Last Modified: Oct 17, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.4.0, 11.4.1
Opened: Mar 27, 2015 Severity: 3-Major Related Article:
K03773000
Configuration loads but cannot re-key. This is sometimes seen as a configuration that is successfully synced but a device that cannot join a trust group.
Unable to set device master key. In some cases this has no impact, but it prevents installing a UCS file containing an encrypted passphrase (as described in SOL9420, available here: https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html), and is somewhat difficult to detect as no other operations fail.
This occurs when the following conditions are met: -- Configuration includes unused, encrypted items. -- Host is not configured with the correct master key for those items. -- Configuration is loaded under the wrong key. -- An attempt is made to change the master key for any reason.
Remove all encrypted items from the config. Re-sync the key either manually with f5mku or with device trust. Re-install the desired configuration.
None