Manual Chapter : Preventing BIG-IP configuration load issues

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.0.0, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP DNS

  • 17.0.0, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

Preventing BIG-IP configuration load issues

Whenever you acquire a new or replacement BIG-IP system, a common way to configure the system is to restore a UCS archive that you created earlier on another BIG-IP system.
If the archive that you restore on the new system contains encrypted passwords or passphrases for securing BIG-IP configuration objects, the new system must decrypt those passwords or passphrases before it can load the restored BIG-IP configuration successfully (using the
tmsh load sys config
command).
To do this decryption, the new system attempts to use the same master key that was initially used to encrypt the passwords and passphrases. If the master key that you use on the new system to decrypt passwords and passphrases on BIG-IP objects is not the same master key that was used for the encryption, the system generates load errors, and the load operation fails.
Fortunately, there are measures that you can take to prevent load failures caused by master key issues. The preventative measure you choose depends on whether or not you have the master key that was initially used to encrypt the passwords or passphrases for the BIG-IP configuration objects.