Bug ID 1023721: iapp_restricted_key not available on fresh installation and overwrites the peer device's master key during config sync

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Fixed In:
17.0.0, 16.1.3

Opened: Jun 07, 2021

Severity: 3-Major

Symptoms

Config sync of a deployment fails for SSL Orchestrator or Application Guided Config applications. There is an error in /var/log/restjavad.0.log: java.lang.Exception: Failed to find key com.f5.rest.common.RestRequestSender$HttpException: java.net.ProtocolException: status:404, body:{"code":404,"message":"Object not found - /Common/iappKey","errorStack":[],...

Impact

Secure Storage will not secure restricted_properties with the correct master key which will raise issues with encryption/decryption of data.

Conditions

-- Recently formed device service cluster -- Deploying SSL Orchestrator or AGC and triggering a config sync for the first time

Workaround

None

Fix Information

iapp_restricted_key object should be synced properly during config sync

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips