Last Modified: May 29, 2024
Affected Product(s):
BIG-IP vCMP
Known Affected Versions:
13.1.1.5, 12.1.4.1
Fixed In:
15.0.0, 14.1.0.6, 14.0.0.5, 13.1.3, 12.1.5
Opened: Apr 05, 2019 Severity: 2-Critical
After upgrading the host or creating new vCMP guests, the prompt in the vCMP guests report as INOPERATIVE.
The vCMP guests are sent a truncated unit key and fail to decrypt the master key needed to load the config. vCMP Guests report 'INOPERATIVE' after upgrade.
-- The system truncates the unit key. (Note: This occurs because the unit key is designed to be a certain length, and the internally generated unit key for the guest has a NULL in it.) -- Upgrading the host. -- Creating new guests.
Important: If you upgrade vCMP hosts from an affected version to a version unaffected by this issue (ID 769809), ensure that the upgrade version contains the fix for Bug ID 810593: Unencoded sym-unit-key causes guests to go 'INOPERATIVE' after upgrade :: https://cdn.f5.com/product/bugtracker/ID810593.html. Upon encountering this issue, it may be best to roll back to the previously used, unaffected version on the vCMP host, and then install a version unaffected by this issue (i.e., versions later than 12.1.4.1 or later than 13.1.1.5).
The system now handles a guest unit key that has a NULL in it, so vCMP guests are no longer 'INOPERATIVE' after upgrade