Last Modified: Jan 11, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4
Fixed In:
17.1.2
Opened: Jun 28, 2024 Severity: 3-Major
NTLM authentication starts failing all of a sudden. Users keep getting an authentication window. /var/log/apm shows logs such as: err eca[22803]: 0162000e:3: Kerberos Auth failed (-1) modules/Authentication/Kerberos/KerberosAuthAgent.cpp func: "KerberosAuthAgentexecuteInstance()" line: 446 Msg: EXCEPTION getObjectConfigData() failed Running such command on the BIG-IP is showing a lot of results: netstat -panoW | grep eca | grep CLOSE_WAIT ... tcp 0 0 127.0.0.1:49096 127.0.0.1:10003 CLOSE_WAIT 14966/eca off (0.00/0/0) tcp 0 0 127.0.0.1:35004 127.0.0.1:10003 CLOSE_WAIT 14966/eca off (0.00/0/0) ...
Users cannot access resources protected by NTLM authentication
-- BIG-IP is running on version 17.1.x -- NTLM authentication is configured
Run the following command to restart eca: bigstart restart eca
Handled the eca fd by closing them after use, i.e. after required communication with the apmd is done.