TimRiker's avatar
TimRiker
Icon for Cirrocumulus rankCirrocumulus
Mar 22, 2020

If I recall correctly, asm policies and datagroups are loaded over the REST interface in v5.3.1 where everything else comes from the SOAP interface. Can you do a REST call using the current credentials?

It occurs to me that we are not ignoring certificates in v5.3.1 for rest calls like my REST only branch does. On my setup, I have a valid externally signed wildcard certificate on each F5 like *.example.com and then we have lb-ppe-a.example.com as the host listed in the xml so rest calls match the certificate. Does the certificate match on your setup? I'll put a patch in to ignore the certificate on REST calls in the current tree like I've already fixed my tree.

If you can use "Device" entries with fully qualified names that match the device certificate that should fix your issue.

 

https://github.com/epacke/BigIPReport/issues/174

 

Could you try adding -SkipCertificateCheck to the Invoke-RestMethod and Invoke-WebRequest calls in the ps1 script? There are three of them. One to get credentials, one to load adm policies and one to load datagroups.

 

Ignore all this. -SkipCertficateCheck is only on newer releases of powershell, and newer releases should probably be using my REST version instead. 😕