Bug ID 668532: Cached stale Kerberos tickets can cause auth failures.

Last Modified: Apr 19, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:

Opened: Jun 09, 2017
Severity: 3-Major


After an upgrade, an attempt is made to update/renew an expired Kerberos ticket, and if that does not occur; it will result in stale/old Kerberos ticket causing APM end users to experience failures in authentication.


APM end users experience authentication failures and loss of connectivity.


Kerberos tickets cannot be cleared and renewed.


Restart Kerberos Cache.

Fix Information

A button is provided to be able to clear Kerberos cache from GUI. Similarly there is an option provided to clear cache using TMSH, using the following command: tmsh modify active-directory ad-auth-server cleanup-cache kerberos

Behavior Change