Bug ID 580499: Configuring alternate admin user fails on multi-blade VIPRION chassis if default admin on primary is disabled.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.6.1, 11.6.1, 11.6.0

Fixed In:
12.0.0, 11.6.2

Opened: Mar 14, 2016
Severity: 3-Major
Related AskF5 Article:
K34082034

Symptoms

Configuring alternate admin user fails on multi-blade VIPRION chassis and will prevent newly added blades from being available to process traffic. If default admin on primary is disabled and you are on a chassis with at least two blades. After disabling the default admin on the primary and configuring an alternate, mcpd on secondary blades goes into a restart loop, and posts error messages similar to the following in /var/log/ltm: warning mcpd[26012]: 01071859:4: Warning generated : WARNING! Role no-access will lockout the user admin-primary2. warning mcpd[26012]: 01071859:4: Warning generated : WARNING! Role no-access will lockout the user admin-secondary1. warning mcpd[26012]: 01071859:4: Warning generated : WARNING! Role no-access will lockout the user admin-secondary2. err mcpd[26012]: 010718e7:3: The requested primary admin user (admin-primary1) must have a password set. err mcpd[26012]: 01070734:3: Configuration error: Configuration from primary failed validation: 010718e7:3: The requested primary admin user (admin-primary1) must have a password set.... failed validation with error 17242343. In this example, admin-primary1 is the default admin user set in the GUI under System :: Platform :: Admin Account, admin-primary2, admin-secondary1 and admin-secondary2 are other admin users on the device, but they are not configured as the default admin user.

Impact

mcpd in a restart loop on secondaries.

Conditions

Chassis with multiple blades; alternate primary admin is set on the primary blade.

Workaround

There is no workaround that will allow you to use a different primary admin user on BIG-IP software versions affected by this issue. To stop secondary blades from restarting in a loop, issue the following commands on your primary blade, which should be stable at this time: # tmsh modify sys db systemauth.primaryadminuser value admin # tmsh save sys config

Fix Information

Configuring an alternate admin user now works as expected on multi-blade VIPRION chassis.

Behavior Change