Bug ID 1043217: NTLM frontend auth fails with the latest Microsoft RDP client on MacOS 14.0.1 platform

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3

Fixed In:
17.0.0, 16.1.3.1, 15.1.6.1, 14.1.5.1

Opened: Aug 27, 2021
Severity: 3-Major

Symptoms

NTLM frontend auth fails with the latest Microsoft RDP client on MacOS 14.0.1 platform

Impact

Users won't be able to establish RDP sessions to the backend Windows Server

Conditions

Windows Server configured as a back-end and BIG-IP is acting as an RDP gateway. After recent upgrade of MacOS Client (iOS 14.0.1), the Remote desktop starts failing. Latest Microsoft RDP clients mandate below three flags as part of NTLM CHALLENGE message which will sent from NTLM Auth Server/Proxy 1.NTLMSSP_NEGOTIATE_KEY_EXCH 2.NTLMSSP_NEGOTIATE_VERSION 3.NTLMSSP_REQUEST_TARGET Due to this, RDP client rejecting the NTLM challenge, and authentication is failing.

Workaround

None

Fix Information

Updated the ECA (NTLM frontend auth service) to include these flags as part of NTLM Challenge.

Behavior Change