Symptoms

When two or more device are configured with Configuration Management interface in a sync-failover device group: if one of the devices does not have ASM provisioned while another one does, performing a config sync of the sync-failover device group from the non-ASM device will cause the /Common/asm-hidden folder to be deleted along with its content. The next time ASM is restarted (for any reason) on one of the ASM devices, ASM keeps restarting in a loop. Messages similar to the following appear in /var/log/ltm : -- err mcpd[6550]: 01070734:3: Configuration error: Can't associate Bot Signature Category (/Common/asm-hidden/ASM-search-engines) folder does not exist. Similarly messages similar to the following appear in /var/log/ts/ts_debug.log: asm|INFO|Jul 30 12:03:02.481|5282|,,01070734:3: Configuration error: Can't associate Bot Signature Category (/Common/asm-hidden/ASM-search-engines) folder does not exist.

Impact

-- Search Engines are not applied on JavaScript challenges. -- Upon an ASM restart, ASM restarts in a loop, and the device will remain offline.

Conditions

- Two or more devices are connected with a sync-failover device group. - One device has ASM provisioned, while another device does not have ASM provisioned. - Performing a sync from the non-ASM device to the ASM device.

Workaround

Reload the configuration by running the following command: tmsh save sys config && tmsh load sys config As an alternative, re-provision ASM by running the following command: tmsh modify sys provision asm level nominal

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips