Bug ID 743475

Bug Tracker
ID 743475

Bug ID 743475: Upgrades from releases earlier than 13.1.1 may fail when AD servers are invalid

Last Modified: Apr 17, 2024

Affected Product(s):
BIG-IP APM, Install/Upgrade(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4

Opened: Sep 10, 2018

Severity: 3-Major

Symptoms

If an invalid Active Directory (AD) server is configured, upgrades to releases 13.1.1 and later might fail due to MCP validation that validates the AD server. The system reports an error in audit log (/var/log/audit): -- 01071d05:3: <domain-controller> is not a valid IP address or hostname.

Impact

Upgrade fails.

Conditions

Upgrade to 13.1.1 or later with invalid AD server configured.

Workaround

You can use either of the following workarounds: -- Boot back into the previous volume and modify the Authentication AD domain controller to ensure that 'Hostname' under Domain Controllers is defined using FQDN. -- Alternatively, edit the bigip.conf configuration file within the upgraded volume to correct the issue, save the file, and reload the configuration. apm aaa active-directory /Common/ad-controller { admin-encrypted-password <xxxxxxxxxxxxxxx> admin-name admin domain example.local domain-controller <xxxxxx> <----------- Must be defined using FQDN domain-controllers { example { ip 192.168.1.50 } } use-pool disabled }

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips