Bug ID 676854: CRL Authentication agent will hang waiting on unresponsive authentication server.

Last Modified: May 01, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,,

Fixed In:

Opened: Aug 03, 2017
Severity: 3-Major


Some authentication requests never complete. APMD responsiveness degrades over time and eventually restarts.


APMD responsiveness degrades over time, usually weeks, before eventually restarting.


The CRL Authentication server must be alive enough to accept connections but busy enough to drop requests without closing connections.


Restarting the CRL Authentication server usually releases the waiting threads and restores APMD responsiveness. Using a BIG-IP monitor for the CRL backend can detect the issue and allow recovery before the need for APMD to restart.

Fix Information

CRL agent now times out and returns an error when the CRL server becomes unresponsive.

Behavior Change

The CRL Authentication agent now times out and returns an error instead of waiting forever. In previous releases, if enough threads were waiting, APMD performance degraded and eventually restarted.