For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
May 08, 2014
Solved

F5 GTM iquery woes

have two stand-alone GTM devices in opposing DCs and struggling to get the sync-group up and running. is it OK to use the same wildcard certificate bound as a device certificate for the iquery communication channel?

 

BIG-IP DNS
  • mimlo_61970's avatar
    mimlo_61970
    May 09, 2014

    I had this same problem with certs from an internal CA. I figured out I had to load the CA certs under Global Traffic/Servers/Trusted Server Certificates. Putting them under Systtem/Device Certificates/Trusted Device Certificates was not enough. This was with 11.2.1

     

18 Replies

Show More
  • Rabbit23_116296's avatar
    Rabbit23_116296
    Icon for Nimbostratus rankNimbostratus
    May 09, 2014

    Thanks we are 11.4.1 and I think you might just be right. testing now and will provide feedback

     

  • Antony2015's avatar
    Antony2015
    Icon for Altostratus rankAltostratus
    May 11, 2014

    Can you please check iqdump from active to DR/DR to Active ? If the problem persist from DR to Active GTM, please run bigip_add before running a gtm_add to add this in sync-gorup mesh..

     

  • Rabbit23_116296's avatar
    Rabbit23_116296
    Icon for Nimbostratus rankNimbostratus
    May 11, 2014

    Thanks Anto - its been answered already, I just needed to have the trusted certificates in the correct places (2nd thread).

     

    • psavalam_195881's avatar
      psavalam_195881
      Icon for Nimbostratus rankNimbostratus
      Apr 20, 2015
      I am having the same issue can you please give the steps that you used to fix this issue