Bug ID 739373: ASM restart loop after sync from non-ASM to ASM device

Last Modified: Oct 24, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1

Opened: Aug 06, 2018
Severity: 3-Major

Symptoms

When two or more device are configured with Configuration Management interface in a sync-failover device group: if one of the devices does not have ASM provisioned while another one does, performing a config sync of the sync-failover device group from the non-ASM device will cause the /Common/asm-hidden folder to be deleted along with its content. The next time ASM is restarted (for any reason) on one of the ASM devices, ASM keeps restarting in a loop. Messages similar to the following appear in /var/log/ltm : -- err mcpd[6550]: 01070734:3: Configuration error: Can't associate Bot Signature Category (/Common/asm-hidden/ASM-search-engines) folder does not exist. Similarly messages similar to the following appear in /var/log/ts/ts_debug.log: asm|INFO|Jul 30 12:03:02.481|5282|,,01070734:3: Configuration error: Can't associate Bot Signature Category (/Common/asm-hidden/ASM-search-engines) folder does not exist.

Impact

-- Search Engines are not applied on JavaScript challenges. -- Upon an ASM restart, ASM restarts in a loop, and the device will remain offline.

Conditions

- Two or more devices are connected with a sync-failover device group. - One device has ASM provisioned, while another device does not have ASM provisioned. - Performing a sync from the non-ASM device to the ASM device.

Workaround

Reload the configuration by running the following command: tmsh save sys config && tmsh load sys config As an alternative, re-provision ASM by running the following command: tmsh modify sys provision asm level nominal

Fix Information

None

Behavior Change