NSX-V application rules for NTLM Authentication

moniblu · ‎07-24-2019

I'm attempting to load balance a web app that was previously not load balanced. I've found a few documents about application rules required to Load Balance NTLM and I've tried them all.

option http-keep-alive

no option http-server-close

no option httpclose

etc...

No dice. Has anyone had success adding application rules to support NTLM authentication? Frontend server is SharePoint and backend is IIS web services. At a certain point I need to be able to point at the application design if it hasn't been changed at all to accommodate the addition of a load balancer, but this is our first load balanced app in NSX so I'm struggling with the application rule syntax. Appreciate any insight anyone has!

dima_r · ‎02-19-2020

Hi, moniblu!

We have the same problem (IIS+SharePoint+NTML). Did you find any solution?

larsonm · ‎02-20-2020

Have we got NTLM to work through an NSX-v ESG load balaner, yes. We have this running in our environment. Not sure what app the back-end web sever is running.

Based on what you're saying, you may have already tried this.

May want to confirm that session persistence is configured.

moniblu · ‎02-20-2020

Unfortunately the app design did not support load balancing and we had to move that single application off on to a standalone server. All the other web services worked fine for NTLM but there was something in the way that app operated that the sticky sessions and application rules just weren't enough to prevent multiple auth attempts. The developers weren't willing to rework it to support LB so this is how it will be until they redesign it! Hope that's not the case for your app, but if it wasn't on an NLB before it's worth talking about.

dima_r · ‎02-20-2020

"no option http-server-close" did not help us. Therefore we changed L7 -> L4 and now waiting for test results.

dima_r · ‎02-20-2020

Thanks for your answer!