Symptoms

MCPD may generate one of the following validation errors as a result of a ConfigSync, or a config load, or attaching an SSL profile to a virtual server, or modifying a virtual server: 0107149e:3: Virtual server /Common/name-of-virtual-server has more than one clientssl/serverssl profile with same server name. 010717e1:3: Client SSL profile cannot contain more than one set of same certificate/key type.

Impact

Depending on the manifestation of this issue one of the following can happen: - administrator may be prevented from performing further configuration operations - administrator may be prevented from synchronizing the configuration - the configuration may not load

Conditions

This occurs when HA pairs have dissimilar cert-key-chain names within an SSL profile, and the changes were synchronized to the peer device. Either the ConfigSync will fail (if the SSL profile was attached to a virtual server), or the ConfigSync will succeed, but on the receiving device, the SSL profile will have two cert-key-chain objects. This happens given the following conditions: - Systems are performing a full (not incremental) sync - SSL profile is attached to a virtual server - cert-key-chain sub-object has differing names on the two devices

Workaround

Find the client-ssl profile name for the virtual server that fails to load. List and compare the cert-key-chain names of the client-ssl profile on the devices in the HA configuration. Choose the correct cert-key-chain name and ensure the cert-key-chain name is the same on all devices. Synchronize the configuration.

Fix Information

The ConfigSync operation completes successfully if HA pair has dissimilar cert-key-chain sub-object names within an SSL profile.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips