Forum Discussion
Nimbostratusconfiguration not yet loaded...
In light of a recent security scan that brought to our attention the week ciphers and such on the F5 self-ip addresses it was decided to take the recommendation of setting the port lock down settings to allow-none. With a 2 node active/passive cluster I performed the port lock down on the active node first by doing the following. Click on all self-ip addresses (floating/non-floating) and set the port lock down setting to allow-none. I then performed a sync-to-group where everything sync'ed up just fine. I then let this sit for a few days to ensure we had no production problems with the configuration. I then did the same process on the standby node, port lock down on all sefl-ip then sync'ed-to-group.
When I did this on the passive node shortly after I started receiving a banner across the the top telling me "The configuration has not yet loaded. If this message persists, it may indicate a configuration problem.". Did I do something wrong here? I'm almost positive that it's a security best practice from F5 to enable these settings on the self-ip addresses.
7 Replies
natheCirrocumulus
Nathan - what happens if you load "tmsh load sys config" on the Standby - does this give you any more info as to why the config isn't loading?
Nathan_VitirittI get the following when running "tmsh load sys config" on the standby unit:
Loading system configuration... /defaults/asm_base.conf /defaults/config_base.conf /defaults/low_profile_base.conf /defaults/policy_base.conf /defaults/wam_base.conf /defaults/analytics_base.conf /defaults/apm_saml_base.conf /defaults/app_template_base.conf /defaults/classification_base.conf /defaults/daemon.conf /defaults/fullarmor_gpo_base.conf /defaults/profile_base.conf /defaults/sandbox_base.conf /defaults/security_base.conf /usr/share/monitors/base_monitors.conf Loading configuration... /config/bigip_base.conf /config/bigip_user.conf /config/bigip.conf /config/bigip_script.conf 01070712:3: _identify_jobs_todo:(/Common/.generic.com-20140214.crt) :Failed: name (/Common/.generic.com-20140214.crt) No copy in trash-bin to restore from. - sys/validation/FileObject.cpp, line 3064
- nitass
Employee
is this relevant? sol12812: The Configuration utility and tmsh incorrectly allow profile names that begin with a non-alphabetic character https://support.f5.com/kb/en-us/solutions/public/12000/800/sol12812.html - Nathan_VitirittWe are running 11.4.1 so from the article this doesn't apply.
- nathethat's a new one on me. Anything else in /var/log/ltm? does the crt file exist on your bigip, or that active? hopefully some other DCer might have seen this. Have you got a recent UCS you can restore and then see if configsync works?
