Bug ID 769809: The vCMP guests 'INOPERATIVE' after upgrade

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP vCMP(all modules)

Known Affected Versions:
13.1.1.5, 12.1.4.1

Fixed In:
15.0.0, 14.1.0.6, 14.0.0.5, 13.1.3, 12.1.5

Opened: Apr 05, 2019

Severity: 2-Critical

Symptoms

After upgrading the host or creating new vCMP guests, the prompt in the vCMP guests report as INOPERATIVE.

Impact

The vCMP guests are sent a truncated unit key and fail to decrypt the master key needed to load the config. vCMP Guests report 'INOPERATIVE' after upgrade.

Conditions

-- The system truncates the unit key. (Note: This occurs because the unit key is designed to be a certain length, and the internally generated unit key for the guest has a NULL in it.) -- Upgrading the host. -- Creating new guests.

Workaround

Important: If you upgrade vCMP hosts from an affected version to a version unaffected by this issue (ID 769809), ensure that the upgrade version contains the fix for Bug ID 810593: Unencoded sym-unit-key causes guests to go 'INOPERATIVE' after upgrade :: https://cdn.f5.com/product/bugtracker/ID810593.html. Upon encountering this issue, it may be best to roll back to the previously used, unaffected version on the vCMP host, and then install a version unaffected by this issue (i.e., versions later than 12.1.4.1 or later than 13.1.1.5).

Fix Information

The system now handles a guest unit key that has a NULL in it, so vCMP guests are no longer 'INOPERATIVE' after upgrade

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips