Bug ID 676854: CRL Authentication agent will hang waiting on unresponsive authentication server.

Last Modified: Jan 29, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4

Fixed In:
14.0.0

Opened: Aug 03, 2017
Severity: 3-Major

Symptoms

Some authentication requests never complete. APMD responsiveness degrades over time and eventually restarts.

Impact

APMD responsiveness degrades over time, usually weeks, before eventually restarting.

Conditions

The CRL Authentication server must be alive enough to accept connections but busy enough to drop requests without closing connections.

Workaround

Restarting the CRL Authentication server usually releases the waiting threads and restores APMD responsiveness. Using a BIG-IP monitor for the CRL backend can detect the issue and allow recovery before the need for APMD to restart.

Fix Information

CRL agent now times out and returns an error when the CRL server becomes unresponsive.

Behavior Change

The CRL Authentication agent now times out and returns an error instead of waiting forever. In previous releases, if enough threads were waiting, APMD performance degraded and eventually restarted.