Forum Discussion
Zuke
Cirrostratus
CirrostratusRestoring VCMP guest from UCS
I'm recreating a VCMP guest from a UCS. This is a new virtual disk on the host. I followed the steps to reset the master key. After uploading the UCS and issuing "load sys ucs archive.ucs include-cha...
I opened a ticket with F5 support and Peter (from London) helped me out.
The procedure I was using to reset the master key was to issue the command "tmsh modify sys crypto master-key prompt-for-password" and then use the hash from the guest as the password. The correct procedure is to use "f5mku -r <hash>" on the new guest. After doing that, the UCS file was able to load.
Additionally some cool optimizations that I learned from Peter that really helped with the performance of AVR and the GUI:
tmsh modify sys db avr.stats.internal.maxentitiespertable value 1024
tmsh modify sys db provision.extramb value 2048;tmsh save sys config
tmsh modify sys db restjavad.useextramb value true
tmsh modify sys db provision.tomcat.extramb value 100
ZukeCirrostratus
CirrostratusI opened a ticket with F5 support and Peter (from London) helped me out.
The procedure I was using to reset the master key was to issue the command "tmsh modify sys crypto master-key prompt-for-password" and then use the hash from the guest as the password. The correct procedure is to use "f5mku -r <hash>" on the new guest. After doing that, the UCS file was able to load.
Additionally some cool optimizations that I learned from Peter that really helped with the performance of AVR and the GUI:
tmsh modify sys db avr.stats.internal.maxentitiespertable value 1024
tmsh modify sys db provision.extramb value 2048;tmsh save sys config
tmsh modify sys db restjavad.useextramb value true
tmsh modify sys db provision.tomcat.extramb value 100
mouloudNimbostratus
Hello Zuke,
I have the same issue... Can you please detail how to use the procedure "f5mku -r <hash>"
Thanks in advance
- Albert_Coll
Cirrus
I also came across the problem "Symmetric Unit Key decrypt failure" when uploading the ucs file when attempting to move a config in V15.1.7 from a LTM vcmp guest to another. But this provided solution didn't work for me.
Fortunately I solved it after applying BOTH workarounds: K08689542 AND K36822000
1) Edit file /config/bigip_base.conf and comment out the line key M$Mxxxxxxxxxxxxxxxx after the line "set dynad key" by setting a '#' char to the left. AND ALSO:
2) Edit file /config/bigip.conf and comment out all lines containing $M$ passwords encrypted for user accounts.
After modifying BOTH files as described, the command tmsh load sys config completed up successfully.