Forum Discussion
MVPErrors with AS3 3.56.0 with F5 17.5.1.6
Hi Folks,
I upgraded my Lab F5s to 17.5.1.6 and now my AS3 declarations are not working anymore.
I get following error regardless of the declaration, even an empty declaration throws this error.
"results": [
{
"message": "failure querying config for tenant jwt-keys (POST http://admin:XXXXXX@localhost:8100/mgmt/tm/util/bash execute bash command response=403 body={\"code\":403,\"message\":\"Direct access to /mgmt/tm/util/ is not permitted.\",\"restOperationId\":18430866,\"kind\":\":resterrorresponse\"})",
"host": "localhost",
"tenant": "jwt-keys",
"code": 400,
"declarationId": "tenant_name"
}
],Has anyone experienced the same error?
The error does not change if I change the authentication method from basic to token.
I will open a case with F5 and report the result back.
I found following error in the restjavad.0.log
[WARNING][787][04 May 2026 11:59:45 CEST][8100/mgmt ForwarderPassThroughWorker] Blocked direct localhost request to util endpoint: /mgmt/tm/util/bash
I got a fixed AS3 Version 3.57.0-12 that fixes this issue in my tests.
27 Replies
- Kai_Wilke
I dont have a clue regarding your question. I'm only responding to unlock May the 4th badge ;-)
- Daniel_Wolf
+1 for Juergen_Mang​s issue
J-H_JohansenCirrus
I'm seeing the same issues after upgrading to 17.5.1.6
{ "message": "AS3 deploy failed for application xxxxxxxxxxxxxx", "result": { "results": [ { "message": "failure querying config for tenant xxxxxx (POST http://admin:XXXXXX@localhost: 8100/mgmt/tm/util/bash execute bash command response=403 body={\"code\": 403,\"message\":\"Direct access to /mgmt/tm/util/ is not permitted.\",\"restOperationId\": 3884093,\"kind\":\":resterrorresponse\"})", "host": "localhost", "tenant": "xxxxxx", "code": 400, "declarationId": "autogen_dfe3e7c5-1768-473d-a918-ddfee40e53ad" } ], "declaration": { "schemaVersion": "3.56.0", ... } }Contents of the "declaration" seems to point to the existing version and not the new version I'm trying to push
No issues with 17.5.1.4.
- Juergen_Mang
Thank you for confirming that this isn't just a local issue with my installations.
- Juergen_Mang
If anyone else wants to report this error to F5, my case number is 01145714.
Frederic_Zelle1Nimbostratus
You're not alone. my ticket number is 01146429, root cause is 17.5.1.6 hardening that now prevents the usage of http://localhost:8100/mgmt/tm/util ( we can still use https://localhost/mgmt/tm/util )
But apparently the hardening team didn't test with AS3 team that still uses the internal http on port 8100 on their version 3.56
Hoping they release a new AS3 version soon
Robb-FrAltocumulus
Same kind of issue here, no declaration can be pushed on 17.5.1.6 with AS3 v.3.56. Rolled back to 17.5.1.4, everything works fine again.
The kind of error we have in lab:
{ "code": 400, "declarationId": "autogen_-------", "host": "localhost", "message": "failure querying config for tenant Common (POST http://svc_account:XXXXXX@localhost:8100/mgmt/tm/util/bash execute bash command response=403 body={\"code\":403,\"message\":\"Direct access to /mgmt/tm/util/ is not permitted.\",\"restOperationId\":19551208,\"kind\":\":resterrorresponse\"})", "tenant": "Common" }- Juergen_Mang
F5 has meanwhile acknowledge that this is a regression in the 17.5.1.6 and 17.1.3.2 versions and is working on a permanent fix.
There is now also an article published: https://my.f5.com/manage/s/article/K000161089
- J-H_Johansen
I don't see any mention of AS3 in the article but we had issues with missing LTM config in GUI as well.
VM in Azure only had an issue with AS3.
On-prem Velos tenant had issue with both AS3 and missing LTM config
- Juergen_Mang
I hope the engineering hotfix ships before the upcoming security notifications.
- Robb-Fr
Interesting how this article does not mention AS3, or even how it proudly states that "there is no production impact (despite not being able to perform your platform management lol)". I did not realize how much AS3 is considered a side feature ):
- Juergen_Mang
The last state of my ticket with F5 is: The escalation team is is actively working on an Engineer Hotfix for this bug.
- J-H_Johansen
Today I received Hotfix-BIGIP-17.5.1.6.0.24.25-ENG regarding the missing virtual servers in the GUI. They also stated that it should fix the AS3 issues. It did not.
So I'm still waiting ...
- Juergen_Mang
I haven't received a patch yet. I will check the status again in the ticket.
- Juergen_Mang
Meanwhile I checked the latest 21.1 version, it has the same bug.
Now that the quarterly security notifications have been released Currently, the options are a vulnerable version of F5 or a non-functional AS3. Both is not really acceptable for enterprise software in my humble opinion.
Jakub_SlowikDo you have any updates? It is very sad that on one hand, we have security concerns, and on the other, configuration pipelines are dead
- J-H_Johansen
Haven't heard anything from F5 yet.
I see they added Hotfix-BIGIP-17.5.1.6.0.63.25-ENG but it basically does the same thing as Hotfix-BIGIP-17.5.1.6.0.39.25-ENG which was for iSeries only. Which makes we wonder why they had me install that on a Velos tenant earlier this week.
- Juergen_Mang
My last state from Friday evening is: F5 has replicated the issue and engineering is working on a fix.
What I do not understand is, why that has taken so long. The issue is easily replicateable and the error is very clear.
- Juergen_Mang
I got a fixed AS3 Version 3.57.0-12 that fixes this issue in my tests.
- Allow
Hello, did they share the AS3 Version 3.57.0-12 with you privately? because I can not find it anywhere in my downloads page.
- J-H_Johansen
You need to contact F5 in order to get the latest AS3 release.
