Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Ossar_178453's avatar
Ossar_178453
Icon for Altostratus rankAltostratus
Mar 26, 2015

master_decrypt failed during rekey

Hello, I am trying to establish a two node active/standby LTM cluster using version 11.4.1. However I am seeing some errors that I think prevents me from completing the initial configuration syn...
application delivery
deployment
LTM
Ossar_178453's avatar
Ossar_178453
Icon for Altostratus rankAltostratus
Mar 26, 2015

Ok, fiddled a bit with it and apparently this is what was malfunctioning.

 

The unit with the failed rekey had been a part of another cluster previously, but was reset to default by means of "tmsh load sys config default". However the master key still remains apparently.

 

This caused it to refuse to join any new sync-failover relationships and also any attempts to reset the master key to something else, with the same error message btw.

 

The solution to this, the inability to reset the master key, was solved by removing all the configuration regarding user AD/LDAP authentication and reloading the config. Then resetting the master key to the same as the other new working unit and thereafter config syncing to to malfunctioning unit by normal means.

 

The remaining question is though. Is this as intended? Do you need to know that you must reset the master key after you remove a unit from a previous trust relationship? Also, the inability to rekey it without removing any traces of authentication from the config seems like a bug.

 

StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Mar 26, 2015
Haven´t seen this behavior yet. But thanks for sharing your findings! +1 :)