Bug ID 797541: NTLM Auth may fail when user's information contains SIDS array

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:,, 14.1.2, 15.0.0, 15.0.1

Fixed In:

Opened: Jun 24, 2019

Severity: 2-Critical

Related Article: K05115516


As a result of this issue, you may encounter one or more of the following symptoms: -- Users cannot log in through the BIG-IP APM system. -- In the /var/log/apm file, the system logs warning messages similar to the following examples: - warning eca[11256]: 01620002:4: [Common] Authentication with configuration (/Common/server1.example.com) result: user01@USER01 (WORKSTATION): Fail (UNEXP_006C0065) - warning nlad[11261]: 01620000:4: <0x2b4d27397700> client[46]: DC[]: schannel[0]: authentication failed for user 'user01', return code: 0x006c0065 Note: The reported return code may be a value other than 0x006c0065 or 0x00000007. However, the larger the size of the SIDS and Attributes array, the more likely the error value will be 0x00000007.


The authentication process fails and the user cannot log in.


This issue occurs when all of the following conditions are met: -- Your BIG-IP APM system is configured to provide NTLM front-end authentication. -- The authentication response contains a non-empty SID_AND_ATTRIBUTES array. For example, this issue can occur when the user is a member of universal groups from a trusted domain.



Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips