Forum Discussion
benmgood36
Nimbostratus
NimbostratusCertificate issues getting a cluster established
Forgive me for my ignorance as I'm brand new to F5...
I'm trying to set up a simple two-node failover cluster and I'm having nothing but problems. Here is my general process that I'm following: ...
Concentrate on only one device. Once both are trusted and in the same device group, then you synchronize the changes to the other device.
if it still shows as disconnected then very likely you have no IP addresses specified in Network failover for one or more of the devices, or the ports are locked down, or network failover is not enabled on the device group.
benmgood36It seems like the trust is the issue and I can't get it to the point where they would ever sync the failover group. I immediately get errors in the LTM log about the device_trust_group being inconsistent as soon as I add one to the other's peer trust. The IPs are all in place and I used the Allow All on the HA self IP. The setup utility looks like it performs this in the order you're saying to do where it sets up the peer trust and failover all on one device, but I get the same behavior there. The second device never sees the failover group and only shows the hostname of the first device and never learns the rest of its details like the serial number, MAC, and so on.
natheCirrocumulus
what happens if you telnet from one of the bigips to the other one on port 4353? i.e. telnet- natheis NTP configured and the dates/times the same on both boxes?
- benmgood36NTP was set up. I can't remember specifically doing a telnet to 4353 but I did try a curl -k https://:4353 and got some sslv3 handshake error.
