Bug ID 1023721: iapp_restricted_key not available on fresh installation and overwrites the peer device's master key during config sync

Last Modified: Jun 12, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2

Fixed In:
17.0.0, 16.1.3

Opened: Jun 07, 2021
Severity: 3-Major

Symptoms

Config sync of a deployment fails for SSL Orchestrator or Application Guided Config applications. There is an error in /var/log/restjavad.0.log: java.lang.Exception: Failed to find key com.f5.rest.common.RestRequestSender$HttpException: java.net.ProtocolException: status:404, body:{"code":404,"message":"Object not found - /Common/iappKey","errorStack":[],...

Impact

Secure Storage will not secure restricted_properties with the correct master key which will raise issues with encryption/decryption of data.

Conditions

-- Recently formed device service cluster -- Deploying SSL Orchestrator or AGC and triggering a config sync for the first time

Workaround

None

Fix Information

iapp_restricted_key object should be synced properly during config sync

Behavior Change