Forum Discussion

Jan_Rockstedt_4's avatar
Jan_Rockstedt_4
Icon for Nimbostratus rankNimbostratus
Oct 25, 2012

MS CRM 2011 and logon

Hi,

 

 

We use MS CRM 2011 and have follow the deployment guide for client-server traffic and only over http.

 

We use only LTM, no APM as we don't have licens and no irules.

 

Load Balancing Method is least Connections (member).

 

But we have problem, that every time we open a new session in IE we get an logon and on't want to have this on the same pc.

 

We don't use oneConnect or Fallback Persistence Profile.

 

We use Default Persistence Profile and have tried with cokkie with an name and a connection limted for 365 days.

 

 

Any sugestion?

 

Jan Rockstedt

 

microsoft
partner

7 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 25, 2012
    Jan, I don't think this is an F5 issue, it's how authentication works with your MS server products. If you do a tcpdump on your device I'm sure you'll see your servers sending a HTTP 401 authentication packet to the client, this is how things are supposed to work. I'm assuming when you say new session you mean the client has closed the browser or tab and then returns to the site?
  • Jan_Rockstedt_4's avatar
    Jan_Rockstedt_4
    Icon for Nimbostratus rankNimbostratus
    Oct 25, 2012
    Hi Steve, Thank for your answer. We are using the production traffic over an Cisco ACE, with round robin and we don't have the issue here. So how can we supress the 401, so the client have the credential all the time? /Jan
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 25, 2012
    So with the ACE you don't ever have to authenticate? Or just once?

     

     

    Either way, now I know that I'd say this is likely a persistence issue. I'd suggest the use of OneConnect and an NTLM profile, assuming you're using integrated/NTLM authentication.
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 25, 2012
    OK, then I'm pretty sure OneConnect with an NTLM profile will fix your issue. Just out of interest, what persistence method is configured on the ACE and are you terminating SSL on the F5?
  • Jan_Rockstedt_4's avatar
    Jan_Rockstedt_4
    Icon for Nimbostratus rankNimbostratus
    Oct 25, 2012
    No SSL on the F5 or ACE only port 80. Sorry don't know what persistence method is configured on the ACE, as this device is outsourced and I have access to it. But I try to find out. The deployment guide for CRM 2001 sugest that I creat an new NTLM profile, but I guess the default NTLM is ok to use against a IIS 7?