Bug ID 694624: SSO enabled Native RDP resources can't be accessed via hardware BIG-IP with "Intel Cave Creek" coprocessor

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3

Fixed In:
14.0.0, 13.1.0.4, 13.0.1

Opened: Nov 15, 2017

Severity: 3-Major

Symptoms

APM Webtop's SSO enabled Native RDP resources can't be accessed via hardware BIG-IP with "Intel Cave Creek" coprocessor (e.g. BIG-IP 2000 (C112) or 4000 (C113)) from Mac, iOS and Android clients. Each launch attempt generates following errors in /var/log/apm: ... err vdi[123] ... {45.C} RsaDecryptData error: AsyncError:5: InvalidData ... err vdi[123] ... {45.C} An exception is thrown: handshake: decryption failed or bad record mac

Impact

RDP client can't launch requested resource (desktop/application).

Conditions

Native RDP resource with enabled SSO is used on hardware BIG-IP with "Intel Cave Creek" coprocessor (e.g. BIG-IP 2000 (C112) or 4000 (C113)). The client OS is Mac, iOS or Android.

Workaround

Disable crypto HW acceleration with following command: tmsh modify sys db crypto.hwacceleration value disable

Fix Information

SSO enabled Native RDP resources now can be accessed via hardware BIG-IP with "Intel Cave Creek" coprocessor (e.g. BIG-IP 2000 (C112) or 4000 (C113) platforms) from Mac, iOS and Android clients.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips