Title. We're replacing units running v11.5.5 that are going in end-of-life with new hardware that does not support v11.5.5, so I can't work with UCS or SCF files.
Some of the configuration objects like Radius monitor passwords are encrypted and I'm wondering if rekeying f5mku master key on the new unit and copy/pasting those objects in encrypted format will succesfuly import those objects.
I wanted to test this method before prompting customer to update every objects password .. it failed in my lab, has anyone had this issue before and managed to succesfully migrate configurations?
Hi C.A. Valli,
Can you try this?
If not successful;
If you have an old HA cluster you can extract the master key from any of the old F5s with:
[root@f5bigip:Active:Disconnected] config # f5mku -K
You can then reset the master key on the new F5 device:
f5mku -r aVNFRwSdF2Q38L9fw7jzlC==
After that you should be able to load the UCS file without getting the encrypted object errors.
I've done these between different BigIP versions (12.x-->14.x, 14.x-->15.x) and from hardware to VE and viceversa. I don't remember doing it from version 11.x, but I guess it should work ass well since that command existed in that version.
Hope that helps.
F5MKU rekeying was possible but the problem is that I could not run v11.5 on (required for ucs file import) since it was not supported on new hardware.
10-Nov-2021 07:31 - last edited on 24-Mar-2022 02:11 by li-migration
Thank you and t for your answers.
I honestly did not think about Enes's suggestion of doing it twice by using a BIG-IP VE. That might have worked. I'll upvote the answer for visibility anyways, hoping this might help anyone in the future.
In the end, we resetted object's password due to urge. Not a big deal.
Hi C.A. Valli,
It occurred to me that trial licenses can not use for v11.x.
While investigate another question, I saw a way based on vulnerability for before v13.1.