Forum Discussion

fubarSUSHI's avatar
fubarSUSHI
Icon for Altocumulus rankAltocumulus
Feb 19, 2014

Config Sync issue (both boxes are staying "disconnected")

Need help... I currently dont have access to the boxes and Im tempted to just call support but trying to avoid it. (Not saying there is anything wrong with calling support but I know Im missing something basic!)

 

Here are my steps (Im resetting everything):

 

1. Device Groups >(device group previously setup) put both boxes back to available.

 

2. Delete the existing device group.

 

3. Reset Device Trust. Choose Generate New Self-Signed Authority.

 

4. Device Trust>Peer list. Establish peering. (It is able to see peer no problem.)

 

5. Create device groups. "test-sync-failover". Put both devices in "includes". and check Network Failover.

 

6. Confirm both devices are in the Device List area.

 

7. Overview>(click self device)>choose "Sync Device to Group">Choose "Overwrite Configuration">Sync

 

Boxes are showing disconnected. What can I check? Are there a specific log I can look at to find out why they cannot sync? Should I reset the whole darn configuration and start from scratch again?

 

config-sync
management
question

17 Replies

Sort By
  • fubarSUSHI's avatar
    fubarSUSHI
    Icon for Altocumulus rankAltocumulus
    Feb 19, 2014

    Self fixed.

     

    1. Device Groups >(device group previously setup) put both boxes back to available.
    2. Delete the existing device group.
    3. Reset Device Trust. Choose Generate New Self-Signed Authority.
    4. REBOOT THE VE!!!!!!
    5. Device Trust>Peer list. Establish peering. (It is able to see peer no problem.)
    6. Create device groups. "test-sync-failover". Put both devices in "includes". and check Network Failover.
    7. Confirm both devices are in the Device List area.
    8. Overview>(click self device)>choose "Sync Device to Group">Choose "Overwrite Configuration">Sync
  • fubarSUSHI's avatar
    fubarSUSHI
    Icon for Altocumulus rankAltocumulus
    Feb 27, 2014

    http://support.f5.com/kb/en-us/solutions/public/13000/900/sol13946.html?sr=33711178cso

     

    Great article to look at...

     

  • Muhammad_Ausaf_'s avatar
    Muhammad_Ausaf_
    Icon for Nimbostratus rankNimbostratus
    Apr 23, 2016

    Dear dirtiPacket;

     

    Unfortunately your solution is not working for me.....am still getting Disconnected Status....am working on Big-IP v 11.3.0.39.........:(

     

    Pls can you suggest a fix...

     

    Waiting eagerly for your kind reply.

     

    Regards.

     

    • jba3126's avatar
      jba3126
      Icon for Cirrus rankCirrus
      May 04, 2016
      I have a slightly different situation. Is there a way to reset the device trust via the cli/tmsh?
  • Muhammad_Ausaf2's avatar
    Muhammad_Ausaf2
    Icon for Nimbostratus rankNimbostratus
    Apr 23, 2016

    Dear dirtiPacket;

     

    Unfortunately your solution is not working for me.....am still getting Disconnected Status....am working on Big-IP v 11.3.0.39.........:(

     

    Pls can you suggest a fix...

     

    Waiting eagerly for your kind reply.

     

    Regards.

     

    • jba3126's avatar
      jba3126
      Icon for Cirrus rankCirrus
      May 04, 2016
      I have a slightly different situation. Is there a way to reset the device trust via the cli/tmsh?
  • EricBrokeIt_245's avatar
    EricBrokeIt_245
    Icon for Nimbostratus rankNimbostratus
    Sep 01, 2016

    Just wanted to pass this along, we tried this process for an initial setup and it worked. But we also found out that we had to have the admin passwords matching on both systems prior to sync setup.

     

    • 2funky_105078's avatar
      2funky_105078
      Icon for Cirrus rankCirrus
      Sep 24, 2016

      not working for me. It's all ok (peers are green) until i put them inside a device group when i get Disconnected

       

      maybe its a certificate issue? Which certificates should be shared between the 2 devices?

       

      Shall i see the other LTM certificate here?

       

      System ›› Device Certificates : Trusted Device Certificates ›› Trusted Device Certificates

       

      i am also using 11.3.0(39) free trial

       

  • Mifoche_189270's avatar
    Mifoche_189270
    Icon for Nimbostratus rankNimbostratus
    Aug 28, 2018

    Found this topic while troubleshooting HA issues in our lab. I would put emphasis on two things:

     

    1) Use NTP server(s) for both peers.

     

    2) Make sure when adding a peer that you're using it's HA VLAN dedicated IP. Verify currently configured confisync-ip (list cm device DEVICE_NAME configsync-ip) - I believe this was the main reason our configuration wasn't working.

     

    In our case we had an IP from our internal VLAN listed there (from 172.16.x.x range in our case), and even though we were able to "dicover" peer by using its HA VLAN address (from 192.168.x.x range) the devices stayed out-of-sync (Disconnected state).

     

    Once we changed configsync-ip configuruation to match HA VLAN address it worked like a charm.