LM-2749 API Keys: An API key created for a remotely managed user (for example, RADIUS) will not work unless the remote user ID is also added as a local user on the LoadMaster.
LM-2398 Kubernetes Ingress Controller (KIC): A real server deleted from the UI is not added back by KIC.
LM-2396 API: On the KVM platform only, the getall API call fails.
LM-2034 GEO: Starting with 7.2.55.0, using the Real Server Load selection criteria may result in no traffic being processed.
LM-1865 WAF Audit Logs: No output is returned when selecting a date range.
LM-1809, LM-1800 Azure VLM: Disk usage in the logging partition (/var/log/) may increase because of files used by the Azure agent (waagent) process that are never removed. Users who experience this issue will need to call support for a workaround.
LM-1557 Single Sign On: A segmentation fault in the SSO management process can occur under high load resulting in users being logged out. Messages like the following will be seen in the log:
kernel ssomgr[46119]: segfault at <num> ip <num> sp <num> error 4
kernel L7: verify_user: Auth request failed for id 0
LM-1527 GEO Cluster Checks: GEO cluster checks against LoadMasters configured in Clustering mode do not work.
LM-1412 API stats command: On a unit in Clustering mode, the up/down status value returned by the stats command may be different (and incorrect) compared to the status returned by listvs or vstotals.
LM-1373 Let's Encrypt ACME Certificates: After certificate renewal, the old certificate may still be in use by the Virtual Service. The workarounds are to either:
  • Remove and re-add the Virtual Service certificate
  • Disable and re-enable the Virtual Service
LM-1342 Kubernetes Ingress Controller: Ingress may stop working if the default admin gateway is modified. The workaround is to return the setting to the old gateway address.
LM-1325 Let's Encrypt UI: The UI for requesting a new certificate may not fully load with a large number of Virtual Services configured. The workaround is to use the API.
LM-477

GEO Downgrade: When downgrading from a release that supports more than 64 IPs per FQDN to a release that only supports up to 64 IPs per FQDN, the GEO configuration may become corrupted if there is at least one FQDN in the configuration that contains more than 64 IP addresses. The corruption will likely be evidenced by errors in the UI/API when you list the FQDNs.

To avoid this issue entirely, reduce the number of IPs per FQDN to 64 or less for all FQDNs defined before you downgrade.

If you have already downgraded, you can switch back to the previous boot partition to go back to the newer release (which supports > 64 IPs per FQDN); you can then reduce the number of IPs as above and downgrade again.

If neither of these options is possible, contact Progress Kemp Support who will consult with engineering on a solution to your issues.

PD-19704 GEO Cluster Status: When adding a Cluster that is unavailable (DOWN) to a Site, the Site may reflect the Cluster's status as available (UP) for a short time before changing to DOWN.
PD-19108, LM-127

GEO: Modifying an FQDN entry displays a spurious error on the system console, similar to the one shown below. The FQDN is modified properly.

<FQDN>:794 Uncaught ReferenceError: disp_addrr_elements is not defined

at <FQDN>:794

(anonymous) @ <FQDN>:794
PD-19093, LM-127 GEO: Cannot configure GEO into partnering mode unless there is at least one FQDN already defined.
PD-18646, LM-133 Certificate-Based Administrative Login: Using a certificate that does not have a SAN attribute (that is, no Principal Name) results in a failed login attempt.
PD-18615, LM-134 GEO: No statistics (queries per second, and so on) are displayed for a site if the FQDN is configured to use the "All Available" Selection Criteria.
PD-18099, LM-136 Client Certificates: Authentication may be denied if multiple "Other names" are present in the client certificate.
PD-17927 LDAP UI Access: Under certain circumstances, a user that has no LDAP credentials can gain access to the UI.
PD-15872 LDAP/Syslog: StartTLS is not working when the Server Certificate Validation flag is enabled.
PD-15633 GEO: If you add a Zone Name to GEO after you have created working FQDNs, GEO may no longer respond to queries for one or more of the FQDNs after the Zone Name is added. The workaround is to remove and then re-add the FQDNs that are no longer working.
PD-15475 VS Redirects: If you attempt to upload a new redirect error HTML file to a Virtual Service with Not Available Redirection Handling enabled while traffic is currently being redirected, then traffic to the Virtual Service is dropped. Click the Error Message radio button in the UI and the Virtual Service begins accepting connections again.
PD-15354 SSO Timeout: In LMOS 7.2.51.0, a fix was introduced for issues that caused an SSO client to not be properly logged out when the configured session timeout expires. It has been observed that while sessions do timeout, they are not always closed immediately upon the expiry of the timer; it can take close to a minute longer for the session to be closed.

PD-15294

LM-142

 ESP Verify Bearer Header: The LoadMaster does not return an error when an encrypted token is received and there is no SSL certificate assigned to the Virtual Service to decrypt the token.

PD-15172

LM-143

 ESP Verify Bearer Header: Validation is not working when "Allowed Virtual Hosts" and "Allowed Virtual Directories" are blank on the Virtual Service.
PD-14943 Single Sign On: When Form Based Authentication is enabled on the server side, it is possible that after filling out correct credentials and submitting the login form, the form will be presented again; once the second login form is submitted with correct credentials, the login succeeds.
PD-13899 ACLs and Real Servers: Real Servers located on networks on which LoadMaster also has an IP address are always allowed to access Virtual Services on that network interface regardless of any access control list (ACL) settings on LoadMaster. For Layer 7 services, this issue can be worked around using Content Rules. The workaround for other services is to block access for local Real Servers (if desired) on another network device (firewall, switch, router, and so on).
PD-12838 ESP / SSO: The ESP Permitted Group SID(s) setting is not working as expected when configured on a SubVS.
PD-12616 WAF / Compression: With Web Application Firewall (WAF) enabled, compressed files are incorrectly decompressed. As a workaround, ensure compression is enabled in Virtual Service Advanced Properties by selecting the Enable Compression option.
PD-12492 Downgrade: If an Azure VLM is downgraded to the LTS firmware release (7.1.35.x), the WUI may display in the top right-hand corner that the VLM is a Hyper-V VLM. This indicates that the Azure VLM Add-On Package must be added to the system to provide full Azure VLM functionality. If this occurs, contact Progress Kemp Support to get the required add-on package.
PD-12354, PD-10466 Hardware Support: The LoadMaster models LM-X15, LM-X25, and LM-X40 do not support the following SFP+ modules: LM-SFP-SX (SFP+ SX Transceiver 1000BASE-SX 850nm, 550m over MMF), LM-SFP-LX (SFP+ LX Transceiver 1000BASE-LX 1310nm, 10KM over SMF).
PD-12237 HA / NTP: Configuring NTP for the first time after the system is running in High Availability (HA) mode and when the current time on the machines is not correct, may cause the systems to both go into the Master state.
PD-12147 ESP / RADIUS: In a LoadMaster configuration with ESP and Radius server-side authentication enabled, sessions may fail to be established.
PD-12058 Browser Support: An issue exists when connecting to the LoadMaster WUI when using newer versions of the Firefox browser on initial configuration of a hardware FIPS LoadMaster.
PD-11861 RADIUS / IPv6: IPv6 is not supported by the current RADIUS implementation in the LoadMaster for both WUI Authorization and ESP Authentication.
PD-11166 Networking: Azure LoadMasters are not translating the additional network address between the Master and Slave correctly.
PD-11044 SharePoint Virtual Services: A second authentication prompt is presented when a file is uploaded to SharePoint with the following configuration: WAF is configured with Process Responses enabled on the main Virtual Service and KCD is enabled on the SubVS level for server-side authentication.
PD-10917 HA: An issue exists when setting up a 2-armed HA Virtual LoadMaster in Azure.
PD-10784 HA: Configuring LoadMaster HA using eth1 on an Amazon Web Services (AWS) Virtual LoadMaster does not work.
PD-10193 Exchange 2010 Virtual Services: A WAF, ESP, and KCD configuration with Microsoft Exchange 2010 is not supported.
PD-10188 Browser Support: (Safari) When adding a Real Server to a Virtual Service or SubVS using the Safari browser, the list of available Real Servers is not available.
PD-10159 Statistics: When upgrading firmware from version 7.1.35.n, CPU and network usage graphs are not appearing. As a workaround, reset the statistics in the UI.
PD-10136 Clustering: In a LoadMaster cluster configuration, a new node can be added with the same IP address as an existing node.
PD-9816, PD-9476 WAF: There is an API command to list individual rules in a ruleset, but there is no command to list the available rulesets themselves.
PD-9765 GEO: DNS TCP requests from unknown sources are not supported.
PD-9507 Networking: Unable to add an SDN controller using the RESTful API/WUI in a specific scenario.
PD-9375 SharePoint Virtual Services: Microsoft Office files in SharePoint do not work in Firefox and Chrome when using SAML authentication.