Failing to login to GUI with admin account
I'm experiencing a really strange issue with my Virtual F5 LTM. I'm running BIG-IP 11.6.1 Build 1.0.326 and since two weeks I'm not able to log into the GUI anymore. Neither with the admin account, nor with any other account. The CLI is no issue, I can log in there without any problems. I keep seeing the follow logs in de secure.log: Nov 10 21:09:37 localhost alert httpd[20065]: PAM Couldn't open /var/log/pam/tallylog : Permission denied Nov 10 21:09:37 localhost alert httpd[20065]: pam_tally2(httpd:auth): Error opening /var/log/pam/tallylog for update: Permission denied Nov 10 21:09:39 localhost info httpd(pam_audit)[20065]: User=admin tty=(unknown) host=10.128.1.1 failed to login after 1 attempts (start="Thu Nov 10 21:09:37 2016" end="Thu Nov 10 21:09:39 2016"). Nov 10 21:09:39 localhost info httpd(pam_audit)[20065]: 01070417:6: AUDIT - user admin - RAW: httpd(pam_audit): User=admin tty=(unknown) host=10.128.1.1 failed to login after 1 attempts (start="Thu Nov 10 21:09:37 2016" end="Thu Nov 10 21:09:39 2016"). Nov 10 21:09:45 localhost alert httpd[20071]: PAM Couldn't open /var/log/pam/tallylog : Permission denied Nov 10 21:09:45 localhost alert httpd[20071]: pam_tally2(httpd:auth): Error opening /var/log/pam/tallylog for update: Permission denied Nov 10 21:09:47 localhost info httpd(pam_audit)[20071]: User=admin tty=(unknown) host=10.128.1.1 failed to login after 1 attempts (start="Thu Nov 10 21:09:45 2016" end="Thu Nov 10 21:09:47 2016"). Nov 10 21:09:47 localhost info httpd(pam_audit)[20071]: 01070417:6: AUDIT - user admin - RAW: httpd(pam_audit): User=admin tty=(unknown) host=10.128.1.1 failed to login after 1 attempts (start="Thu Nov 10 21:09:45 2016" end="Thu Nov 10 21:09:47 2016"). Not sure if it's related, but I find it strange that PAM couldnt open the tally log. The file is definately there and permissions seems to be correct. Things I've tried so far without result: resetting the admin password to default creating a new user account with admin rights loading default config set full rights to the tallylog file. uploaded the config to iHealth, no really strange things beside a load of failed loging attempts tried different browsers. Maybe someone else has any suggestions what to do next? I'm kinda stuck now... Thanks in advance.
Default view of "Local Traffic Network Map" has changed and wont go back to normal
I am using an HA pair of F5 Big-Ip 3900's on version 11.3 build 3144.0 HF8. I was working in the GUI and noticed that when trying to go to the Local Traffic/Network Map the view had changed to "Local Traffic Summary" and will not go to the map unless clicking on the "Show Map" button. I made sure that under system/preferences/start screen it was still set to "Network Map", and it was... I have even changed the preferences to something else, which worked ok, but when I went back to the preferences setting of "Network Map" and you hit the RED F5 ball in the upper left corner of the GUI it still goes to the "Local Traffic Summary". does anyone know where this might be found in a config file in the command line environment? it's getting really frustrating..
Lost Access to GUI - VM
Hi everyone, Hoping to get some help.I have a little test machine GTM/LTM on a trial license which I use to practice and test out deployements on.I've been using it for a good month running off of vmware workstation.It's been working flawlessly until today.I typically shut it down when not in use.When I attempted to use it today, for some reason, I canot access the GUI.I simply get "this site can't be reached". x.x.x.x refused to connect. I'm able to log on to the box through the terminal and putty (ssh).I checked the config to ensure that everything is still in tact, and it is. I'm able to ping and access the mgmt interface, and obviously as I'm ssh'd in to it, the config looks fine and identical to how I left it the previous time I used it. At bootup, the system goes in to INOPERATIVE state. There are a few startup messages: kernel: ibrs changed from 1 to 0 EXT4-fs error (device dm-1): ext4_mb_generate_buddy:757: group 17, block bitmap and bg descriptor inconsistent: 23131 vs 23132 free clusters Re-starting named After the re-starting of named, it changes from INOPERATIVE to Active. I have tried restarting the box and virtual machine multiple times.I tried restarting tomcat and httpd processes.I get the following message when restarting httpd httpd[11494]: [ssl:emerg] [pid 11494] AH01874: Could not initialize session cache. Exiting. I typically use chrome, but tried mozilla, same issue. Anyone have any ideas on a fix? ThanksTampermonkey - BIG-IP Configuration UI Enhancements for APM
Problem this snippet solves: This script was designed in order to enhance the existing APM section of the BIG-IP Configuration UI. It was originally written for v11.5.1, but should work for many earlier and later versions as well. Enhancements Adds a link on the Manage Sessions page for each session that will display the APM logs and Session Variables reports in a new window Adds an Apply button on the Access Profiles page for any profile whose changes have not yet been applied The latest version of this codeshare can be found on Github at the link below. I have another script like that designed to help with the LTM sections of the BIG-IP Configuration UI, and this was pulled out of that in order to allow for modular enhancement. Known Issues If you're on a slow connection, clicking the show button to open the session variables may not bring up the tab. If this happens, either try again, or refresh the page after it opens and that should help. This is due to the way I had to get the session variable to open. Version History v1.0 - Initial version with Manage Sessions link to Session Variables report and Access Profiles apply button for policies that need to be applied. Inspiration Credit: Patrik Jonsson's Web UI Tweaks codeshare How to use this snippet: Instructions The Tampermonkey Chrome extension needs to be installed for this script to work Once installed, click on the Tampermonkey icon and click Dashboard Click the new script button and set the Update URL field to https://github.com/jangins101/F5/raw/master/F5%20UI%20Enhancements%20for%20APM.js You can also copy the whole document linked below into a new Tampermonkey script and save it Click Save and then click the value in the Last Updated column for that new row. This should update the script Security note: In case you would not want to have the script automatically update when a new version is released, you can remove the @updateUrl line. Another option would be to fork the Github repository and then use your own copy of it. Code : https://github.com/jangins101/F5-Tampermonkey-Scripts/blob/master/F5%20UI%20Enhancements%20for%20APM.js Tested this on version: 11.5DNS Tab not appearing on device
Hello, I am encountering an issue where the DNS tab is not showing up in the management GUI. I have the DNS module licensed and provisioned but the DNS tab disappeared after provisioning. I have tried rebooting the system, de-provisioning and re-provisioning all modules, and restart certain daemons. Has anyone else encountered this issue or can anyone provide possible solutions?
Long time to show up virtual server list in gui
When choosing from GUI: Local Traffic ›› Virtual Servers : Virtual Server List - the list shows up after 20 sec, what is a very long time. There is no such problem when showing other lists/parameters. The big-ip was upgraded to 12.1.2 and was configured a new. It seems that some old configuration bits are messing up, but I can't nail it. Any idea how to correct it ?
multi-client capability on LTM
Hello, we're tying to achieve multi-client capalities on a ltm box currently. While configuring users(operator) and partitions for every customer, we found some bottlenecks for our wish solution. Our wish is, to restrict every customer to only be able to view and edit his own LTM configuration. At the moment all customers are able to see self/ floating ips from common partition,HA configuration, performance of entirebox, other partitions and everything located under system. Does anyone know, if there is a know to hide or better to restrict access to the menus for Device Management, System, Network and so on? Another solution would be to use the API and create an own GUI, but this needs a lot of time :( Best regards Alexander
