Synchronize device_trust_group

Greetings Chris, There aren't that many moving parts with the device trust, probably a timing difference either with the systems OR the system times are fine, but the SSL certificates were created when the systems times were off. Can you 1) ensure NTP is setup and connecting to the remove server (SOL10240: Verifying NTP peer server communications) and when resetting device trust, "Generate new self-signed authority". Lastly, re-join the devices?

 

Hope this helps, Kevin

 

Yesterday, I did notice a difference in time when attempting to rejoin the devices. NTP settings were all correct and funtioning, so I forced a time sync with

ntpdate -s 

on both devices. Afterwards and again just now I also reset the device trust as follows:

• Reset Device Trust, using 'Generate new self-signed authority' on both devices
• Add peer to each device.

And now I get a new error on config sync, which looks to be more problematic:

Decryption of the field (bind_pw) for object (system-auth) failed

Upon checking the master key with

f5mku -K

the keys are different. Furthermore, if I try to sync them manually, by resetting I get this error:

f5mku -r 
Rekeying Master Key...
Error trying to rekey: 01071029:5: master_decrypt failed during rekey

Hi Chris, This would seem the best solution for the second error:

 

https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html

 

Hope this is helpful, Kevin