Forum Discussion
CirrusDevice Group lost the trust...
I have a pair of LTM 5000s working in HA. Everything was working Fine for 6 months. All of sudden i started getting logs like this
Nov 17 19:50:34 www debug tmm1[398]: 01260006:7: Peer cert verify error: certificate not trusted (depth 0; cert /CN=www.mobilinkfrflbr2.com)
Where www.mobilinkfrflbr2.com is the peer device. And after half day devices started flapping (standby, offline, active, offline, standby). I forced standby device offline. Configured Device group again but still getting the same log so now not bringing the device online.
Please help me what could have happened and how to fix it now?
11 Replies
Vitaliy_SavransNacreous
Hi, may be this solution will help you https://support.f5.com/kb/en-us/solutions/public/13000/900/sol13946.html
nitass_89166Noctilucent
is tmm ssl-log-level set to debug?
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list sys daemon-log-settings tmm ssl-log-level sys daemon-log-settings tmm { ssl-log-level warning }i think the log may not relate to devices started flapping issue. is there any log during the issue is happening?
Muhammad_Irfan1Nov 14 14:43:32 www notice sod[7146]: 01140029:5: HA daemon_heartbeat tmm1 fails action is go offline down links and restart. Nov 14 14:43:32 www notice sod[7146]: 01140029:5: HA daemon_heartbeat tmm2 fails action is go offline down links and restart. Nov 14 14:43:32 www notice sod[7146]: 01140029:5: HA daemon_heartbeat tmm3 fails action is go offline down links and restart. Nov 14 14:43:32 www notice sod[7146]: 01140029:5: HA daemon_heartbeat tmm4 fails action is go offline down links and restart. Nov 14 14:43:32 www notice sod[7146]: 01140029:5: HA daemon_heartbeat tmm5 fails action is go offline down links and restart. I receieved alot of logs at that time. all my pools and pool members going down and then coming up. All the interfaces going down and coming up. and this happened 3,4 times.- Muhammad_Irfan1yes it is set to debug.. I reconfigured the device group and was not getting log since. but as soon as made some change in active one started getting this log again in active F5. Nov 18 16:29:17 www debug tmm7[398]: 01260006:7: Peer cert verify error: certificate not trusted (depth 0; cert /CN=www.mobilinkfrflbr2.com) where www.mobilinkfrflbr2.com is the standby device.
- nitass_89166i think that log is benign and it does not relate to flapping issue. anyway, if you want, you can verify with f5 support team.
- nitass
Employee
is tmm ssl-log-level set to debug?
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list sys daemon-log-settings tmm ssl-log-level sys daemon-log-settings tmm { ssl-log-level warning }i think the log may not relate to devices started flapping issue. is there any log during the issue is happening?
- Muhammad_Irfan1Nov 14 14:43:32 www notice sod[7146]: 01140029:5: HA daemon_heartbeat tmm1 fails action is go offline down links and restart. Nov 14 14:43:32 www notice sod[7146]: 01140029:5: HA daemon_heartbeat tmm2 fails action is go offline down links and restart. Nov 14 14:43:32 www notice sod[7146]: 01140029:5: HA daemon_heartbeat tmm3 fails action is go offline down links and restart. Nov 14 14:43:32 www notice sod[7146]: 01140029:5: HA daemon_heartbeat tmm4 fails action is go offline down links and restart. Nov 14 14:43:32 www notice sod[7146]: 01140029:5: HA daemon_heartbeat tmm5 fails action is go offline down links and restart. I receieved alot of logs at that time. all my pools and pool members going down and then coming up. All the interfaces going down and coming up. and this happened 3,4 times.
- Muhammad_Irfan1yes it is set to debug.. I reconfigured the device group and was not getting log since. but as soon as made some change in active one started getting this log again in active F5. Nov 18 16:29:17 www debug tmm7[398]: 01260006:7: Peer cert verify error: certificate not trusted (depth 0; cert /CN=www.mobilinkfrflbr2.com) where www.mobilinkfrflbr2.com is the standby device.
- nitassi think that log is benign and it does not relate to flapping issue. anyway, if you want, you can verify with f5 support team.
