Forum Discussion
vysakh_139287
Nimbostratus
NimbostratusConfigSync issue in BIG-IP 1600 v11.3 HF5
Hi,
We are facing issues while trying a config sync between the nodes of the BIG-IP. We get the following error in the Gui
One or more devices are unreachable. Resolve any communication pro...
Phoenix_109783Nimbostratus
NimbostratusThis workaround worked for me , version 11.6.0 HF5 1. Made offline secondary devices 2. removed all peers from primary , and verified that on secondary devices peers are not set = all devices came to standalone 3. reset domain trust on all devices and choose generate a new-self-signed certificate 4. Generate new certificate on each machine with a common name similar to a host name of a machine 5. added all peers to a primary machine 6. added them to a HA group and sync.
Levon.
kaneshd_139008Nimbostratus
NimbostratusI have to add this worked for me too.
I was trying to go from a production pair of 1500 LTMs running 10.2.4 to a pair of lab 1600s running the same version of code, upgrade the lab boxes to 11.5.1 HF10 and move the config via UCS file to a pair of 2000 LTMs.
Restoring the UCS for 11.5.1 HF10 on the primary 2000 LTM worked, but did not for the secondary. I got an error about a certificate not being present in the "trash-bin". F5 support tried to assist, but we did not make much headway.
I resorted to editing the secondary device's SCF file so it had only the network configuration. I then tried adding it to the trust group. This did not work until I set the standby/secondary LTM to offline. I tried all the steps above independently before seeing this suggestion. Without the secondary being offline the primary and secondary would "see" each other, but give me reachability errors when trying to sync. Ping between the devices was fine, and they were connected back to back, so I knew it wasn't a switch configuration issue.
The secondary was visible and "syncable" once it was forced offline before being added to the group. I now have a working HA pair.
Hope this helps someone. If you know why there's a requirement to force the device offline before adding it to the trust group then please let me know!