Bug ID 1696745

Bug Tracker
ID 1696745

Bug ID 1696745: HA sync failure after SSL cert/key removal causes configuration exception during subsequent config sync

Last Modified: Oct 09, 2025

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 17.0.0, 17.0.0.1, 17.0.0.2

Opened: Oct 15, 2024

Severity: 4-Minor

Symptoms

When config sync failure occurs due to a separate issue (e.g. ID 1690149) after deleting an SSL certificate or key configuration object, it causes configuration inconsistency on a device that receives the config sync. The device will have the configuration object in memory, while the associated certificate or key file does not exist in filestore anymore. The subsequent config sync may result in errors like below. err mcpd[<PID>]: 01070712:3: Caught configuration exception (0), failed in syscall link(/config/filestore/files_d/Common_d/certificate_key_d/:Common:example-cert.key_72911_1, /config/filestore/.trash_bin_d/.current_d/Common_d/certificate_key_d/:Common:example-cert.key_72911_1) errno=(No such file or directory). err mcpd[<PID>]: 01071488:3: Remote transaction for device group /Common/Failover to commit id 74711 7429221093755254348 /Common/00687419-ha-bug-bigip2.hmatsuda 0 failed with error 01070712:3: Caught configuration exception (0), failed in syscall link(/config/filestore/files_d/Common_d/certificate_key_d/:Common:example-cert.key_72911_1, /config/filestore/.trash_bin_d/.current_d/Common_d/certificate_key_d/:Common:example-cert.key_72911_1) errno=(No such file or directory)..

Impact

- Configuration inconsistency - Configuration exception during config sync

Conditions

- Deletion of SSL certificate or key configuration object - Sync failure due to a separate issue

Workaround

- Resolve the original config sync failure. - Resolve the configuration exception: 1. Create the missing file in the error message on the device with the error. In the case of sample error message above, "/config/filestore/files_d/Common_d/certificate_key_d/:Common:example-cert.key_72911_1" is the missing file. # touch /config/filestore/files_d/Common_d/certificate_key_d/:Common:example-cert.key_72911_1 2. Run config sync from the peer and confirm sync completes successfully. Note: If you encounter the similar error for a different missing file, you may repeat step 1 and 2. In some cases, you may need to create all missing files before proceeding with step 2 because the config-sync in this step may delete the previously created file. # tmsh run cm config-sync force-full-load-push to-group <device-group-name>

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips