Forum Discussion
Altostratusmaster_decrypt failed during rekey
Hello,
I am trying to establish a two node active/standby LTM cluster using version 11.4.1.
However I am seeing some errors that I think prevents me from completing the initial configuration sync.
The device trust setup works fine. I do it on both units. The creation of the sync-failover device group (with network failover) works fine. It is when I attempt the initial configuration sync that problems arise, but only on one of the units.
notice mcpd[6958]: 01071038:5: Unit key read from the hardware.
notice mcpd[6958]: 01071029:5: master_decrypt failed during rekey
err mcpd[6958]: 01071488:3: Remote transaction for device group /Common/device_trust_group to commit id 24 6130474308801407933 /Common/unit1.internal 0 failed with error 01071029:5: master_decrypt failed during rekey.
2 Replies
Ossar_178453Ok, fiddled a bit with it and apparently this is what was malfunctioning.
The unit with the failed rekey had been a part of another cluster previously, but was reset to default by means of "tmsh load sys config default". However the master key still remains apparently.
This caused it to refuse to join any new sync-failover relationships and also any attempts to reset the master key to something else, with the same error message btw.
The solution to this, the inability to reset the master key, was solved by removing all the configuration regarding user AD/LDAP authentication and reloading the config. Then resetting the master key to the same as the other new working unit and thereafter config syncing to to malfunctioning unit by normal means.
The remaining question is though. Is this as intended? Do you need to know that you must reset the master key after you remove a unit from a previous trust relationship? Also, the inability to rekey it without removing any traces of authentication from the config seems like a bug.
StephanMantheyNacreous
Haven´t seen this behavior yet. But thanks for sharing your findings! +1 :)
