master_decrypt failed during rekey

Question

Hello, 
I am trying to establish a two node active/standby LTM cluster using version 11.4.1.
However I am seeing some errors that I think prevents me from completing the initial configuration sync.
The device trust setup works fine. I do it on both units.
The creation of the sync-failover device group (with network failover) works fine.
It is when I attempt the initial configuration sync that problems arise, but only on one of the units.
notice mcpd[6958]: 01071038:5: Unit key read from the hardware.
notice mcpd[6958]: 01071029:5: master_decrypt failed during rekey
err mcpd[6958]: 01071488:3: Remote transaction for device group /Common/device_trust_group to commit id 24 6130474308801407933 /Common/unit1.internal 0 failed with error 01071029:5: master_decrypt failed during rekey.

ossar_178453 · Answer

Ok, fiddled a bit with it and apparently this is what was malfunctioning.&nbsp;
The unit with the failed rekey had been a part of another cluster previously, but was reset to default by means of "tmsh load sys config default". However the master key still remains apparently.&nbsp;
This caused it to refuse to join any new sync-failover relationships and also any attempts to reset the master key to something else, with the same error message btw.&nbsp;
The solution to this, the inability to reset the master key, was solved by removing all the configuration regarding user AD/LDAP authentication and reloading the config. Then resetting the master key to the same as the other new working unit and thereafter config syncing to to malfunctioning unit by normal means.&nbsp;
The remaining question is though. Is this as intended? Do you need to know that you must reset the master key after you remove a unit from a previous trust relationship? Also, the inability to rekey it without removing any traces of authentication from the config seems like a bug.&nbsp;

stephanmanthey · Answer

Haven´t seen this behavior yet. But thanks for sharing your findings! +1 :)

Forum Discussion

master_decrypt failed during rekey

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Ansible Error: An exception occurred during task execution

Phishing During a Pandemic

Prevent BIG-IP Edge Client VPN Driver to roll back (or forward) during PPP/RAS errors

F5 Supporting Our Technical Community During the COVID-19 Outbreak

BigIP F5 LTM fails during Load testing