Bug ID 676854: CRL Authentication agent will hang waiting on unresponsive authentication server.

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,

Fixed In:

Opened: Aug 03, 2017

Severity: 3-Major


Some authentication requests never complete. APMD responsiveness degrades over time and eventually restarts.


APMD responsiveness degrades over time, usually weeks, before eventually restarting.


The CRL Authentication server must be alive enough to accept connections but busy enough to drop requests without closing connections.


Restarting the CRL Authentication server usually releases the waiting threads and restores APMD responsiveness. Using a BIG-IP monitor for the CRL backend can detect the issue and allow recovery before the need for APMD to restart.

Fix Information

CRL agent now times out and returns an error when the CRL server becomes unresponsive.

Behavior Change

The CRL Authentication agent now times out and returns an error instead of waiting forever. In previous releases, if enough threads were waiting, APMD performance degraded and eventually restarted.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips