Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP APM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3
Fixed In:
17.0.0, 16.1.3.1, 15.1.6.1, 14.1.5.1
Opened: Aug 27, 2021
Severity: 3-Major
NTLM frontend auth fails with the latest Microsoft RDP client on MacOS 14.0.1 platform
Users won't be able to establish RDP sessions to the backend Windows Server
Windows Server configured as a back-end and BIG-IP is acting as an RDP gateway. After recent upgrade of MacOS Client (iOS 14.0.1), the Remote desktop starts failing. Latest Microsoft RDP clients mandate below three flags as part of NTLM CHALLENGE message which will sent from NTLM Auth Server/Proxy 1.NTLMSSP_NEGOTIATE_KEY_EXCH 2.NTLMSSP_NEGOTIATE_VERSION 3.NTLMSSP_REQUEST_TARGET Due to this, RDP client rejecting the NTLM challenge, and authentication is failing.
None
Updated the ECA (NTLM frontend auth service) to include these flags as part of NTLM Challenge.
