vADC Forum

Reply
New Contributor
Posts: 3
Registered: ‎12-06-2016

VTM's and NTLM

Hi All , im trying to get to grips with our new VTM's , and im struggling to get one of our websites moved over to them

 

i have set up the virtual servers, so that anything on http redirects to https , and talks to the back node on http.

i can connect through to the servers, and get a logon prompt (windows ntlm) which just keeps popping up wether you enter correct credentials or not 

 

now we have the exact same thing set up on an old pair of TMG servers, which works absoloutly fine, it accepts the credentials and carries on

 

 

i have no idea how it is working on the TMGs and not the VTM's, im thinking its because the TMGs have a setting for AUthentication delegation which is set to No delegation , but client may authenticate directly.. 

 

any ideas how i can resolve this issue and have users able to authenticate? is this the double hop problem?

 

Thanks

 

New Contributor
Posts: 3
Registered: ‎12-06-2016

Re: VTM's and NTLM

ok, slight advancement 

 

i can now get this working in internet explorer by turning Transparent Proxying on, in the protocol settings of the virtual server 

but it still failed withn chrome and internet explorer 

Brocadian
Posts: 11
Registered: ‎07-07-2016

Re: VTM's and NTLM

Hi,

I don't see the link between NTLM and transparent proxying.

When NTLM is enabled on the server side, there may be a few reasons why you always are prompted your credentials:
1. you need to configured persistence on vADC because your app servers don't share user session information
2. you have not enabled http keepalive on the vadc (either client or server side)
3. the IP address of the vADC or the traffic ip is not "trusted" (or in a trusted network)

I think you should first check keepalive and enable cookie based persistence and this should fix your problem.

Baptiste
Highlighted
New Contributor
Posts: 3
Registered: ‎12-06-2016

Re: VTM's and NTLM

Hi Baptiste, thanks for your reply

 

1. you need to configured persistence on vADC because your app servers don't share user session information

 

i have tried multiple types of session persistence. cookie , ip, asp cookie. all with no effect


2. you have not enabled http keepalive on the vadc (either client or server side)

 

keep alive is turned on, both for the virtual server, and the pool 


3. the IP address of the vADC or the traffic ip is not "trusted" (or in a trusted network)

 

the IP of the site is set as a trused site, i have added the VTM's but it has had no effect

 

i have ran fiddler to see if i could see what is going on, and low and behold it works, but only when fiddler is running, i wonder if this could be something to do with keepalive then? 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.