Bug ID 1207917: SSL Orchestrator - NTLM authentication may stop working after a TMM restart or upgrade

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3

Opened: Dec 08, 2022
Severity: 2-Critical

Symptoms

NTLM authentication may stop working after a TMM restart or upgrade. ECA debug logs similar to the following: Dec 8 06:25:44 bigip1 debug eca[18424]: 01620012:7: eca_module_ntlm.cpp:795 ntlm_cfg_process_op_find_set_cfg, err = ECA_ERR_NOT_FOUND Dec 8 06:25:44 bigip1 debug eca[18424]: 01620012:7: eca_module_ntlm.cpp:730 ntlm_cfg_handler, err = ECA_ERR_NOT_FOUND bigip1 err eca[18424]: 0162000e:3: Invalid argument (/Common/ntlm-f5lab-config) Dec 8 06:25:44 fbigip1 err eca[18424]: 0162000e:3: Invalid metadata (select_ntlm:/Common/ntlm-f5lab-config)

Impact

NTLM authentication problems, HTTP 503 error page returned to client.

Conditions

TMM restart, upgrade

Workaround

In the GUI, navigate to Access ›› Authentication : NTLM : NTLM Auth Configuration ›› affected-ntlm-config. Edit the FQDN, leave it the same, and save the configuration. or Run the following command: bigstart restart nlad

Fix Information

None

Behavior Change