Forum Discussion
Jansson
Nimbostratus
Nimbostratusconfig from 9..4.5 to 10.2.2
Hi!
I have made clean install of 10.2.2 and like to move config from 9.4.5
Is there a easy way to copy/move?
Or is the only way to install older version, move config and upgrade? Can I do it without removing 10.2.2 install? And if yes, how?
Thx in advance!
nitassEmployee
you can import 9.4.x ucs to 10.2.x software. anyway, you will get license error if registration key is not valid on 10.2.x unit.
the following is steps i did.
1. activate 10.2.x license
2. backup /config/bigip.license
3. restore 9.4.x ucs to 10.2.x
4. replace /config/bigip.license with the backup in (2)
5. run bigstart restart
if there is configuration compatible issue, it will show up after (5) or you may run b load. so, we have to fix it one by one.
hope this helps.
JanssonThanks for reply! Funny, at now it really loads config. At first time, there were some problems to upload ucs. Also tried to b verify/load, but some errors came up. Perhaps corrupted archive file, or something.
But still, there is no virtuall servers or nodes etc after restoring old version. Interfaces, Self IP's and VLAN's looks good.
Next step is to get rid of "BIGpipe client SSL profile creation error". http://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html shold help...- nitassif there is still an error when running b load, i don't think you can see configuration e.g. virutal server, pool, etc.
to fix an error, you may edit configuration file directly i.e. bigip.conf, bigip_base.conf and run b load again. i am not sure what ssl profile creation error really is but i think looking at that ssl profile setting in the configuration file might be helpful.
cheer! 
Srini_87152Cirrostratus
Important: The UCS restore operation will restore the full configuration only if the hostname of the target system matches the hostname on which the UCS archive was created. If the hostname does not match, only the shared configuration will be restored. You can set the hostname of the BIG-IP system on the System >> Platform screen of the Configuration utility, or by using the bigpipe system hostname command at the BIG-IP command line.
REf soluation might help you----http://support.f5.com/kb/en-us/solutions/public/11000/300/sol11318.html
Kurt_Knochner_5Cirrus
@Jan
Can you please post the error message you are getting while running "b load" ?
Regarding the "ssl profile error":
Did you restore the configuration on the same hardware or a new one (please also check the hostname, as mentioned in another post)?
If it's a new one AND your SSL private keys have been encrypted (there is a passphrase in the ssl profile), then you are in trouble. The SSL keys will be encrypted on disk with a hardware specific key. So, restoring the config on a new hardware will fail for the SSL private keys. If there are no SSL Keys (as not restored from backup), you might get those errors for the SSL profile!
I ran into this lately. Apparently there is no solution except
a.) doing a config sync after you added the new hardware to an existing cluster (apparently hardware keys will be snyced somehow in a cluster)
b.) re-importing the original ssl keys.
Regards
Kurt Knochner- JanssonIts new hardaware (old 1500, and new 1600-series). Hostname is same.
b load error was earlier, when I could not import ucs archive. Now it was imported OK. But after restart I get "BIGpipe client SSL profile creation error". I think that I have to find out passpharses of SSL certs etc... may take a while.
But still, I should get all virtual servers etc after restore. But that has not happened in my case. Perhaps I have to try backup/restore once again.
Also when I check out in exmaple routing, at config file those exists, but on GUI there is no routes.
I'm lucky that I'm not in rush at this one. Old one is running OK. And it's also nice to have some experience :D
Thank's for all for your help. - nitassNow it was imported OK. But after restart I get "BIGpipe client SSL profile creation error". I think that I have to find out passpharses of SSL certs etc... may take a while. if you don't know passphrase yet, you may delete it from /config/bigip.conf first and add it later.
But still, I should get all virtual servers etc after restore. But that has not happened in my case. Perhaps I have to try backup/restore once again. if i'm not wrong, backup config is copied to 1600 unit already but it cannot be loaded since clientssl profile error. you may check content in /config/bigip.conf. after correcting the clientssl profile, run b load and virtual server could be there.
Also when I check out in exmaple routing, at config file those exists, but on GUI there is no routes. routing is stored in /config/bigip.conf as well. - JanssonI'll have a try. Thanks for tips!
- Kurt_Knochner_5b load error was earlier, when I could not import ucs archive. Now it was imported OK. But after restart I get "BIGpipe client SSL profile creation error". O.K., so what is the error message if you run a "b load" at the CLI? Is it just the client SSL profile error, or anything else? I think that I have to find out passpharses of SSL certs etc... may take a while.
But still, I should get all virtual servers etc after restore.
If there is an error during import, the whole config might not be imported (check /config/bigip.conf).
Regarding the SSL Keys: Check /config/ssl/ssl.key/*.* on your original machine.
Are there any encrypted keys (look for DES/3DES after the "BEGIN RSA PRIVATE KEY" line).
Regards
Kurt Knochner 
kridsanaCirrocumulus
Hi Kurt,
I've experience this problem too and whole config not import .
I found some ssl client profile have passphase and there is encrypt key in ../ssl.key/..
How to fix this problem?
Thank you