v11.0 HA Configuration issue...

Question

Hi there, 
I'm in the process of configuring our new Big IP 3900 devices... 
They started at v10.2, and I was able to successfully configure a HA pair. 
I then went and performed the upgrade to v11.0, following the process of backup first, then primary. 
However once the upgrade completed, the units didnt appear to sync up correctly... 
I then went in and deleted the Device group and tried to re-create it... However the failover peer had disappeared. 
Experienced this behaviour on both the Primary and Secondary devices... On clicking 'Device Management &gt; Devices', they were both only seeing themselves. 
I then went to 'Device Management &gt; Device Trust', and attempted to re-add the Secondary peer by clicking the Add button next to 'Peer Authority Devices'. 
I completed the wizard, specifying the fail-over peer IP address, which succesfully displays the peer Certificate detailos... However on clicking Next, it comes back with an error saying:The local device is already a member of the trust domain and cannot be added again.
I get the same error on both the primary and secondary peers... 
I then tried a factory default using tmsh sys config load default, however get to the same point as above in the set-up wizard and encounter the same error... 
Any ideas on how i can proceed? 
Regards
Gavin

johnny_schmidt_ · Answer

When I've had this issue recently I fixed it be doing the following:&nbsp;
&nbsp;1) upgrade to v11.1
&nbsp;2) delete the existing trusts on both units and reset device trust on both units
&nbsp;3) double check the configuration of the ip addresses for config-sync and failover
&nbsp;4) re-add the standby unit to the trust from the active unit&nbsp;
&nbsp;Of course if you want to do this on a live pair you'd want to be careful not to inadvertently trigger a failover situation with a config on both devices, so maybe also resetting the standby unit to it's base config before starting this process (making sure to make UCS's of the working config, etc).&nbsp;
&nbsp;Hope that helps!&nbsp;

gavinw_29074 · Answer

Hi there 
&nbsp;  
&nbsp; In the end I got it resolved with a lot of help from f5 support...  
&nbsp;  
&nbsp; Issue stemmed from bot setting up network failover properly on v10. This then created issues on the upgrade to v11... So I rolled back to 10, setup network failover correctly and then re-ran the upgrade. N like magic it all worked...  
&nbsp;  
&nbsp; Cheers 
&nbsp; Gav

Forum Discussion

v11.0 HA Configuration issue...

2 Replies

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Sending an HTTP request from iRule without delaying client requests

Route Domains HA & Traffic Groups

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

BGP Over 2 vlans to 2 Network switch

Related Content

Is this configuration issue or key issue

Maintaining BIG-IP's Golden Compliance Configuration in Financial Services

Certificate Expiry Email alert configuration

Configuring BIG-IP for Zone Transfer and DNSSEC

Regex issue

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS