Bug ID 1043217: NTLM frontend auth fails with the latest Microsoft RDP client on MacOS 14.0.1 platform

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM(all modules)

Fixed In:
17.0.0, 16.1.3.1, 15.1.6.1, 14.1.5.1

Opened: Aug 27, 2021

Severity: 3-Major

Symptoms

NTLM frontend auth fails with the latest Microsoft RDP client on MacOS 14.0.1 platform

Impact

Users won't be able to establish RDP sessions to the backend Windows Server

Conditions

Windows Server configured as a back-end and BIG-IP is acting as an RDP gateway. After recent upgrade of MacOS Client (iOS 14.0.1), the Remote desktop starts failing. Latest Microsoft RDP clients mandate below three flags as part of NTLM CHALLENGE message which will sent from NTLM Auth Server/Proxy 1.NTLMSSP_NEGOTIATE_KEY_EXCH 2.NTLMSSP_NEGOTIATE_VERSION 3.NTLMSSP_REQUEST_TARGET Due to this, RDP client rejecting the NTLM challenge, and authentication is failing.

Workaround

None

Fix Information

Updated the ECA (NTLM frontend auth service) to include these flags as part of NTLM Challenge.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips