Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP Install/Upgrade
Known Affected Versions:
11.5.1, 11.5.0
Fixed In:
11.6.0, 11.5.1 HF2, 11.5.0 HF3
Opened: Jan 06, 2014 Severity: 2-Critical
HA peer discovery process fails when running ccmode.
Unable to set up HA group. In the GUI, upon attempting the Peer Discovery step, the system returns an iControl connection failure error.
This occurs if the ccmode utility (for installations requiring Common Criteria compliance) is run prior to set-up of an HA group.
There are two workarounds: -- Create all HA groups before running the ccmode utility. -- Complete the following process on both systems prior to initial HA setup or before adding a new device: 1. Run the fommand: tmsh modify sys httpd ssl-protocol "all -SSLv2". 2. Run the command: tmsh save sys config. 3. Perform HA-setup/device-addition. 4. Return the httpd ssl-protocol option to the value that conforms to Common Criteria requirements. To do so, run the following two commands: a. tmsh modify sys httpd ssl-protocol "all -SSLv2 -SSLv3". b. tmsh save sys config.
The system now completes the correct set up of system to prevent error messages and failure of HA peer discovery, so HA groups are created as expected.