After we created an NTLM machine account we are getting this error. When looking into AD we see the account have been created. Is there anything else we need to look at? May 19 13:26:35 f5boxname err nlad[12196]: 01620000:3: <0x55d61b90> nlclnt[13f04640a] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC x.x.x.x (IP of domain controller) May 19 13:26:35 f5boxname err nlad[12196]: 01620000:3: <0x55e62b90> nlclnt[13f04640a] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC x.x.x.x May 19 13:26:36 f5boxname err nlad[12196]: 01620000:3: <0x56064b90> nlclnt[12a35640a] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC x.x.x.x May 19 13:26:36 f5boxname err nlad[12196]: 01620000:3: <0x56266b90> nlclnt[12a35640a] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC x.x.x.x May 19 13:26:36 f5boxname err nlad[12196]: 01620000:3: <0x56468b90> nlclnt[12b35640a] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC x.x.x.x May 19 13:26:36 f5boxname err nlad[12196]: 01620000:3: <0x56569b90> nlclnt[12b35640a] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC x.x.x.x May 19 13:26:36 f5boxname err nlad[12196]: 01620000:3: <0x56367b90> nlclnt[12b35640a] init: Error [0xc000006d,NT_STATUS_LOGON_FAILURE] connecting to DC x.x.x.x

Are you able to "Renew Machine Password".. Access Policy ›› Access Profiles : NTLM : Machine Account The error seems to show the account created is having issues. For client side NTLM auth debug logs, following db key should help: tmsh sys modify db log.eca.level value debug.

Hi kj07208, I have exactly the same problem here. And when I enabled debug I see the following: Jan 20 16:27:56 chsrv035 debug nlad[6717]: 01620000:7: <0x56805b90> nlclnt[40d148d0a]: is now initializing. Jan 20 16:27:56 chsrv035 debug nlad[6717]: 01620000:7: <0x56805b90> NLAD_TRACE: cli_full_connection(output_cli = 0x9392a68, my_name = "CHSRV035", dest_host = "chsrv113.ads.domain.com", port = 445, service = "IPC$", service_type = "IPC", user = "CHSRV035$", domain = "ADS") Jan 20 16:27:56 chsrv035 debug nlad[6717]: 01620000:7: <0x56805b90> NLAD_TRACE: cli_full_connection(output_cli = 0x9392a68) = 0x0 Jan 20 16:27:56 chsrv035 debug nlad[6717]: 01620000:7: <0x56805b90> NLAD_TRACE: cli_rpc_pipe_open_ntlmssp(cli = 0x9392a68, domain = "ADS", username = "CHSRV035$", presult = 0x9390d20) Jan 20 16:27:56 chsrv035 debug nlad[6717]: 01620000:7: <0x56805b90> NLAD_TRACE: cli_rpc_pipe_open_ntlmssp(cli = 0x9392a68, presult = 0x9390d20) = 0x0 Jan 20 16:27:56 chsrv035 debug nlad[6717]: 01620000:7: <0x56805b90> NLAD_TRACE: rpccli_netlogon_setup_creds(cli(pipe) = 0x9390d20, server_name = "chsrv113.ads.domain.com", domain = "ADS", clnt_name = "CHSRV035", machine_account = "CHSRV035", neg_flags_inout = 0x600FFFFF) Jan 20 16:27:56 chsrv035 debug nlad[6717]: 01620000:7: <0x56805b90> NLAD_TRACE: rpccli_netlogon_setup_creds(cli(pipe) = 0x9390d20) = 0x0 Jan 20 16:27:56 chsrv035 debug nlad[6717]: 01620000:7: <0x56805b90> NLAD_TRACE: cli_rpc_pipe_open_schannel_with_key(cli = 0x9392a68, domain = "ADS", pdc.mach_acct = "CHSRV035$", pdc.remote_machine = "\chsrv113.ads.domain.com", pdc.domain = "ADS", presult = (nil)) Jan 20 16:27:56 chsrv035 debug nlad[6717]: 01620000:7: <0x56805b90> NLAD_TRACE: cli_rpc_pipe_open_schannel_with_key(cli = 0x9392a68, presult = (nil)) = 0xC00000CA Jan 20 16:27:56 chsrv035 err nlad[6717]: 01620000:3: <0x56805b90> nlclnt[40d148d0a] init: error [0xc00000ca,NT_STATUS_NETWORK_ACCESS_DENIED] setting up secure pipe I don't know how to fix that. What I will do is delete the NTLM Machine Object in AD and recreate it again. If it is not working, I will open a case at F5.

I just tested it in another environment with standard AD install (No changes in Tree). I have exactly the same problem here. Is think this feature is not working in general. I will open a case and post the answer here when I have news...

Hi Anyone have an update on this issue?

Hi all, According to F5 this problem will be fixed in the upcoming v12.

Getting error after creating NTLM machine account

21 Replies

Marc_Edgerly_57
Historic F5 Account
Mar 02, 2015
After successfully renewing the machine account password, I continued receiving the same error messages as this thread.

Rebooting seems to have fixed it... imagine that!
- MXV_164448
  Nimbostratus
  Mar 05, 2015
  I'm also having this bug, did someone got a workaround?
naheed_195234
Nimbostratus
Apr 01, 2015
Hi,

Does anyone have any updates on this issue? We are experiencing the exact same and the is effecting user access to certain services...

Thanks!
Peter_Baumann
Cirrostratus
May 04, 2015
Hi naheed, This problem is fixed in v12, we could successful test it with a beta v12. I have heard that the v12 should be released in June this year.
Peter_Baumann
Cirrostratus
May 28, 2015
Hi Colin, Unfortunately this is not the only bug which seems to be fixed "in the next major release". Today software is a nightmare for me, but I'm happy that F5 is one of the better companys with a clean release concept, support, community etc. I know other companys were the software release cycle, support etc. is the real hell.
Thrillseeker_12
Cirrus
Mar 02, 2016
Does anybody know the fix for this issue in APM v12 release notes? https://support.f5.com/kb/en-us/products/big-ip_apm/releasenotes/product/relnote-apm-12-0-0.htmlrn_apm_1200_fixes

Is it 439880 ?

thx for feedback
Thrillseeker_12
Cirrus
Apr 29, 2016
Hi all,

Just want to inform you that 11.6 HF6 solved my problem. There was no need to update to version 12.x. Bug ID 439880 was definitely the solution. After re-creating the NTLM machine account everything was working like a charm.

Great stuff f5 :-)

cheers Thrillseeker
Andrei_128537
Nimbostratus
Nov 11, 2016
I have seen this post 2 weeks ago when I had F5 BigIP v11.6 and I had the same problem. Yesterday I upgraded to v12.1.1 HF2 (so everything has been restarted) and still have the problem.

F5 support gave me this solution: https://support.f5.com/kb/en-us/solutions/public/k/33/sol33692321.html but still I have the error. After "bigstart restart eca" I see in the log: Nov 11 11:54:36 {device_name} notice eca[17789]: 01620003:5: Successful registration: /Common/{NTLM Auth Configuration}, service Id: 6 for domain . (**) DC: server_FQDN (Server_IP), account: {machine_account_name}

But nlad still got the error NT_STATUS_LOGON_FAILURE

For me, the problem is not resolved...
TCP179_220919
Nimbostratus
Nov 21, 2016
Hi Andrei, If there is a firewall between the big-ip system and AD, make sure that TCP port 464 is opened along with ports 88 and 445.

Port 464 is the tricky one, and I spent one full day investigating these logon-failure logs.

Below are the recommended steps seq: - open tcp 464 in FW - delete ntlm-auth config - delete ntlm-machine account - restart eca "tmsh restart sys services eca" - recreate the ntlm machine account - recreate ntlm-auth config

TCP179