Bug ID 860245: SSL Orchestrator configuration not synchronized across HA peers after upgrade from 14.1.2.x

Last Modified: Aug 26, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5

Fixed In:
16.0.0

Opened: Dec 12, 2019
Severity: 1-Blocking

Symptoms

The SSL Orchestrator configuration is not synced properly across the high availability (HA) configuration. The REST framework versions are different on the devices.

Impact

SSL Orchestrator configuration does not sync across BIG-IP HA peers.

Conditions

-- BIG-IP devices configured for HA. -- SSL Orchestrator configured. -- Upgrading from v14.1.2 to v15.1.x or newer.

Workaround

The following steps are required on all HA, first on the active and then on the standby BIG-IP devices. 1. Open a BIG-IP terminal session with admin/root level access. 2. Run the following commands, in the order specified: bigstart stop restjavad rm -rf /shared/em/ssl.crt/* bigstart start restjavad restcurl -X DELETE shared/resolver/device-groups/tm-shared-all-big-ips/devices restcurl -X DELETE shared/gossip-conflicts restcurl -X DELETE shared/device-certificates restcurl -X POST -d '{"generateKeyPair": true}' shared/device-key-pair bigstart restart restjavad restnoded

Fix Information

The following procedure is always required when upgrading from BIG-IP v14.1.2: Perform the following on both/all HA peers, first on the active and then on the standby BIG-IP device. 1. Open a BIG-IP terminal session with admin/root level access. 2. Run the following commands, in the order specified: bigstart stop restjavad rm -rf /shared/em/ssl.crt/* bigstart start restjavad restcurl -X DELETE shared/resolver/device-groups/tm-shared-all-big-ips/devices restcurl -X DELETE shared/gossip-conflicts restcurl -X DELETE shared/device-certificates restcurl -X POST -d '{"generateKeyPair": true}' shared/device-key-pair bigstart restart restjavad restnoded

Behavior Change