Last Modified: Feb 13, 2019
See more info
Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4
12.0.0, 11.6.0 HF5, 11.5.2
Opened: Jun 30, 2014
Related AskF5 Article: K16218
MCPD may generate one of the following validation errors as a result of a ConfigSync, or a config load, or attaching an SSL profile to a virtual server, or modifying a virtual server: 0107149e:3: Virtual server /Common/name-of-virtual-server has more than one clientssl/serverssl profile with same server name. 010717e1:3: Client SSL profile cannot contain more than one set of same certificate/key type.
Depending on the manifestation of this issue one of the following can happen: - administrator may be prevented from performing further configuration operations - administrator may be prevented from synchronizing the configuration - the configuration may not load
This occurs when HA pairs have dissimilar cert-key-chain names within an SSL profile, and the changes were synchronized to the peer device. Either the ConfigSync will fail (if the SSL profile was attached to a virtual server), or the ConfigSync will succeed, but on the receiving device, the SSL profile will have two cert-key-chain objects. This happens given the following conditions: - Systems are performing a full (not incremental) sync - SSL profile is attached to a virtual server - cert-key-chain sub-object has differing names on the two devices
Find the client-ssl profile name for the virtual server that fails to load. List and compare the cert-key-chain names of the client-ssl profile on the devices in the HA configuration. Choose the correct cert-key-chain name and ensure the cert-key-chain name is the same on all devices. Synchronize the configuration.
The ConfigSync operation completes successfully if HA pair has dissimilar cert-key-chain sub-object names within an SSL profile.