Forum Discussion
NimbostratusSync failed: ClientSSL profile (/Common/clientssl) cannot get its defaults from ()
After some config changes (also in clientssl), I want to sync, but it looks like it does not work:
Sync Failed
A validation error occurred while syncing to a remote device
Sync error on DCLB01: Load failed from /Common/DCLB02 01071a12:3: ClientSSL profile (/Common/clientssl) cannot get its defaults from (), as it doesn't exist.
Recommended action: Review the error message and determine corrective action on the device
I've tried to revert all changes in clientssl profile, but it does not work. I've tried to overwrite the config, by the second device in HA group, but id doesn't work either.
Any help much appreciated.
- Kevin_Stewart
Employee
What does the following return?
tmsh list ltm profile client-ssl clientssl defaults-from 
Pstryk_372935Thank you for reply.
[root@DCLB02:Active:Sync Failed] config tmsh list ltm profile client-ssl clientssl defaults-from ltm profile client-ssl clientssl { defaults-from none } [root@DCLB01:Standby:Sync Failed] config tmsh list ltm profile client-ssl clientssl defaults-from ltm profile client-ssl clientssl { defaults-from none }Hope that helps
- Kevin_Stewart
Looking through some case notes there's only a small mention of this error message. Two questions?
- What hardware and software versions are you on?
- Are you deploying applications via iApps, and if so, do you see any "tmp" folders in /var/config/rest/iapps?
In any case, you'll very likely need to open a support case for this one.
- Pstryk_372935
It's VM. BIG-IP 14.0.0.1 Build 0.0.2 Point Release 1 Yes, via iApps. The folder contain only RPMS folder (which is empty)
It's was working config, until I've made some changes in clientssl directly and in some ssl profiles for some sites.
I've seen, that it's better to have one more template in between, and do not touch clientssl.
Is there is a way to cleanup clientssl maybe? I think I revert all changes, but it want work either.
Probably I will open support case later today.
Thank you for your time.
- Kevin_Stewart
Ah, you modified a parent profile. Never recommended to do that.
https://support.f5.com/csp/article/K16237
- Pstryk_372935
I do as instructed in the other article. I promise I won't touch parent profile 😉
But no luck.
After deleted the profile from file, it wasn't sync from the other.
I;ve tried to manually copy the profile from working machine, and i'm getting error after
tmsh load /sys config01071a12:3: ClientSSL profile (/Common/clientssl) cannot get its defaults from (), as it doesn't exist. Unexpected Error: Loading configuration process failed.So it's looks the same.
Where (How) I can get "clean" profile clientssl for my "BIG-IP 14.0.0.1 Build 0.0.2 Point Release 1"?
Maybe I can try just copy/paste clean profile to get it work?
- Kevin_Stewart
Here's what the parent clientssl profile looks like in 14.0.0.1:
root@(bigip1)(cfg-sync Standalone)(TimeLimitedModules::Active)(/Common)(tmos) list ltm profile client-ssl clientssl ltm profile client-ssl clientssl { alert-timeout indefinite allow-dynamic-record-sizing disabled app-service none authenticate once authenticate-depth 9 ca-file none cache-size 262144 cache-timeout 3600 cert default.crt cert-extension-includes { basic-constraints subject-alternative-name } cert-key-chain { default { cert default.crt key default.key } } chain none cipher-group none ciphers DEFAULT client-cert-ca none crl-file none handshake-timeout 10 inherit-ca-certkeychain false inherit-certkeychain false key default.key maximum-record-size 16384 mod-ssl-methods disabled mode enabled options { dont-insert-empty-fragments no-tlsv1.3 } passphrase none peer-cert-mode ignore peer-no-renegotiate-timeout 10 renegotiate-max-record-delay indefinite renegotiate-period indefinite renegotiate-size indefinite renegotiation enabled secure-renegotiation require strict-resume disabled unclean-shutdown enabled } 
AHK_373463how do I do that ? please let me know I have the same problem
