Restore UCS in other BOX BIGIP

Question

Hi All,&nbsp;
please need your Help&nbsp;
Our situation is as follows:&nbsp;
we had a cluster 2x6900 series, one of the box is out of service we want configure a box 3600 series and injected it LTM configuration from box 6900 which is in production&nbsp;
I tried this command but without result&nbsp;
tmsh load /sys ucs  no-license&nbsp;
is that there is another solution to the recovered LTM configuration between two different box&nbsp;
we are really in a critical situation and we absolutely recouped the LTM configuration on the box 3600 series.&nbsp;
thank u in advance for your time&nbsp;
BR,
KOR&nbsp;

what_lies_bene1 · Answer

Can you elaborate on '...without result' please?&nbsp;
I think you also need to use the -no-platform-check parameter.&nbsp;

nathe · Answer

KOR,&nbsp;
You mention the command "tmsh load /sys ucs no-license" I take it you also included the UCS file name too as part of the command? i.e. "tmsh load /sys ucs backup.ucs no-license"&nbsp;
WLB is right, you can use no-platform-check too.&nbsp;
This does presume you're on TMOS v11. With TMOS v10 there is a "rma" switch instead.&nbsp;
Rgds&nbsp;
N&nbsp;

chris_akker_129 · Answer

You should be able to just establish a new Device Trust, and then one way SYNC the configuration from the 6900 to the 3600.&nbsp;
The 3600 must be licensed/provisioned identical to the 6900, and there are probobly other caveats as well.&nbsp;
It sounds like you are trying to create an HA pair, rather than restore a UCS from one platform on another.  So check into the Device Cluster configuration details for 11.2 and see if that fits your requirements.&nbsp;
Good Luck - Chris.&nbsp;

kor_124005 · Answer

Hi Nathan,Chris thank you for time and help

what we want to do is to have the 3600 box as secondary, is not gonna mounted cluster

that's why I need to recover the LTM config.

Here are the results of the two command no-license and no-plateformecheck.
error  returned on /var/log/ltm

Apr  6 04:22:01 Ooredoo warning tmsh[20823]: 01420007:4: Certificate 'CN=www.orientation.esi.dz,OU=ESI,O=Ecole Nationale Superieure d'Informatique,L=Alger,ST=Oued Smar,C=DZ' in file /Common/THAWTEE2012.crt expired on May 29 23:59:59 2013 GMT
Apr  6 08:46:22 Ooredoo err mcpd[5707]: 01070734:3: Configuration error: Invalid mcpd context, folder not found (/Common/var/log/ltm)
Apr  6 09:29:46 Ooredoo err mcpd[5707]: 01020036:3: The requested BIGdb variable (ucs_no_platform_check) was not found.
Apr  6 09:30:03 Ooredoo warning mcpd[5707]: 010712e9:4: ucs_no_platform_check is not in BigDB.dat.
Apr  6 09:30:09 Ooredoo info tmsh[4675]: Begin config install operation: /var/local/ucs/Config_1_04_2014.ucs
Apr  6 09:30:10 Ooredoo notice root: /usr/bin/perl /usr/local/bin/im -exclfrom -q -force /var/local/ucs/Config_1_04_2014.ucs  ==&gt; /usr/bin/bigstart stop named
Apr  6 09:30:11 Ooredoo notice mcpd[5707]: 01070410:5: Removed subscription with subscriber id named
Apr  6 09:30:13 Ooredoo notice root: /usr/bin/perl /usr/local/bin/im -exclfrom -q -force /var/local/ucs/Config_1_04_2014.ucs  ==&gt; /usr/bin/bigstart stop zrd
Apr  6 09:30:13 Ooredoo info install_ucs.pm: Install the license file from UCS onto the system.
Apr  6 09:30:18 Ooredoo notice root: /usr/bin/perl /usr/local/bin/im -exclfrom -q -force /var/local/ucs/Config_1_04_2014.ucs  ==&gt; /usr/bin/bigstart start named
Apr  6 09:30:18 Ooredoo notice root: /usr/bin/perl /usr/local/bin/im -exclfrom -q -force /var/local/ucs/Config_1_04_2014.ucs  ==&gt; /usr/bin/bigstart start zrd
Apr  6 09:30:19 Ooredoo notice sod[5702]: 010c0044:5: Command:  running disable zrd bigstart.
Apr  6 09:30:19 Ooredoo warning mcpd[5707]: 01070267:4: Dossier warning 09 14.
Apr  6 09:30:19 Ooredoo err mcpd[5707]: 01070266:3: Dossier error 01 04 04 04 04 04 04 04 04 04 04 04 04 04 08 12.
Apr  6 09:30:19 Ooredoo notice mcpd[5707]: 01070419:5: Platform initialization phase triggered.
Apr  6 09:30:19 Ooredoo warning mcpd[5707]: 01070267:4: Dossier warning 09 14.
Apr  6 09:30:19 Ooredoo err mcpd[5707]: 01070266:3: Dossier error 01 04 04 04 04 04 04 04 04 04 04 04 04 04 08 12.
Apr  6 09:30:19 Ooredoo info promptstatusd[4636]: 01460007:6: mcp phase none
Apr  6 09:30:19 Ooredoo info promptstatusd[4636]: 01460007:6: mcp last load status in progress
Apr  6 09:30:19 Ooredoo info promptstatusd[4636]: 01460007:6: mcp phase base
Apr  6 09:30:19 Ooredoo info promptstatusd[4636]: 01460007:6: mcp last load status high load in progress
Apr  6 09:30:20 Ooredoo emerg mcpd[5707]: 01070608:0: License is not operational (expired or digital signature does not match contents).
Apr  6 09:30:21 Ooredoo info mprov:7151:: Invoked as: /usr/bin/mprov.pl (pid=7151) --quiet --legacy
Apr  6 09:30:22 Ooredoo info mprov:7151:: Provisioning (legacy update) successful.
Apr  6 09:30:23 Ooredoo notice mcpd[5707]: 01071038:5: Unit key read from the hardware.
Apr  6 09:30:23 Ooredoo notice mcpd[5707]: 01071038:5: Loading keys from the file.
Apr  6 09:30:23 Ooredoo err mcpd[5707]: 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure
Apr  6 09:30:23 Ooredoo notice mcpd[5707]: 01071029:5: Symmmetric Unit Key decrypt
Apr  6 09:30:23 Ooredoo notice mcpd[5707]: 01071027:5: Master key OpenSSL error: 5707:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330:
Apr  6 09:30:23 Ooredoo notice mcpd[5707]: 01071038:5: Attempting Master Key migration to new unit key.
Apr  6 09:30:26 Ooredoo notice mcpd[5707]: 01071038:5: Reloading the RSA unit to support config roll forward.
Apr  6 09:30:26 Ooredoo notice mcpd[5707]: 01071038:5: Loading keys from the file.
Apr  6 09:30:27 Ooredoo err mcpd[5707]: 01070356:3: Cookie persistence feature not licensed.
Apr  6 09:30:27 Ooredoo err mcpd[5707]: 01070356:3: Destination address persistence feature not licensed.
Apr  6 09:30:27 Ooredoo err mcpd[5707]: 01070356:3: Universal and hash persistence feature not licensed.
Apr  6 09:30:27 Ooredoo err mcpd[5707]: 01070356:3: MSRDP persistence feature not licensed.
Apr  6 09:30:27 Ooredoo err mcpd[5707]: 01070356:3: SIP persistence feature not licensed.
Apr  6 09:30:27 Ooredoo info mcpd[5707]: 01070356:6: Per-invocation log rate exceeded; throttling.
Apr  6 09:30:27 Ooredoo err mcpd[5707]: 01070356:3: SNAT feature not licensed.
Apr  6 09:30:28 Ooredoo info promptstatusd[4636]: 01460007:6: mcp phase base
Apr  6 09:30:28 Ooredoo info promptstatusd[4636]: 01460007:6: mcp last load status in progress
Apr  6 09:30:28 Ooredoo err tmsh[7155]: 01420006:3: Loading configuration process failed.
Apr  6 09:30:28 Ooredoo err load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all" - failed. -- Loading system configuration...   /defaults/app_template_base.conf   /defaults/config_base.conf   /config/low_profile_base.conf   /defaults/wam_base.conf   /usr/share/monitors/base_monitors.conf   /config/daemon.conf   /config/profile_base.conf   /defaults/fullarmor_gpo_base.conf   /defaults/classification_base.conf Loading configuration...   /config/partitions/CRM/bigip_base.conf   /config/partitions/CRM/bigip.conf   /config/bigip_base.conf   /config/bigip_user.conf   /config/bigip.conf   /config/partitions/DNS/bigip.conf   /config/partitions/HLR/bigip.conf   /config/partitions/HMC/bigip.conf   /config/partitions/LDAP/bigip.conf   /config/partitions/VAS/bigip.conf   /config/partitions/VAS2/bigip.conf 01070356:3: SNAT feature not licensed. Unexpected Error: Loading configuration process failed.
Apr  6 09:30:29 Ooredoo warning mcpd[5707]: 01071423:4: High config load failed during a license reset. Fallback to base load.
Apr  6 09:30:29 Ooredoo info promptstatusd[4636]: 01460007:6: mcp phase platform
Apr  6 09:30:29 Ooredoo info promptstatusd[4636]: 01460007:6: mcp last load status base load in progress
Apr  6 09:30:31 Ooredoo notice mcpd[5707]: 01071038:5: Unit key read from the hardware.
Apr  6 09:30:31 Ooredoo notice mcpd[5707]: 01071038:5: Loading keys from the file.
Apr  6 09:30:31 Ooredoo err mcpd[5707]: 01070307:3: Invalid interface 1.9
Apr  6 09:30:31 Ooredoo info promptstatusd[4636]: 01460007:6: mcp phase platform
Apr  6 09:30:31 Ooredoo info promptstatusd[4636]: 01460007:6: mcp last load status in progress
Apr  6 09:30:31 Ooredoo err tmsh[7192]: 01420006:3: Loading configuration process failed.
Apr  6 09:30:31 Ooredoo err load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all base" - failed. -- Loading system configuration...   /defaults/app_template_base.conf   /defaults/config_base.conf   /config/low_profile_base.conf   /defaults/wam_base.conf Loading configuration...   /config/partitions/CRM/bigip_base.conf   /config/bigip_base.conf   /config/bigip_user.conf 01070307:3: Invalid interface 1.9 Unexpected Error: Loading configuration process failed.
Apr  6 09:30:32 Ooredoo err mcpd[5707]: 01070422:3: Base configuration load failed.
Apr  6 09:30:32 Ooredoo info promptstatusd[4636]: 01460007:6: mcp phase platform
Apr  6 09:30:32 Ooredoo info promptstatusd[4636]: 01460007:6: mcp last load status base failed
Apr  6 09:30:33 Ooredoo info install_ucs.pm: Configuration loading error: base-config-load-failed
Apr  6 09:30:34 Ooredoo err tmsh[4675]: 01110001:3: Error running config install

chris_akker_129 · Answer

OK, it looks like you have multiple issues with this approach.&nbsp;
SSL Certs&nbsp;
Device Certs&nbsp;
Dossier&nbsp;
Licensing&nbsp;
Just to name a few based on all the errors you posted.&nbsp;
I'm going to recommend that you switch gears completely, and try using the Single Configuration File.  The SCF only cares about the big-ip networking and load balancing objects.  This will probably be easier than trying to override the UCS code to force a config load on a different box.  &nbsp;
Give this a look, I think it will be much closer to what you want to do.  support.f5.com, Solution SOL13408:&nbsp;
http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13408.html?sr=36437377&nbsp;
Short of this working, you will probably have to beg F5 Support to help you with config files, and a host of TMSH commands to load/merge config files.&nbsp;
Good Luck !&nbsp;
-Chris.&nbsp;

Forum Discussion

Restore UCS in other BOX BIGIP

5 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

Re: BigIP Report

Getting Started with BIG-IP Next: Backing Up and Restoring Instances

Getting Started with BIG-IP Next: Backing Up and Restoring Central Manager

BigIP Report Old

can we restore the F5 firmware older version from UCS file ?