Forum Discussion

waftech's avatar
waftech
Icon for Nimbostratus rankNimbostratus
Oct 24, 2023
Solved

Wrong Key GUI , Can't reset BIG-IP to factory defaults

Hello, 

Following a handling error on the GUI we lost access to it.

A Wrong key has been  uploaded

We tried a factory reset without success following : https://my.f5.com/manage/s/article/K13127 

Here is the error in the reset :

root@(localhost)(cfg-sync Standalone)(ModuleNotLicensed::Active)(/Common)(tmos)# load /sys config default
Reset the system configuration to factory defaults? (y/n) y
/bin/tar: files_d/Common_d/trust_certificate_d/\:Common\:dtca-bundle.crt_59583_1: Cannot stat: No such file or directory
/bin/tar: Exiting with failure status due to previous errors
Failure to save the temporary SCF. Error message: Failed to append to temp tar file "/var/system/tmp/tmsh/ouKGeH/data" cache path "/config/filestore/files_d/Common_d/trust_certificate_d/:Common:dtca-bundle.crt_59583_1"exit code (2).

Loading system configuration...
/defaults/asm_base.conf
/defaults/config_base.conf
/defaults/ipfix_ie_base.conf
/defaults/ipfix_ie_f5base.conf
/defaults/low_profile_base.conf
/defaults/low_security_base.conf
/defaults/policy_base.conf
/defaults/analytics_base.conf
/defaults/apm_base.conf
/defaults/apm_oauth_base.conf
/defaults/apm_pua_ssh_base.conf
/defaults/apm_saml_base.conf
/defaults/app_template_base.conf
/defaults/classification_base.conf
/var/libdata/dpi/conf/classification_update.conf
/defaults/ips_base.conf
/var/libdata/ips/ips_update.conf
/defaults/daemon.conf
/defaults/pem_base.conf
/defaults/profile_base.conf
/defaults/sandbox_base.conf
/defaults/security_base.conf
/defaults/urldb_base.conf
/usr/share/monitors/base_monitors.conf
/defaults/cipher.conf
/defaults/ilx_base.conf
/defaults/integrated_auth.conf
/usr/local/gtm/include/gtm_base_region_isp.conf
/usr/share/monitors/gtm_base_monitors.conf
Loading configuration...
/defaults/defaults.scf
There were warnings:
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/certificate_d/:Common:f5_api_com.crt_59721_1, /config/filestore/.trash_bin_d/.current_d/Common_d/certificate_d/:Common:f5_api_com.crt_59721_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_api_com.key_59707_1, /config/filestore/.trash_bin_d/.current_d/Common_d/certificate_key_d/:Common:f5_api_com.key_59707_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/trust_certificate_d/:Common:dtca-bundle.crt_59583_1, /config/filestore/.trash_bin_d/.current_d/Common_d/trust_certificate_d/:Common:dtca-bundle.crt_59583_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/trust_certificate_d/:Common:dtca.crt_59579_1, /config/filestore/.trash_bin_d/.current_d/Common_d/trust_certificate_d/:Common:dtca.crt_59579_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/trust_certificate_d/:Common:dtdi.crt_59575_1, /config/filestore/.trash_bin_d/.current_d/Common_d/trust_certificate_d/:Common:dtdi.crt_59575_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/trust_certificate_key_d/:Common:dtca.key_59581_1, /config/filestore/.trash_bin_d/.current_d/Common_d/trust_certificate_key_d/:Common:dtca.key_59581_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/trust_certificate_key_d/:Common:dtdi.key_59577_1, /config/filestore/.trash_bin_d/.current_d/Common_d/trust_certificate_key_d/:Common:dtdi.key_59577_1) errno=(No such file or directory)
01070920:3: Application error for confpp: [Tue Oct 24 00:29:18.671500 2023] [core:warn] [pid 21822] AH00114: Useless use of AllowOverride in line 283 of /var/run/config/httpd.conf.
[Tue Oct 24 00:29:18.675400 2023] [core:warn] [pid 21822] AH00114: Useless use of AllowOverride in line 12 of /etc/httpd/conf.d/xui.conf.
Syntax OK
The certificate does not match the key. To change them try 'tmsh modify sys httpd { ssl-certfile /etc/httpd/conf/ssl.crt/server.crt ssl-certkeyfile /etc/httpd/conf/ssl.key/server.key }'

Unexpected Error: Loading configuration process failed.


 
We rebooted 2 times, and now the big3d is in a rebooting loop

Thank you for your help 
application delivery

3 Replies

Sort By
  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Oct 24, 2023

    waftech You should try generating your own self-signed cert and then swap those out for the respective key and cert file at the location specified. If this is an emergency you should definitely open up an F5 TAC to receive the fastest possible solution to the problem. The following document might assist you in creating the self-signed cert.

    https://www.baeldung.com/openssl-self-signed-cert

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    Oct 24, 2023

    From your error message, I think the default set of key objects that comes in any SW are also deleted. So the key/cert folder is completely messed. As you could see when you try to load the default config, it tries to restore the default set of objects and any referrenced object missing will cause the load to fail.

    Luckily, this load actually looks for referrenced object alone, so you can simply touch the files to be created and hope for the config to be reloaded properly. Just make sure those dummy referenced configs are not used anywhere when you go live. Else you have to install in new volume & move forward. So when you boot into that, select no forward configuration in GUI. So it will be a clean slate.