VMware Horizon Community
KyleCompassion
Enthusiast
Enthusiast

forced to provide RSA 2FA creds TWICE when load balancing via F5

I'm testing out load balancing via an F5 (not with an iApp, just super basic F5 config) and it's working. but I am finding that when i first connect with my client i have to provide 2FA, then i get a list of VM's, then when i select a VM to connect to i get prompted for 2FA credentials a second time. i also have to wait for the passcode to change before inputting it on this second prompt, otherwise i get Access Denied. Has anyone seen this or know how to fix it? i googled around and found nothing in F5 nor View documents. once i provide the second credentials, i can connect just fine.

Reply
0 Kudos
1 Reply
KyleCompassion
Enthusiast
Enthusiast

It was caused by my lack of experience with F5's. I configured the pool to use Source Address Affinity for session persistence and the issue is gone. I suspect the F5 was routing my initial connection to CS1, then i provided RSA creds, then when i picked a VM the F5 was sending that traffic to CS2, which requested my RSA creds again. Now, as i understand session persistence, everything gets routed through whatever server the F5 initially routes me to.

Reply
0 Kudos