Forum Discussion
waftech
Nimbostratus
NimbostratusWrong Key GUI , Can't reset BIG-IP to factory defaults
Hello,
Following a handling error on the GUI we lost access to it.
A Wrong key has been uploaded
We tried a factory reset without success following : https://my.f5.com/manage/s/article/K13127
Here is the error in the reset :
root@(localhost)(cfg-sync Standalone)(ModuleNotLicensed::Active)(/Common)(tmos)# load /sys config default
Reset the system configuration to factory defaults? (y/n) y
/bin/tar: files_d/Common_d/trust_certificate_d/\:Common\:dtca-bundle.crt_59583_1: Cannot stat: No such file or directory
/bin/tar: Exiting with failure status due to previous errors
Failure to save the temporary SCF. Error message: Failed to append to temp tar file "/var/system/tmp/tmsh/ouKGeH/data" cache path "/config/filestore/files_d/Common_d/trust_certificate_d/:Common:dtca-bundle.crt_59583_1"exit code (2).
Loading system configuration...
/defaults/asm_base.conf
/defaults/config_base.conf
/defaults/ipfix_ie_base.conf
/defaults/ipfix_ie_f5base.conf
/defaults/low_profile_base.conf
/defaults/low_security_base.conf
/defaults/policy_base.conf
/defaults/analytics_base.conf
/defaults/apm_base.conf
/defaults/apm_oauth_base.conf
/defaults/apm_pua_ssh_base.conf
/defaults/apm_saml_base.conf
/defaults/app_template_base.conf
/defaults/classification_base.conf
/var/libdata/dpi/conf/classification_update.conf
/defaults/ips_base.conf
/var/libdata/ips/ips_update.conf
/defaults/daemon.conf
/defaults/pem_base.conf
/defaults/profile_base.conf
/defaults/sandbox_base.conf
/defaults/security_base.conf
/defaults/urldb_base.conf
/usr/share/monitors/base_monitors.conf
/defaults/cipher.conf
/defaults/ilx_base.conf
/defaults/integrated_auth.conf
/usr/local/gtm/include/gtm_base_region_isp.conf
/usr/share/monitors/gtm_base_monitors.conf
Loading configuration...
/defaults/defaults.scf
There were warnings:
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/certificate_d/:Common:f5_api_com.crt_59721_1, /config/filestore/.trash_bin_d/.current_d/Common_d/certificate_d/:Common:f5_api_com.crt_59721_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_api_com.key_59707_1, /config/filestore/.trash_bin_d/.current_d/Common_d/certificate_key_d/:Common:f5_api_com.key_59707_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/trust_certificate_d/:Common:dtca-bundle.crt_59583_1, /config/filestore/.trash_bin_d/.current_d/Common_d/trust_certificate_d/:Common:dtca-bundle.crt_59583_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/trust_certificate_d/:Common:dtca.crt_59579_1, /config/filestore/.trash_bin_d/.current_d/Common_d/trust_certificate_d/:Common:dtca.crt_59579_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/trust_certificate_d/:Common:dtdi.crt_59575_1, /config/filestore/.trash_bin_d/.current_d/Common_d/trust_certificate_d/:Common:dtdi.crt_59575_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/trust_certificate_key_d/:Common:dtca.key_59581_1, /config/filestore/.trash_bin_d/.current_d/Common_d/trust_certificate_key_d/:Common:dtca.key_59581_1) errno=(No such file or directory)
Got exception in file object cache operation; ignoring since default configuration is loading: failed in syscall link(/config/filestore/files_d/Common_d/trust_certificate_key_d/:Common:dtdi.key_59577_1, /config/filestore/.trash_bin_d/.current_d/Common_d/trust_certificate_key_d/:Common:dtdi.key_59577_1) errno=(No such file or directory)
01070920:3: Application error for confpp: [Tue Oct 24 00:29:18.671500 2023] [core:warn] [pid 21822] AH00114: Useless use of AllowOverride in line 283 of /var/run/config/httpd.conf.
[Tue Oct 24 00:29:18.675400 2023] [core:warn] [pid 21822] AH00114: Useless use of AllowOverride in line 12 of /etc/httpd/conf.d/xui.conf.
Syntax OK
The certificate does not match the key. To change them try 'tmsh modify sys httpd { ssl-certfile /etc/httpd/conf/ssl.crt/server.crt ssl-certkeyfile /etc/httpd/conf/ssl.key/server.key }'
Unexpected Error: Loading configuration process failed.
We rebooted 2 times, and now the big3d is in a rebooting loop
Thank you for your help
Thank you , we solved our issue following https://my.f5.com/manage/s/article/K9114#generate
- Paulius
MVP
waftech You should try generating your own self-signed cert and then swap those out for the respective key and cert file at the location specified. If this is an emergency you should definitely open up an F5 TAC to receive the fastest possible solution to the problem. The following document might assist you in creating the self-signed cert.
waftechThank you , we solved our issue following https://my.f5.com/manage/s/article/K9114#generate
jaikumar_f5From your error message, I think the default set of key objects that comes in any SW are also deleted. So the key/cert folder is completely messed. As you could see when you try to load the default config, it tries to restore the default set of objects and any referrenced object missing will cause the load to fail.
Luckily, this load actually looks for referrenced object alone, so you can simply touch the files to be created and hope for the config to be reloaded properly. Just make sure those dummy referenced configs are not used anywhere when you go live. Else you have to install in new volume & move forward. So when you boot into that, select no forward configuration in GUI. So it will be a clean slate.
