For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Zuke's avatar
Zuke
Icon for Cirrostratus rankCirrostratus
Jun 09, 2021
Solved

Restoring VCMP guest from UCS

I'm recreating a VCMP guest from a UCS. This is a new virtual disk on the host. I followed the steps to reset the master key. After uploading the UCS and issuing "load sys ucs archive.ucs include-cha...
application delivery
BIG-IP
LTM
ucs
  • Zuke's avatar
    Zuke
    Jun 10, 2021

    I opened a ticket with F5 support and Peter (from London) helped me out.

     

    The procedure I was using to reset the master key was to issue the command "tmsh modify sys crypto master-key prompt-for-password" and then use the hash from the guest as the password. The correct procedure is to use "f5mku -r <hash>" on the new guest. After doing that, the UCS file was able to load.

     

    Additionally some cool optimizations that I learned from Peter that really helped with the performance of AVR and the GUI:

     

    tmsh modify sys db avr.stats.internal.maxentitiespertable value 1024

    tmsh modify sys db provision.extramb value 2048;tmsh save sys config

    tmsh modify sys db restjavad.useextramb value true

    tmsh modify sys db provision.tomcat.extramb value 100

     

     

Zuke's avatar
Zuke
Icon for Cirrostratus rankCirrostratus
Jun 10, 2021

I opened a ticket with F5 support and Peter (from London) helped me out.

 

The procedure I was using to reset the master key was to issue the command "tmsh modify sys crypto master-key prompt-for-password" and then use the hash from the guest as the password. The correct procedure is to use "f5mku -r <hash>" on the new guest. After doing that, the UCS file was able to load.

 

Additionally some cool optimizations that I learned from Peter that really helped with the performance of AVR and the GUI:

 

tmsh modify sys db avr.stats.internal.maxentitiespertable value 1024

tmsh modify sys db provision.extramb value 2048;tmsh save sys config

tmsh modify sys db restjavad.useextramb value true

tmsh modify sys db provision.tomcat.extramb value 100

 

 

  • mouloud's avatar
    mouloud
    Icon for Nimbostratus rankNimbostratus
    Aug 25, 2021

    Hello Zuke,

    I have the same issue... Can you please detail how to use the procedure "f5mku -r <hash>"

    Thanks in advance

  • Albert_Coll's avatar
    Albert_Coll
    Icon for Cirrus rankCirrus
    Nov 24, 2022

    I also came across the problem "Symmetric Unit Key decrypt failure" when uploading the ucs file when attempting to move a config in V15.1.7 from a LTM vcmp guest to another. But this provided solution didn't work for me. 

    Fortunately I solved it after applying BOTH workarounds: K08689542 AND K36822000

    1) Edit file /config/bigip_base.conf and comment out the line key M$Mxxxxxxxxxxxxxxxx after the line "set dynad key" by setting a '#' char to the left. AND ALSO:

    2) Edit file /config/bigip.conf and comment out all lines containing $M$ passwords  encrypted for user accounts.

    After modifying BOTH files as described, the command tmsh load sys config completed up successfully.