Last Modified: Oct 04, 2024
Affected Product(s):
BIG-IP Install/Upgrade, LTM
Known Affected Versions:
15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 17.0.0, 17.0.0.1, 17.0.0.2
Opened: Mar 08, 2021 Severity: 3-Major
When loading a UCS archive using the 'reset-trust' option, if the system fails to load the base configuration from the UCS archive, the system may fail to regenerate new device trust certificates and keys. This can result in subsequent issues, including configuration load failures after an upgrade, such as: 01070712:3: Values (/Common/dtca.key) specified for trust domain (/Common/Root): foreign key index (key_fk) do not point at an item that exists in the database. Unexpected Error: Loading configuration process failed.
-- The system does not regenerate critical device trust keys and certificates. -- After a subsequent upgrade, the BIG-IP system goes to INOPERATIVE state, and reports this error: 01070712:3: Values (/Common/dtca.key) specified for trust domain (/Common/Root): foreign key index (key_fk) do not point at an item that exists in the database. Unexpected Error: Loading configuration process failed.
-- Loading a UCS file using the 'reset-trust' option. -- The system fails to load the base configuration (bigip_base.conf) in the UCS archive for any reason. -- The base configuration is corrected, and subsequently loaded (e.g., with 'tmsh load sys config').
Remove trust-domain from the bigip_base.conf file and reload the configuration.
None