Bug ID 514815: Configuration does not validate unused encrypted items.

Last Modified: Oct 17, 2023

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Opened: Mar 27, 2015

Severity: 3-Major

Related Article: K03773000


Configuration loads but cannot re-key. This is sometimes seen as a configuration that is successfully synced but a device that cannot join a trust group.


Unable to set device master key. In some cases this has no impact, but it prevents installing a UCS file containing an encrypted passphrase (as described in SOL9420, available here: https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html), and is somewhat difficult to detect as no other operations fail.


This occurs when the following conditions are met: -- Configuration includes unused, encrypted items. -- Host is not configured with the correct master key for those items. -- Configuration is loaded under the wrong key. -- An attempt is made to change the master key for any reason.


Remove all encrypted items from the config. Re-sync the key either manually with f5mku or with device trust. Re-install the desired configuration.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips