One or more devices are unreachable. Resolve any communication problems before attempting to sync.

Question

I would appreciate any help with the following error I am getting:&nbsp;
"One or more devices are unreachable. Resolve any communication problems before attempting to sync."&nbsp;
Environment:&nbsp;

Product: Two F5 LTM VE's&nbsp;

Version: BIG-IP 11.3.0 Build 39.0 VE Trial 11.3.0-HF1 (based on BIGIP 11.3.0HF6)&nbsp;

Running on top of ESXi 5.5.0 (currently on the same ESXi host)&nbsp;

Able to ping from LTM1 to LTM2 over the Management, Internal, External, and HA interfaces&nbsp;

Both devices have each other in their Peer List&nbsp;

Both devices contain a fully populated Device List&nbsp;

Both devices are part of a Device Group with Sync-Failover and Network Failover configured&nbsp;

Have tried resetting the device trust and even rebuilding the F5 LTM's from scratch a couple times&nbsp;

LTM1 Overview Page&nbsp;

Sync Summary
/ Status:Awaiting Initial Sync
/ Summary:The device group is awaiting the initial config sync
/ Details:Recommended action: Synchronize one of the devices to the group&nbsp;
LTM1:Awaiting Initial Sync
/ LTM2:Disconnected&nbsp;
The following error shows up under Sync Options:  "One or more devices are unreachable. Resolve any communication problems before attempting to sync."&nbsp;

LTM2 Overview Page

Sync Summary
/ Status:Awaiting Initial Sync
/ Summary:The device group is awaiting the initial config sync
/ Details:Recommended action: Synchronize one of the devices to the group&nbsp;
LTM1:Disconnected
/ LTM2:Awaiting Initial Sync&nbsp;
The following error shows up under Sync Options:  "One or more devices are unreachable. Resolve any communication problems before attempting to sync."&nbsp;

Any help getting HA up and running would be much appreciated.&nbsp;
Thanks, &nbsp;
SDTechOps&nbsp;

hannes_rapp · Answer

Hi,
Can you please run some TMSH commands and paste the output?
tmsh list net vlan 
tmsh list net self 
tmsh list cm device  | grep -v modules

Lastly, initiate a config sync, despite the warning, and paste the relevant lines from the /var/log/ltm file.
Have you tried following existing SOLs? One relevant article is here: https://support.f5.com/kb/en-us/solutions/public/13000/900/sol13946.html

sdtechops_19660 · Answer

@Hannes Rapp, 
Thanks for the reply. Here's the information you requested. 
[root@ust-f5ltm-01:Active:Disconnected] config  tmsh list net vlan HA
net vlan HA {
    if-index 320
    interfaces {
        1.3 { }
    }
    tag 74
}

[root@ust-f5ltm-02:Standby:Disconnected] config  tmsh list net vlan HA
net vlan HA {
    if-index 160
    interfaces {
        1.3 { }
    }
    tag 74
}

[root@ust-f5ltm-01:Active:Disconnected] config  tmsh list net self 192.168.74.1net self 192.168.74.1 {
    address 192.168.74.1/24
    allow-service {
        default
    }
    traffic-group traffic-group-local-only
    vlan HA
}

[root@ust-f5ltm-02:Standby:Disconnected] config  tmsh list net self 192.168.74.2
net self 192.168.74.2 {
    address 192.168.74.2/24
    allow-service {
        default
    }
    traffic-group traffic-group-local-only
    vlan HA
}

[root@ust-f5ltm-01:Active:Disconnected] config  tmsh list cm device ust-f5ltm-01.sdtest.local | grep -v modules
cm device ust-f5ltm-01.sdtest.local {
    base-mac 0:50:56:8e:44:6a
    build 39.0
    cert dtdi.crt
    chassis-id 420e0720-8e3c-6e11-72fb91cf1a1f
    configsync-ip 192.168.74.1
    edition "VE Trial 11.3.0-HF1 (based on BIGIP 11.3.0HF6)"
    failover-state active
    hostname ust-f5ltm-01.sdtest.local
    key dtdi.key
    management-ip 172.30.54.14
    marketing-name "BIG-IP Virtual Edition"
    mirror-ip 192.168.74.1
    multicast-ip any
    platform-id Z99
    product BIG-IP
    self-device true
    time-zone EDT
    unicast-address {
        {
            effective-ip 192.168.74.1
            effective-port cap
            ip 192.168.74.1
        }
        {
            effective-ip 172.30.54.14
            effective-port cap
            ip 172.30.54.14
        }
    }
    version 11.3.0
}

[root@ust-f5ltm-02:Standby:Disconnected] config  tmsh list cm device ust-f5ltm-02.sdtest.local | grep -v modules
cm device ust-f5ltm-02.sdtest.local {
    base-mac 0:50:56:8e:2f:3e
    build 39.0
    cert dtdi.crt
    chassis-id 420e4348-0c60-6c83-510c01f5f0f3
    configsync-ip 192.168.74.2
    edition "VE Trial 11.3.0-HF1 (based on BIGIP 11.3.0HF6)"
    failover-state standby
    hostname ust-f5ltm-02.sdtest.local
    key dtdi.key
    management-ip 172.30.54.24
    marketing-name "BIG-IP Virtual Edition"
    mirror-ip 192.168.74.2
    multicast-ip any
    platform-id Z99
    product BIG-IP
    self-device true
    time-zone EDT
    unicast-address {
        {
            effective-ip 192.168.74.2
            effective-port cap
            ip 192.168.74.2
        }
        {
            effective-ip 172.30.54.24
            effective-port cap
            ip 172.30.54.24
        }
    }
    version 11.3.0
}
`

This is all I see in /var/log/ltm during the time frame that I initiated the config sync:

`Apr  9 11:00:01 ust-f5ltm-01 notice mcpd[4828]: 01071431:5: Attempting to connect to CMI peer 192.168.74.2 port 6699
Apr  9 11:00:01 ust-f5ltm-01 notice mcpd[4828]: 01071432:5: CMI peer connection established to 192.168.74.2 port 6699
Apr  9 11:00:01 ust-f5ltm-01 notice mcpd[4828]: 0107143c:5: Connection to CMI peer 192.168.74.2 has been removed
...
Apr  9 11:17:26 ust-f5ltm-01 notice mcpd[4828]: 01071431:5: Attempting to connect to CMI peer 192.168.74.2 port 6699
Apr  9 11:17:26 ust-f5ltm-01 notice mcpd[4828]: 01071432:5: CMI peer connection established to 192.168.74.2 port 6699
Apr  9 11:17:26 ust-f5ltm-01 notice mcpd[4828]: 0107143c:5: Connection to CMI peer 192.168.74.2 has been removed
[root@ust-f5ltm-01:Active:Disconnected] config

As far as the SOLs, I have tried a few of them. I am actually nearing the end of SOL13946 now. So far, the only thing I found was that I didn't have NTP configured. I went ahead and configured NTP on both LTM's, rebooted, and even rebuilt the trusts to no avail.
Let me know if I can grab anything else that might help, 
SDTechOps

hannes_rapp · Answer

SDTechOps, your F5 HA configuration appears to be good.&nbsp;
I think the only problem you have is that you're using the handicapped Trial VE license. It has very limited HA capability or no HA support at all (not sure which applies). The only solution I have for you is a recommendation to obtain a proper F5 VE trial software (non-handicapped) from your F5 reseller - they usually come for free and can be used for as long as 60 days.&nbsp;
Your issue appears to be quite common and has been discussed here: &nbsp;
https://devcentral.f5.com/questions/does-f5-ve-trail-version-113-support-device-service-cluster-dsc-feature&nbsp;
Cheers,&nbsp;

sdtechops_19660 · Answer

@Hannes Rapp, &nbsp;
Thanks a lot. I hadn't come across that thread. &nbsp;
What a bummer... I guess HA isn't supported in my trial version. :/&nbsp;
I'll see what I can do about getting a full-featured F5 trial.&nbsp;
Thanks for the help!&nbsp;
SDTechOps&nbsp;

Forum Discussion

One or more devices are unreachable. Resolve any communication problems before attempting to sync.

Recent Discussions

Management IP F5 cant be accessed

ASD

Big-IP VE edition for MacBook M4 Chip

301 redirect and waf policy log problem

Background Tasks

Related Content

DevCentral Community Guidelines

Detect and stop exfiltration attempts with F5 Distributed Cloud App Infrastructure Protection

Installing BIG-IP Next on Nutanix Community Edition

DevCentral Community Ranking Explained

Community Highlights, Week 15 '23

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS