• Slow LDAP or Active Directory authentication.
• Pings between the same endpoints show no packet loss.
• Authentication delays are not observed when bypassing the F5 load balancer.
• Packet captures taken on VM switchport level show repeated TCP retransmissions between the F5 VM and DC VM IPs.

VMware vCenter Server 8.x

VMware vSphere ESXi 7.x

This behavior has been observed when the F5 load balancer does not acknowledge (ACK) packets from the Domain Controller within the expected TCP timeout window, leading to retransmissions and delayed authentication responses.

Analysis of packet captures revealed a significant number of TCP retransmissions originating from the Domain Controller to the F5 VM, indicating that the F5 system was not sending ACKs promptly.

As the issue disappears when the F5 load balancer is bypassed, it indicates that the delay originates within the F5 TCP handling or interaction with the Windows TCP stack, rather than the VMware virtual network layer.

From the VMware perspective, there are no indications of network loss, drops, or latency within the virtual networking layer. The connectivity between the virtual machines remains stable, and ICMP tests show no packet loss.

Since the behavior occurs only when traffic passes through the F5 load balancer, this issue should be further investigated with the F5 vendor.

F5 has published the following related articles addressing similar symptoms

• K000138112: Poor TCP performance with Windows 2019 server pool members
• K28124274: BIG-IP not sending ACKs to pool member fast enough