Forum Discussion
Hi,
the modified iRule did not work. I still receive regularly 401 password prompts? Do you have an idea why these changes occur? When I disable all 401 requests, it seems to me that cert auth does not work either?
Kind regards,
Gilles
- boneyardAug 16, 2016MVP
cert auth shouldn't need 401, cert auth works differently, the client just always sends the cert. 401 is meant for HTTP auth in some form.
can you see if the 401 comes from your irule or from another one, the other question suggested multiple irules were involved.
- Gilles_from_LuxAug 17, 2016Nimbostratus
Yes, I'm aware of this. I finally found a way to remove the password prompts. I was related to the "OPTIONS" calls from the device where my iOS device seems to hang around.
 
I added as suggested in the post from "R Marc" (https://devcentral.f5.com/s/feed/0D51T00006i7aPXSAY) a static "OPTIONS" response from F5 to Exchange. This seems to have solved the problem. It is now 4 hours ago that I did the modifications in the iRule and I got no "Password Prompts" since then. So it looks ok.
 
The only concern I still have is that the "PUSH" of new mails does not look like it is working when the iPhone is locked. I'm not understanding still why the "PUSH" of new mails does not work.
 
But the problem of the "Password Prompt" is maybe solved.
 
Kind regards,
 
Gilles
 
- Ali_KhanNov 10, 2016Nimbostratus
Hi Gilles, We are in a similar situation with a client. What did you do to add static OPTIONS response? Did you amend the _sys_APM_activesync ? Can you please help explaining how you configured the OPTIONS response? Regards, Ali
- chrisf5az_29935Dec 29, 2016Nimbostratus
I'm also wondering on the specific options calls if possible. the post from R Marc is all messed up formatting wise.
- Gilles_from_LuxDec 30, 2016Nimbostratus
Hi,
we will reconfigure the MDM - F5 setup in 2 weeks as our test licenses are not valid anymore. But I will come back to you with an update as soon as possible.
Kind regards,
Gilles
- chrisf5az_29935Jan 04, 2017Nimbostratus
Hello Giles, Would you mind pasting in the iRule you ended up using? (I'm a bit under the gun with regards to a deadline and we are experiencing this exact problem many thousands of users).
I have the below from Marc's post but just wanted to see if its what you used.when HTTP_REQUEST { set http_path [string tolower [HTTP::path]] set f_clientless_mode 0 if { [HTTP::method] equals "OPTIONS" } { HTTP::respond 200 -version 1.1 noserver Cache-Control "private" Allow "OPTIONS,POST" Server "Microsoft-IIS/8.5" MS-Server-ActiveSync "14.3" MS-ASProtocolVersions "2.0,2.1,2.5,12.0,12.1,14.0,14.1" MS-ASProtocolCommands "Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert" Public "OPTIONS,POST" X-AspNet-Version "4.0.30319" X-Powered-By: "ASP.NET" Content-Length 0 } if { $http_path == "/microsoft-server-activesync" } { }