Forum Discussion
Nimbostratussync failed between primary and secondary F5
Hi, I am trying to Sync F5 box from secondary as primary got faulty and we have requested new RMA. Syncing failed everytime. I have verified below things on both the boxes. Please let me know if i would like to check anything else.
- Version and Hotfix (BIG-IP 11.4.1 Build 651.0 Hotfix HF5)
- Verified ConfigSync configuration.
- Internal/External IP verified.
- Vlan verified
8 Replies
shaggyverify the clocks on the devices (current date/time and NTP configuration)
are you getting any error messages regarding the sync in the UI or /var/log/ltm?
nishant_tor_183I am fairly new with LTM's but we recently deployed an LTM 4000s pair in production and while we were testing in the lab we also had sync issues. Like Shaggy said first think to make sure that both your units are sync'ing with NTP. Something else that you can try (that worked for us) we broke the trust between both boxes, regenerate the device certificates then follow add the device trust to try the sync again (assuming the fact that vlan definitions etc are identical as in our case we had lowercase/upper case differences in vlan names between the boxes). Are these new boxes or sync has worked on them before?
- Ashish_Chakrava
I am getting below error..
Error: The peer system has not been set up as part of a redundant pair. BIGpipe parsing error: 01110034:3: The configuration for running config-sync is incorrect.
Brad_ParkerCirrus
Sounds like the device group config is broken. I second what was said above, break the device group, regenerate the device certs, and rebuild the trust.
- Ashish_Chakrava
also in new RMA box i am not getting option in High Availablity >>>reduddancy, config sync, HA group, Network Failover, Network Mirroring.
- Ashish_Chakrava
also i am able to ping the device from secondry F5 box..
- shaggy
i didn't originatelly notice that this is an RMA - are they running the same code level? have you re-built the trust group and ensured that the new device is in the device group?
StephanMantheyNacreous
Hi Ashish,
on the replaced system it will be necessary to perform the following steps:
-
rebuild base installation version and hotfix version to match the peer device,
-
recreate the license based on the registration key of the replaced device,
-
recreate network configuration to match the configuration of the replaced device,
-
recreate device settings (for heartbeat, config sync and mirroring),
-
rebuild device trust,
-
rejoin both devices to device group,
-
initial config sync.
In case you have a configuration backup (.ucs) file of your replaced device you can skip steps 3 - 6 by simply re-importing the ucs archive (copy to /var/local/ucs/ directory via SCP required) using the tmsh syntax (the "no-license" parameter will just leave the existing new license untouched):
tmsh load sys ucs no-licensePlease let us know, where you currently stand.
Thanks, Stephan
-
