Forum Discussion
F5 APM sync issue
Sync issues seem to be a thorn in my side with APM.
High availability pair, have a webtop at the end of an access policy.
Failed over this morning due to a problem, and discovered that the "application access" "remote desktops" are not available on this one of the pair (call it backup), failed back (call it live) and they are working.
The authentication and webtop work on both, but the icons are not displayed for accessing the applications.
Session logs on backup show that the resources were assigned as expected. Indeed everything else was working as expected.
Is it reasonable to assume this is a straight APM sync bug. I know there were a whole host of these, but I thought I'd seen the back of them (Currently 11.5.1 2.22.121).
- Simon_Waters_13CirrostratusFor clarity I allocation three resources on this webtop, one is displayed but the two remote desktops are missing. Unfortunately one of the remote desktops is the one the users actually care about.
- Reaper19Nimbostratus
We seem to be experiencing something very similar when upgrading from 11.4.1 HF2 or HF4 to 11.5.1 or 11.5.1 HF2. After upgrading on our pre-prod test box we are experiencing similar issues with using RDP, mapping drives, resolving hostnames etc. Seems like a DNS/Routing issue on the BIG-IP appliance. We can ping by IP to most end devices but cannot resolve. I'd like to know if any also has seen this or resolved.
- Simon_Waters_13CirrostratusInteresting. Our logs show some spurious DNS lookup attempts related to Domain Server outage, but everything in our configuration is deliberately built on IP addresses to deliberately reduce dependencies on third party devices (and it still has issues every time a domain controller dies, working on that one). So I likely wouldn't see those issues in the same way, even if they were present.
- Reaper19_158382Nimbostratus
We seem to be experiencing something very similar when upgrading from 11.4.1 HF2 or HF4 to 11.5.1 or 11.5.1 HF2. After upgrading on our pre-prod test box we are experiencing similar issues with using RDP, mapping drives, resolving hostnames etc. Seems like a DNS/Routing issue on the BIG-IP appliance. We can ping by IP to most end devices but cannot resolve. I'd like to know if any also has seen this or resolved.
- Simon_Waters_13CirrostratusInteresting. Our logs show some spurious DNS lookup attempts related to Domain Server outage, but everything in our configuration is deliberately built on IP addresses to deliberately reduce dependencies on third party devices (and it still has issues every time a domain controller dies, working on that one). So I likely wouldn't see those issues in the same way, even if they were present.
- Simon_Waters_13Cirrostratus
I see HF3 has some mcpd issues fixed, and we need to install it for OpenSSL. So probably a good place to start.
- williamc_154806Nimbostratus
we are experiencing the same issue both on the latest 11.6 and 11.5.1 HF4.
Where once a failover happens many icons can go missing -but its inconsistent sometimes icons disappear sometimes they appear fine after a failover.
the manual way to fix it is to apply an access policy update but this is not a fix...it shouldn't happen at all during a failover.
We have setup the HA as recommended:
1) config sync: on dedicated HA vlan (also tried on internal vlan)
2) failover: on dedicated HA vlan
3) mirroring: on dedicated HA vlan
but issue still occurs.
I think a new funtion to automatically apply an access policy update when a failover occurs should be an option...
I have a question open for this; but don't know how to do it:
https://devcentral.f5.com/questions/apply-access-policy-update-automatically-after-a-failover
- Simon_Waters_13CirrostratusThanks William. I have ticket open again with F5. Seeing this with the "bash" shell HF on 11.6.0. We have some evidence that sometimes only some users see the reduced menu?! Unfortunately users are remote, and we can't grab their desktops to take a look when it occurs. So failure may be partial or complete. A nominal - textual change - to the policy has always resolved it so far. Does seem to be something to do with fail-over, but we've seen it on both boxes, so presumably it is when failing over to the box on which the policy was no directly applied last time. Or something of that ilk.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com