FortyADC D300 SSO IE/Firefox Refresh login

Hi I have FortyADC,

I have setup NLB L7 for Exchange 2016.  Exchange is set for basic authentication. I set Hopefully SSO.

What I’m observing :

When I login to https://FQDN/owa  I get usually “403 Forbidden Request forbidden by administrative rules”and if I click refresh normal owa site is opened.  I have this issue With IE and Firefox.  In IE I alwas get this error if I us in private browser.  But it is normally sporadic.

I can see in LDAP Server “Windows 2012 R2” Event ID 4776 followed by 4672 for FortiADC. Then  Event id 4776 for test user. No failed audit events.

Under User Authentication\Authentication Relay I set  :

Name : Basic_Http

Delegation Type : HTTP Basic

Authorization : HTTP Error 401

Domain Prefix Support : Enabled

Doamin prefix : *NetbiosDomainName*

Under User Authentication\Authentication Policy I set  :

Name: Exchange_Auth_Policy

Type : Standard

User Realm : domain.com

Path : /

User Group :Test_Group

Under User Authentication\User Group I set  :

User Cache : not selected

Authentication Log : All

Client authentication Method : HTML Form

Group Type : SSO

Authentication Relay : Basic_Http

Authentication Session timeout : 3

SSO Support : Not selected

Member :  LDAP -> “LDAP Server”

Server Load Balance\Virtual server :

Section Resources :

Profile : Exchange2016App_Prof

Client SSL Profile : DomainWildcard_Cert

Auth Policy: Exchange_Auth_Policy

Thank you  forrelay.

Br,

Borut