Bug ID 1108181: iControl REST call with token fails with 401 Unauthorized

Last Modified: Sep 14, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
17.0.0, 16.1.2.2, 16.1.0, 15.1.6, 15.1.5.1, 14.1.5, 14.1.4.6, 13.1.5

Fixed In:
17.0.0.1, 16.1.3.1, 15.1.6.1, 14.1.5.1

Opened: May 20, 2022
Severity: 2-Critical

Symptoms

For a short period after creating or refreshing a token, the iControl REST calls may fail with a 401 Unauthorized error and an HTML body content, or a 401 F5 Authorization Required error and a JSON body content. When using F5 Ansible modules for BIG-IP, the modules may fail with an error "Expecting value: line 1 column 1 (char 0)". The AS3 may return an error "AS3 API code: 401".

Impact

The iControl REST calls may temporarily fail (typically less than 1 second) after the creation or refresh of an iControl REST token.

Conditions

- REST call using valid token. - Can commonly occur on the call after a token has been refreshed or a Token list has been requested.

Workaround

After being issued a token or refreshing a token, wait a second before attempting to use it. If this does not work, request a new token. No workaround exists for AS3 or F5 Ansible BIG-IP modules.

Fix Information

A race condition on a PAM file update has been resolved. Tokens should remain valid.

Behavior Change