Forum Discussion
fubarSUSHI
Altocumulus
AltocumulusConfig Sync issue (both boxes are staying "disconnected")
Need help... I currently dont have access to the boxes and Im tempted to just call support but trying to avoid it. (Not saying there is anything wrong with calling support but I know Im missing something basic!)
Here are my steps (Im resetting everything):
1. Device Groups >(device group previously setup) put both boxes back to available.
2. Delete the existing device group.
3. Reset Device Trust. Choose Generate New Self-Signed Authority.
4. Device Trust>Peer list. Establish peering. (It is able to see peer no problem.)
5. Create device groups. "test-sync-failover". Put both devices in "includes". and check Network Failover.
6. Confirm both devices are in the Device List area.
7. Overview>(click self device)>choose "Sync Device to Group">Choose "Overwrite Configuration">Sync
Boxes are showing disconnected. What can I check? Are there a specific log I can look at to find out why they cannot sync? Should I reset the whole darn configuration and start from scratch again?
Mifoche_189270Nimbostratus
Found this topic while troubleshooting HA issues in our lab. I would put emphasis on two things:
1) Use NTP server(s) for both peers.
2) Make sure when adding a peer that you're using it's HA VLAN dedicated IP. Verify currently configured confisync-ip (list cm device DEVICE_NAME configsync-ip) - I believe this was the main reason our configuration wasn't working.
In our case we had an IP from our internal VLAN listed there (from 172.16.x.x range in our case), and even though we were able to "dicover" peer by using its HA VLAN address (from 192.168.x.x range) the devices stayed out-of-sync (Disconnected state).
Once we changed configsync-ip configuruation to match HA VLAN address it worked like a charm.
EricBrokeIt_245Just wanted to pass this along, we tried this process for an initial setup and it worked. But we also found out that we had to have the admin passwords matching on both systems prior to sync setup.
2funky_105078Cirrus
not working for me. It's all ok (peers are green) until i put them inside a device group when i get Disconnected
maybe its a certificate issue? Which certificates should be shared between the 2 devices?
Shall i see the other LTM certificate here?
System ›› Device Certificates : Trusted Device Certificates ›› Trusted Device Certificates
i am also using 11.3.0(39) free trial
Muhammad_Ausaf_Dear dirtiPacket;
Unfortunately your solution is not working for me.....am still getting Disconnected Status....am working on Big-IP v 11.3.0.39.........:(
Pls can you suggest a fix...
Waiting eagerly for your kind reply.
Regards.
jba3126I have a slightly different situation. Is there a way to reset the device trust via the cli/tmsh?
Muhammad_Ausaf2Dear dirtiPacket;
Unfortunately your solution is not working for me.....am still getting Disconnected Status....am working on Big-IP v 11.3.0.39.........:(
Pls can you suggest a fix...
Waiting eagerly for your kind reply.
Regards.
- jba3126I have a slightly different situation. Is there a way to reset the device trust via the cli/tmsh?
netgcWorked like magic.
- fubarSUSHI
http://support.f5.com/kb/en-us/solutions/public/13000/900/sol13946.html?sr=33711178cso
Great article to look at...
- fubarSUSHI
Self fixed.
- Device Groups >(device group previously setup) put both boxes back to available.
- Delete the existing device group.
- Reset Device Trust. Choose Generate New Self-Signed Authority.
- REBOOT THE VE!!!!!!
- Device Trust>Peer list. Establish peering. (It is able to see peer no problem.)
- Create device groups. "test-sync-failover". Put both devices in "includes". and check Network Failover.
- Confirm both devices are in the Device List area.
- Overview>(click self device)>choose "Sync Device to Group">Choose "Overwrite Configuration">Sync
- zoomlmk
You are a god amongst men. Saved my hide with your steps to resurrect a HA pair. Thank you!
satish_txt_2254This is perfect solution! it works for me, but i am curious what was the problem behind this?
Doug_123818Worked for me too. And the same as rouanon it is a fight every time I set these up in an HA pair. Now I just call TAC and let them do it.