Bug ID 743475: Upgrades from releases earlier than 13.1.1 may fail when AD servers are invalid

Last Modified: May 22, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM, Install/Upgrade(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Opened: Sep 10, 2018
Severity: 3-Major

Symptoms

If an invalid AD server is configured, upgrades to releases 13.1.1 may fail due to MCP validation that enforces valid AD server. audit log (/var/log/audit) contains error like: 01071d05:3: <domain-controller> is not a valid IP address or hostname

Impact

Upgrade failure

Conditions

Upgrade to 13.1.1 or higher with invalid AD server configured

Workaround

Boot back into the previous volume and modify the AD domain controller to ensure that 'hostname' under Domain Controllers is defined using FQDN. Access Policy-> AAA Servers-> Active Directory Alternatively, edit the bigip.conf configuration file within the upgraded volume to correct the issue, save the file, and reload the configuration. apm aaa active-directory /Common/ad-controller { admin-encrypted-password <xxxxxxxxxxxxxxx> admin-name admin domain example.local domain-controller <xxxxxx> <----------- Must be defined using FQDN domain-controllers { example { ip 192.168.1.50 } } use-pool disabled }

Fix Information

None

Behavior Change