Bug ID 634217: AD auth fails when the kerberos pre-authentication is set to AES 128/256 with Cross Domain Support is enabled.

Last Modified: Jun 19, 2025

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Opened: Dec 19, 2016

Severity: 3-Major

Symptoms

AD auth fails when the Kerberos pre-authentication is set to AES 128/256 and the Cross Domain Support is enabled.

Impact

AD auth fails.

Conditions

AD auth config have pre-authentication is set to AES 128/256 and cross-domain is enabled in access policy.

Workaround

Enable the AES encryption in the user accounts on AD server and set pre-authentication to 'None' on AAA AD on APM and this would allow AES encryption.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips