Bug ID 435520: Upgrade from 11.3 configuration rollforward of ASM policy from custom template breaks ASM.

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5

Fixed In:
11.6.0, 11.5.1 HF6, 11.4.1 HF6

Opened: Oct 28, 2013
Severity: 3-Major

Symptoms

ASM subsystem error in /var/log/asm: Oct 27 15:35:42 10_2_1_hf3 crit g_server_rpc_handler_async.pl[19560]: 01310027:2: ASM subsystem error (asm_config_server.pl,F5::ASMConfig::Handler::log_error_and_rollback): 01070265:3: The ASM predefiend policy (POLICY_TEMPLATE_OWA_EXCHANGE_2003_HTTPS) cannot be deleted because it is in use by a ASM policy (/Common/templ_1_default_copy)

Impact

ASM restarts continuously.

Conditions

Upgrade from 11.3 configuration rollforward of ASM policy from custom template breaks ASM.

Workaround

As a workaround, the device can be installed without roll-forward of configuration (with liveinstall.saveconfig and liveinstall.moveconfig disabled, and the UCS file saved to /shared/tmp). Subsequently, after ASM is provisioned and starts up initially, the UCS can be loaded.

Fix Information

We fixed an issue that sometimes stopped you from deleting an ASM security policy that was created using a template after you rolled-forward the policy's configuration from a previous version.

Behavior Change