Forum Discussion

Raghbir_Singh_S's avatar
Raghbir_Singh_S
Icon for Nimbostratus rankNimbostratus
Oct 17, 2016

Access Policy Already Being Evaluated - SharePoint

I have one Virtual Server and Three Pools.

 

SharePoint Pool "SharePoint_pool" which has two URL "www.sharepoint1.com" and "www.sharepoint2.com" ADFS Pool "adfs_pool" which has one URL "www.adfs.com" WebServer pool "webservice_pool" which has three other URL "webserver1.com", "webserver2.com", "webserver3.com"

 

Virtual Server has OneConnect profile APM prifile configured "secure" and "Persistent" cookie option selected.

 

I also uses irule STREAM and Rewrite profile to handle SSL offloading URLs.

 

I am getting "Access Policy Already being Evaluated" page for almost every different site I try to go even in the same browser tab. Please advise and help me. I am new to the F5 LTM/APM.

 

How to check if existing session exist than leverage the same session and not the start the new session.

 

I am also would like to show kill the session and show "Session expired/timeout" page once session inactivity timeout reached "which is set for 900 seconds".

 

Please advise and help me with irule examples or other settings to solve this issue.

 

Thanks, Raghbir

 

APM
application delivery

2 Replies

Sort By
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Oct 17, 2016

    I'm assuming you mean Access Policy evaluation is already in progress for your session" rather than "already being evaluated". See this post for lots of discussion on that issue:

     

    https://devcentral.f5.com/questions/problems-with-windows-10-anniversary-update-and-citrix-access-49028

     

    The use case is a bit different, but the root cause and workaround is the same.

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Oct 17, 2016

    Hi,

     

    I will not answer your question, as Lucas point a solution, but comment your configuration.

     

    Sharepoint support AAM (Alternate Access Mapping) to configure external URL instead of rewrite with STEAM profile. this will optimize F5 performance and limit rewriting issues.

     

    Persistent cookie is not the best solution to allow edition of office documents. look at this irule which support persistent cookie for office clients but remove insecure login when browser is closed. It add some other user experience improvement.