Outlook access fails post upgrading Citrix ADC to 13.0 build 76.

Outlook access fails post upgrading Citrix ADC to 13.0 build 76.

book

Article ID: CTX312160

calendar_today

Updated On:

Description

Users from Mobile device will get the below error  post entering their credentials. This issue occurs even on client machines through Outlook Application. 

If Outlook is accessed through Web browser then user will get another login prompt. User has to enter the credentials once again to access the Outlook. This can be used as a work-around.

image.png

ns.log Snippet:

Apr 19 13:08:23 <local0.info> XX.XX.XX.XX 04/19/2021:03:08:23 GMT XYZ 0-PPE-0 : default AAA Message 1169627 0 :  "SSO : skipping sso trafficaction_flag 41, sso_type 1 state 0 ntlm_flags 0 user <Domain>\>USERNAME>"
Apr 19 13:08:23 <local0.info> XX.XX.XX.XX 04/19/2021:03:08:23 GMT XYZ 0-PPE-0 : default AAA Message 1169628 0 :  "SSO FAIL forwading to client because of weak SSO user <Domain>\>USERNAME>"
 

Resolution


> Configure the Traffic SSO policy as shown below:

  add tm trafficaction tf_act -SSO ON
   add tm trafficpolicy tf_pol TRUE tf_act

> Bind the TrafficPolicy tf_pol to the ACTIVE SYNC LB Vserver where SSO is required.

Problem Cause

SSO is getting failed. The reason for the SSO failure is Citrix has disabled the following  SSO types globally from 13.0 build 64 and later versions. For more information, Please refer https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/single-sign-on-types/enable-sso-for-auth-pol.html  

•    Basic authentication
•    Digest Access authentication
•    NTLM without Negotiate NTLM2 Key or Negotiate Sign
Powered by Wolken Software