Last Modified: Apr 11, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
11.6.1, 11.6.1, 11.6.0
Fixed In:
12.0.0, 11.6.2
Opened: Mar 14, 2016 Severity: 3-Major Related Article:
K34082034
Configuring alternate admin user fails on multi-blade VIPRION chassis and will prevent newly added blades from being available to process traffic. If default admin on primary is disabled and you are on a chassis with at least two blades. After disabling the default admin on the primary and configuring an alternate, mcpd on secondary blades goes into a restart loop, and posts error messages similar to the following in /var/log/ltm: warning mcpd[26012]: 01071859:4: Warning generated : WARNING! Role no-access will lockout the user admin-primary2. warning mcpd[26012]: 01071859:4: Warning generated : WARNING! Role no-access will lockout the user admin-secondary1. warning mcpd[26012]: 01071859:4: Warning generated : WARNING! Role no-access will lockout the user admin-secondary2. err mcpd[26012]: 010718e7:3: The requested primary admin user (admin-primary1) must have a password set. err mcpd[26012]: 01070734:3: Configuration error: Configuration from primary failed validation: 010718e7:3: The requested primary admin user (admin-primary1) must have a password set.... failed validation with error 17242343. In this example, admin-primary1 is the default admin user set in the GUI under System :: Platform :: Admin Account, admin-primary2, admin-secondary1 and admin-secondary2 are other admin users on the device, but they are not configured as the default admin user.
mcpd in a restart loop on secondaries.
Chassis with multiple blades; alternate primary admin is set on the primary blade.
There is no workaround that will allow you to use a different primary admin user on BIG-IP software versions affected by this issue. To stop secondary blades from restarting in a loop, issue the following commands on your primary blade, which should be stable at this time: # tmsh modify sys db systemauth.primaryadminuser value admin # tmsh save sys config
Configuring an alternate admin user now works as expected on multi-blade VIPRION chassis.