The application login works when the L4 load balancer is configured.

When the L4 load balancer is migrated to L7, the login page loops back to the login prompt.

The application has used the NTLM protocol for authentication.

Load Balancer access log

Operation.Category: 'LbAccessLog', Operation.Type: 'Http', Lb.UUID: '5b####68-####-4917-####-fb####c6####', Lb.Name: 'LBService - Load-Balancer-17####c8-####-42d4-####-c6####0f####', Vs.UUID: 'e0####30-####-4678-####-af####89####', Vs.Name: 'lb-virtualServer-1', Vs.Ip: '##.##.##.##', Vs.Port: '443', Pool.UUID: '3a####5e-####-4199-####-58####02####', Pool.Name: 'Load-Balancer-17####c8-####-42d4-####-c6####0f####'- lb-pool-1', PoolMember.Ip: '##.##.##.##', PoolMember.Port: '443', Client.Ip: '##.##.##.##', Client.Port: '54818', Snat.Ip: '##.##.##.##', Snat.Port: '42551', HttpRequest.Method: 'GET', HttpRequest.UserAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15', HttpRequest.X-Fwd-For: '-', HttpRequest.Uri: '/', HttpRequest.Host: 'url.com', HttpResponse.Status: '401', HttpResponse.StatusCategory: '4xx', HttpResponse.Size: '16', HttpResponse.ServerTime: '0.050', HttpResponse.TotalTime: '0.050', Error.Reason: 'Pool member returned 401'

VMware NSX

VMware NSX-T Data Center

HTTP Keep-Alives are required in order for integrated authentication to function due to the need to maintain a connection for the duration of the NTLM initialisation handshake.

Enable server keep-alive settings in the NSX load balancer application profile being used in the virtual server.