Bug ID 442199: HA group must be set up before running ccmode

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade(all modules)

Known Affected Versions:
11.5.1, 11.5.0

Fixed In:
11.6.0, 11.5.1 HF2, 11.5.0 HF3

Opened: Jan 06, 2014
Severity: 2-Critical


HA peer discovery process fails when running ccmode.


Unable to set up HA group. In the GUI, upon attempting the Peer Discovery step, the system returns an iControl connection failure error.


This occurs if the ccmode utility (for installations requiring Common Criteria compliance) is run prior to set-up of an HA group.


There are two workarounds: -- Create all HA groups before running the ccmode utility. -- Complete the following process on both systems prior to initial HA setup or before adding a new device: 1. Run the fommand: tmsh modify sys httpd ssl-protocol "all -SSLv2". 2. Run the command: tmsh save sys config. 3. Perform HA-setup/device-addition. 4. Return the httpd ssl-protocol option to the value that conforms to Common Criteria requirements. To do so, run the following two commands: a. tmsh modify sys httpd ssl-protocol "all -SSLv2 -SSLv3". b. tmsh save sys config.

Fix Information

The system now completes the correct set up of system to prevent error messages and failure of HA peer discovery, so HA groups are created as expected.

Behavior Change