Bug ID 637811: Upgrade failure when Common Criteria Mode is enabled

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Opened: Jan 09, 2017
Severity: 3-Major

Symptoms

When the software is in "Common Criteria Mode", an upgrade via the Web UI is not possible, because the upgrade process automatically generates a UCS file, but Common Criteria requires that a password be supplied whenever a UCS is generated. The Web UI does not take this in to account, and never asks for a password for the UCS file.

Impact

Software cannot be updated using the Web UI. The install fails with no indication as to why.

Conditions

Common criteria mode is enabled (i.e., the db variable security.commoncriteria is set to true).

Workaround

To work around this issue, you can disable Common Criteria mode before upgrading. To do so, perform the following procedure: 1. Log in to the BIG-IP system as an administrator user. 2. Log in to the Traffic Management Shell (tmsh) by typing the following command: tmsh 3. Set the database variable to false by typing the following command: modify sys db security.commoncriteria value false 4. Perform the system upgrade. 5. To turn Common Criteria mode back on, set the security.commoncriteria database variable to true by typing the following command: modify sys db security.commoncriteria value true

Fix Information

None

Behavior Change

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks