K55889450: BIG-IP APM NTLM authentication for RDP client gateway and Microsoft Exchange Proxy are incompatible with the Microsoft workaround for MS17-010 (WannaCry / EternalBlue)
Microsoft has released security bulletin MS17-010 announcing a recommended software security patch to fix multiple vulnerabilities in SMBv1. A procedure to disable SMBv1 is listed as a workaround. When this workaround is implemented, NTLM authentication in BIG-IP APM fails for RDP client gateway deployments, and Microsoft Exchange ActiveSync proxy deployments.
As a result of this issue, you may encounter one or more of the following symptoms:
Users are unable to authenticate when accessing RDP or Exchange services using the BIG-IP APM system.
The BIG-IP APM system generates messages to the /var/log/apm file that appear similar to the following example:
01620000:3: <0x55abeb70> nlclnt[129010a0a] init: Error [0xc0000011,NT_STATUS_END_OF_FILE] connecting to DC 10.10.10.10