Bug ID 435520: Upgrade from 11.3 configuration rollforward of ASM policy from custom template breaks ASM.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.2 HF1, 11.4.0, 11.4.1

Fixed In:
11.6.0, 11.5.1 HF6, 11.4.1 HF6

Opened: Oct 28, 2013

Severity: 3-Major

Symptoms

ASM subsystem error in /var/log/asm: Oct 27 15:35:42 10_2_1_hf3 crit g_server_rpc_handler_async.pl[19560]: 01310027:2: ASM subsystem error (asm_config_server.pl,F5::ASMConfig::Handler::log_error_and_rollback): 01070265:3: The ASM predefiend policy (POLICY_TEMPLATE_OWA_EXCHANGE_2003_HTTPS) cannot be deleted because it is in use by a ASM policy (/Common/templ_1_default_copy)

Impact

ASM restarts continuously.

Conditions

Upgrade from 11.3 configuration rollforward of ASM policy from custom template breaks ASM.

Workaround

As a workaround, the device can be installed without roll-forward of configuration (with liveinstall.saveconfig and liveinstall.moveconfig disabled, and the UCS file saved to /shared/tmp). Subsequently, after ASM is provisioned and starts up initially, the UCS can be loaded.

Fix Information

We fixed an issue that sometimes stopped you from deleting an ASM security policy that was created using a template after you rolled-forward the policy's configuration from a previous version.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips