Bug ID 447565: Renewing machine-account password does not update the serviceId for associated ntlm-auth.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1

Fixed In:
13.0.0, 12.1.3.2, 11.5.4 HF3

Opened: Feb 06, 2014
Severity: 3-Major
Related Article:
K33692321

Symptoms

Renewing machine-account password does not update the serviceId for associated ntlm-auth. Because of this issue, you might see the following symptoms: -- End users report that they cannot access email. -- NTLM logons stop working for all users. -- Log file shows errors similar to the following: err nlad[12384]: 01620000:3: <0x566d4b90> nlclnt[71601c70a] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC.

Impact

End users will be unable to connect.

Conditions

This occurs when the system has an NTLM machine account configured, but it is not known exactly what triggers the error. It can be triggered if the machine account credentials change, but the symptom might not show up for days since the connection can be reused.

Workaround

Correct the problem by running the following command: bigstart restart eca.

Fix Information

None

Behavior Change