Forum Discussion
NimbostratusBigip Restoration From Hardware to VM
Hi All,
I wanted to know about the prerequisites and the proper steps to do the restoration test from an F5 r2600 Device to an F5 Bigip VM.
So I have tried it and it comes with multiple errors
2026 Mar 17 18:10:15 Hostname.COM logger[3452]: Re-starting named
Reloading License and configuration - this may take a few minutes...
Broadcast message from systemd-journald@Hostname.COM (Tue 2026-03-17 18:10:21 IST):
load_config_files[4013]: "/usr/bin/tmsh -n -g -a load sys config partitions all " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure
Unexpected Error: Loading configuration process failed.
2026 Mar 17 18:10:21 Hostname.COM load_config_files[4013]: "/usr/bin/tmsh -n -g -a load sys config partitions all " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure
Broadcast message from systemd-journald@Hostname.COM (Tue 2026-03-17 18:10:21 IST):
load_config_files[4542]: "/usr/bin/tmsh -n -g -a load sys config partitions all base " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure
Unexpected Error: Loading configuration process failed.
2026 Mar 17 18:10:21 Hostname.COM load_config_files[4542]: "/usr/bin/tmsh -n -g -a load sys config partitions all base " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure
Configuration loading error: base-config-load-failed
For additional details, please see messages in /var/log/ltm
Is it all coming due to a mismatch of the Master Key or something?
Both devices are in the same version, and I also verified the resource provisioning.
I wanted to know the reason for this and also the proper steps to test restoration from F5 hardware to VM.
SME's Kindly help me on this..
1 Reply
akonuModerator
Hello Sankar_Ganesh
I found some information that could help answer your question on our myf5 portal.
According to the Article
K9420: Installing UCS files containing encrypted passwords or passphrases (11.5.x and later)
https://my.f5.com/manage/s/article/K9420
The issue appears to be that you have passwords in the configuration file. to resolve the issue, please enter the crypto passcode or, you can also copy the master key from the r2600 tenant
Obtain the password or passphrase used to reset the master key.
Log in to tmsh by typing the following command:
tmshReset the master key by typing the following command:
modify sys crypto master-key prompt-for-passwordAt the password prompt, enter the master key password or passphrase.
Secure copy the UCS file to the /var/local/ucs directory of the BIG-IP system. For information about transferring files, refer to K175: Transferring files to or from an F5 system.
Load the UCS by using the following command syntax:
load sys ucs <ucs_archive_name>Save the BIG-IP configuration by typing the following command:
save sys configor
f5mku -K
The command output appears similar to the following example:
oruIVCHfmVBnwGaSR/+MAA==
Copy the output.
Note: The output is the master key that you will install on the RMA BIG-IP system.Log in to the RMA BIG-IP system command line.
Install the master key that you copied in step 3 to the RMA BIG-IP system using the following command syntax:
f5mku -r <key_value>For example:
f5mku -r oruIVCHfmVBnwGaSR/+MAA==
Verify that the master key is the same on the active peer BIG-IP system and the RMA BIG-IP system by typing the following command from the command lines of both systems:
f5mku -Ksave the config using the command below
tmsh save sys config
Restore the UCS file to the RMA BIG-IP system using the following command syntax:
tmsh load sys ucs <file_name>.ucs no-licenseI hope this helps
