Bug ID 704435: Client connection may hang when NTLM and OneConnect profiles used together

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,

Fixed In:

Opened: Jan 31, 2018

Severity: 2-Critical


In deployments where a NT LanManager (NTLM) authentication profile and a OneConnect profile are used together in a LTM virtual server to label an authenticated connection to a Domain Controller (DC), if the persisted connection to the DC is re-used, the connection may hang. A connection in this state may not be cleaned up by the sweeper, resulting in a memory leak.


A client connection is not serviced, and TMM memory will leak. Over a long time period, this may result in more widespread service disruptions.


The NTLM and OneConnect profiles are associated with a LTM virtual server.


Avoid the use of OneConnect profiles on virtual servers that use NTLM profiles. The connections to the Domain Controller are not pooled, but all other features are retained.

Fix Information

Fixed a problem that prevented NTLM and OneConnect profiles from working properly on the same LTM virtual server.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips