Stefan Wendrich1709160263 Posted November 9, 2023 Share Posted November 9, 2023 Hi, we use an internal vserver to do kerberos constrained delegation for active sync clients against exchange 2016. This works well, the most of the time. But without an explanation, the service stops working. The only way to fix it, to disable the vserver, wait 15 minutes and enables the vserver again. Then all is good. Has someone any idea what the problem could be? At the moment we have NS13.1 49.13.nc running, but the error has existed since some older versions. Link to comment Share on other sites More sharing options...
Jens Ostkamp Posted November 9, 2023 Share Posted November 9, 2023 6 hours ago, Stefan Wendrich1709160263 said: Hi, we use an internal vserver to do kerberos constrained delegation for active sync clients against exchange 2016. This works well, the most of the time. But without an explanation, the service stops working. The only way to fix it, to disable the vserver, wait 15 minutes and enables the vserver again. Then all is good. Has someone any idea what the problem could be? At the moment we have NS13.1 49.13.nc running, but the error has existed since some older versions. Could be a lot. Kerberos in general is DNS and time dependant. Check if your Appliance can resolve all necessary dns-records and if system time fits "real" time Link to comment Share on other sites More sharing options...
Stefan Wendrich1709160263 Posted November 10, 2023 Author Share Posted November 10, 2023 We did a packet trace and cannot see any packets coming from the ipad. After we disable the vserver, wait 15 minutes and enable it again. it works. For my understanding, the adc doesnt acknowledge the tcp packets from the ipad. The question, how can i troubleshoot this? Link to comment Share on other sites More sharing options...
Stefan Wendrich1709160263 Posted November 19, 2023 Author Share Posted November 19, 2023 It’s a lot stranger. At the time where we don’t see any packets in the dump started on the netscaler, we started a trace on our access point. There we see packets coming from the adc. Much rst ack packets, out of order or fast retransmits. Also encryption alert packages. I suspect something with the tcp stack of the netscaler. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now