Bug ID 488417: Config load failure with 'Input error: can't create user' after upgrade

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All, Install/Upgrade(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2

Fixed In:
12.1.0, 12.0.0 HF3, 11.6.3

Opened: Nov 03, 2014
Severity: 3-Major
Related AskF5 Article:
K16977

Symptoms

Unable to load config after upgrade or reboot if the admin account is disabled and replaced with a custom user. The system posts the message: 01070829:5: Input error: can't create user, role partition mapping, user does not exist, username, Unexpected Error: Loading configuration process failed. On single-NIC virtual deployments, if the admin account is disabled and replaced with a custom user, the system will experience this issue any time the system is rebooted. Logs similar to the following may appear in /var/log/ltm: notice sod[6214]: 010c005e:5: Waiting for mcpd to reach phase base, current phase is platform. notice mcpd[4672]: 01070829:5: Input error: can't create user, role partition mapping, user does not exist, security err tmsh[7444]: 01420006:3: Loading configuration process failed. emerg load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all base" - failed. -- 01070829:5: Input error: can't create user, role partition mapping, user does not exist, security Unexpected Error: Loading configuration process failed. err mcpd[4672]: 01070422:3: Base configuration load failed.

Impact

You cannot upgrade if the root admin account is disabled. On single-NIC virtual deployment configurations in version 12.0.0, the system fails to load the configuration after a reboot.

Conditions

This occurs when upgrading or rebooting a system on which the root admin account is disabled and replaced with a custom admin user account. This occurs on single-NIC virtual deployments in version 12.0.0, when a system on which the root admin account is disabled and replaced with a custom admin user account is rebooted. To verify single-NIC is enabled: tmsh list sys db provision.1nic. To verify a custom administrator has been defined: tmsh list sys db systemauth.primaryadminuser.

Workaround

There is no workaround for this issue. To resolve this issue, you can reboot the BIG-IP system back to the previous working boot location that has the admin user disabled. For single-NIC virtual deployments, you can re-enable the default admin user account. To do so, perform one of the following procedures: Impact of workaround: Since the BIG-IP System is already in the inoperative state, performing the following procedure should not have a negative impact on your system. Rebooting the BIG-IP system back to the previous working boot location: Log in to the Traffic Management shell (tmsh) by typing the following command: tmsh To reboot the BIG-IP system to the desired boot location, type the following command syntax: reboot volume <boot_location> Re-enabling the default admin user account on BIG-IP system (for single-NIC virtual deployments): Azure BIG-IP Virtual Edition (VE): Log in to tmshby typing the following command: tmsh Re-enable the default admin user account by typing the following command: modify /sys db systemauth.primaryadminuser value admin Re-load BIG-IP configuration by typing the following command: load /sys config Amazon Web Services BIG-IP VE: Log in to tmshby typing the following command: tmsh Re-enable the default admin user account by typing the following command: modify /sys db systemauth.primaryadminuser value admin Update the password for the default admin user by typing the following command syntax: modify /auth user admin password <password> Re-load BIG-IP configuration by typing the following command: load /sys config

Fix Information

Can now successfully load the configuration after upgrade if the admin account is disabled and replaced with a custom user, and no 'Input error: can't create user' error occurs.

Behavior Change