Bug ID 704435: Client connection may hang when NTLM and OneConnect profiles used together

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,

Fixed In:

Opened: Jan 31, 2018
Severity: 2-Critical


In deployments where a NT LanManager (NTLM) authentication profile and a OneConnect profile are used together in a LTM virtual server to label an authenticated connection to a Domain Controller (DC), if the persisted connection to the DC is re-used, the connection may hang. A connection in this state may not be cleaned up by the sweeper, resulting in a memory leak.


A client connection is not serviced, and TMM memory will leak. Over a long time period, this may result in more widespread service disruptions.


The NTLM and OneConnect profiles are associated with a LTM virtual server.


Avoid the use of OneConnect profiles on virtual servers that use NTLM profiles. The connections to the Domain Controller are not pooled, but all other features are retained.

Fix Information

Fixed a problem that prevented NTLM and OneConnect profiles from working properly on the same LTM virtual server.

Behavior Change