Bug ID 671892: AD Auth/Query may fail when cross-domain option is requested

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3,,,,, 11.6.4, 11.6.5,,,

Fixed In:

Opened: Jun 30, 2017

Severity: 3-Major


AD Auth/Query may fail when cross-domain option is enabled, and AD Trusted Domains object is configured for the agent.


the agent will fail and take fallback branch


when all of the following is true: - AD Auth/Query is configured to use AD Trusted Domains - cross-domain option is enabled - user belongs to some trusted domains and AAA AD Server for that domain is a member of AD Trusted Domains - the AAA AD Server is configured with EMPTY KDC


for the affected AAA AD Server, please, configure KDC. it can be any acceptable value (IP, FQDN, LTM pool), but not empty

Fix Information

Cross-realm AD Auth/Query now succeeds, even if the AAA AD Server has no KDC configured.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips