Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5
Fixed In:
14.0.0, 13.1.0.6
Opened: Jan 31, 2018 Severity: 2-Critical
In deployments where a NT LanManager (NTLM) authentication profile and a OneConnect profile are used together in a LTM virtual server to label an authenticated connection to a Domain Controller (DC), if the persisted connection to the DC is re-used, the connection may hang. A connection in this state may not be cleaned up by the sweeper, resulting in a memory leak.
A client connection is not serviced, and TMM memory will leak. Over a long time period, this may result in more widespread service disruptions.
The NTLM and OneConnect profiles are associated with a LTM virtual server.
Avoid the use of OneConnect profiles on virtual servers that use NTLM profiles. The connections to the Domain Controller are not pooled, but all other features are retained.
Fixed a problem that prevented NTLM and OneConnect profiles from working properly on the same LTM virtual server.