enabled delegation for http with Exchange servers. I then try to renew machine account password but I have this error:

adutil[16625]: 01490274:5: (null):Common:00000000: New master key received.
adutil[16625]: 01490200:3: ERROR: Could not connect to domain domain controller of realm 'EXAMPLE.AD'
adutil[16625]: 01490200:3: WARNING: machine account update for 'f5apm' failed: Preauthentication failed, principal name: f5apm@EXAMPLE.AD. Invalid user credentials. (-1765328360)

Then I took a look at Kerberos trafic and could see that the bigip can't get a Kerberos ticket:

At this step I am not even talking about Kerberos SSO which I think has nothing to do with NTLM.

I have found K33692321 but it doesn't help. I also took a look at K08915521. It says that it may be a domain name or NetBIOS name issue but I know that my domain is EXAMPLE.AD and NetBIOS EXAMPLE.

Does someone already managed to make this work ? It is a standard configuration so am I missing something Windows side ?

Best regards

No RepliesBe the first to reply