cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Restoring VCMP guest from UCS

Zuke
Cirrostratus
Cirrostratus

I'm recreating a VCMP guest from a UCS. This is a new virtual disk on the host. I followed the steps to reset the master key. After uploading the UCS and issuing "load sys ucs archive.ucs include-chassis-level-config reset-trust" the process errors out:

 

load_config_files[8300]: "/usr/bin/tmsh -n -g -a load sys config partitions all base " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Unexpected Error: Loading configuration process failed. 2021 Jun  9 15:38:40 bigip1 load_config_files[8300]: "/usr/bin/tmsh -n -g -a load sys config partitions all base " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Jun  9 15:38:40 bigip1 emerg load_config_files[8300]: "/usr/bin/tmsh -n -g -a load sys config partitions all base " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Jun  9 15:38:40 bigip1 err mcpd[5935]: 01070422:3: Base configuration load failed. Jun  9 15:38:44 bigip1 info install_ucs.pm[32165]: Configuration loading error: base-config-load-failed Jun  9 15:38:48 bigip1 notice logger[9127]: /bin/sh /usr/lib/csyncd/reloadnamed.sh /var/named/config/named.conf change  ==> /bin/bigstart start zrd Jun  9 15:39:01 bigip1 info install_ucs.pm[32165]: ERROR: UCS installation failed. Jun  9 15:39:01 bigip1 err tmsh[12777]: 01110001:3: Error running config install

 

1 ACCEPTED SOLUTION

Zuke
Cirrostratus
Cirrostratus

I opened a ticket with F5 support and Peter (from London) helped me out.

 

The procedure I was using to reset the master key was to issue the command "tmsh modify sys crypto master-key prompt-for-password" and then use the hash from the guest as the password. The correct procedure is to use "f5mku -r <hash>" on the new guest. After doing that, the UCS file was able to load.

 

Additionally some cool optimizations that I learned from Peter that really helped with the performance of AVR and the GUI:

 

tmsh modify sys db avr.stats.internal.maxentitiespertable value 1024

tmsh modify sys db provision.extramb value 2048;tmsh save sys config

tmsh modify sys db restjavad.useextramb value true

tmsh modify sys db provision.tomcat.extramb value 100

 

 

View solution in original post

4 REPLIES 4

SanjayP
MVP
MVP
  1. Recently during our BCP process I encountered the same and reboot fixed it. Did you already try a reboot​? Also, do you need to issue no-license no-platform-check as well?

Thanks Sanjay. Unfortunately rebooting the guest isn't the fix in this situation. The UCS wouldn't load at all, the guest would be in an INOPERATIONAL state, and I'd delete and recreate the guest.

Zuke
Cirrostratus
Cirrostratus

I opened a ticket with F5 support and Peter (from London) helped me out.

 

The procedure I was using to reset the master key was to issue the command "tmsh modify sys crypto master-key prompt-for-password" and then use the hash from the guest as the password. The correct procedure is to use "f5mku -r <hash>" on the new guest. After doing that, the UCS file was able to load.

 

Additionally some cool optimizations that I learned from Peter that really helped with the performance of AVR and the GUI:

 

tmsh modify sys db avr.stats.internal.maxentitiespertable value 1024

tmsh modify sys db provision.extramb value 2048;tmsh save sys config

tmsh modify sys db restjavad.useextramb value true

tmsh modify sys db provision.tomcat.extramb value 100

 

 

Hello Zuke,

I have the same issue... Can you please detail how to use the procedure "f5mku -r <hash>"

Thanks in advance