Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3
Fixed In:
14.0.0, 13.1.0.4, 13.0.1
Opened: Nov 15, 2017 Severity: 3-Major
APM Webtop's SSO enabled Native RDP resources can't be accessed via hardware BIG-IP with "Intel Cave Creek" coprocessor (e.g. BIG-IP 2000 (C112) or 4000 (C113)) from Mac, iOS and Android clients. Each launch attempt generates following errors in /var/log/apm: ... err vdi[123] ... {45.C} RsaDecryptData error: AsyncError:5: InvalidData ... err vdi[123] ... {45.C} An exception is thrown: handshake: decryption failed or bad record mac
RDP client can't launch requested resource (desktop/application).
Native RDP resource with enabled SSO is used on hardware BIG-IP with "Intel Cave Creek" coprocessor (e.g. BIG-IP 2000 (C112) or 4000 (C113)). The client OS is Mac, iOS or Android.
Disable crypto HW acceleration with following command: tmsh modify sys db crypto.hwacceleration value disable
SSO enabled Native RDP resources now can be accessed via hardware BIG-IP with "Intel Cave Creek" coprocessor (e.g. BIG-IP 2000 (C112) or 4000 (C113) platforms) from Mac, iOS and Android clients.