BIG-IQ CM Release Information

Version: 8.2.0.1
Build: 97.0

Note: This content is current as of the software release date
Updates to bug information occur periodically. For the most up-to-date bug data, see Bug Tracker.

Known Issues in BIG-IQ CM v8.2.x

Functional Change Fixes

None

Cumulative fix details for BIG-IQ CM v8.2.0.1 that are included in this release

Known Issues in BIG-IQ CM v8.2.x


BIG-IQ System User Interface Issues

AppIQ Issues

BIG-IQ SSL Orchestrator Issues

REST Framework and TMOS Platform Issues

Known Issue details for BIG-IQ CM v8.2.x

1161365 : BIG-IQ cannot import services for BIG-IP device's running SSLO v9.1 with L2 Inbound topology

Component: BIG-IQ SSL Orchestrator

Symptoms:
While importing a BIG-IP device with SSLO v9.1 and with L2 Inbound Topology, import fails with an error similar to: "com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at path $.iRulesList[0]"

Conditions:
This issue is found while importing the SSLO service v9.1 BIG-IQ.

Impact:
BIGIQ SSLO import fails with error "com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at path $.iRulesList[0]"

1161249 : SSL config mapping is missing in Topology in BIG-IQ after upgrading BIG-IP SSLO

Component: BIG-IQ SSL Orchestrator

Symptoms:
After upgrading SSLO from v8.0.0.1 to v9.3 version or from v9.0 to v9.3, the SSL Configuration screen in the Topology is showing a message saying 'Non-SSL Orchestrator managed SSL settings have been selected. Please go to Local Traffic >> Profiles >> SSL to manage the SSL Profiles directly.'

When we re-add the BIG-IP device to BIG-IQ after upgrading SSLO, in the Configuration > SSL Orchestrator > Topologies Grid when we open an existing topology here the SSL Configurations are shown in the flow.

Conditions:
This error is seen only after upgrading of BIG-IP SSLO to 9.3 and later.

Impact:
After upgrading of BIG-IP SSLO, while we re-add the device to BIGIQ, SSL Configurations are missing in Topology grid screen in BIG-IQ.

Workaround:
Steps for Workaround:
1. Select the Virtuals which contains the copy-ssloT* ssl profiles.
2. Removed the copy-ssloT profiles and attach the correct ssl profiles from the list.
3. Update the Virtual
4. Removed the copy-ssloT profiles as mentioned below.
[root@localhost:Active:Standalone] restnoded # tmsh delete ltm profile client-ssl copy-ssloT*
These following objects will be deleted:
  /Common/
  /Common/
  /Common/
Are you sure you want to delete these items (y/n)? y
[root@localhost:Active:Standalone] restnoded # tmsh delete ltm profile server-ssl copy-ssloT*
These following objects will be deleted:
  /Common/
  /Common/
  /Common/
Are you sure you want to delete these items (y/n)? y

5. If we try to execute step 4 directly without executing steps from 1-3. Will land into below error.

[root@localhost:Active:Standalone] restnoded # tmsh delete ltm profile client-ssl copy-ssloT*
These following objects will be deleted:
  /Common/
  /Common/
  /Common/
Are you sure you want to delete these items (y/n)? y
01070265:3: The ClientSSL Profile (/Common/copy-ssloT_test3-cssl-vhf) cannot be deleted because it is in use by a virtual server profile (/Common/sslo_test3.app/sslo_test3-in-t-4 /Common/copy-ssloT_test3-cssl-vhf).

1160961 : Unable to add a BIG-IP device to BIG-IQ after upgrading it to SSLO from 9.0

Component: BIG-IQ SSL Orchestrator

Symptoms:
After upgrading a BIG-IP device from SSLO 9.0 and attempting to re-add that device to BIG-IQ, BIG-IQ returns an error similar to the following:‘com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_ARRAY but was STRING at path $.sslSettingReference’.

This is because of a type mismatch of ‘sslSettingReference’ field in ‘Existing Application’ topology type.

Conditions:
This error is seen only after an upgrade of BIG-IP SSLO from versions before 9.0 to 9.3 and later.

Impact:
After upgrading BIG-IP SSLO and re-adding the device to BIG-IQ, import fails for the SSLO service.

Workaround:
Remove the BIG-IP device completely from BIG-IQ if already added.

Do a GET for the endpoint https://<big-ip-address>/mgmt/shared/iapp/blocks using 'BASIC AUTH' credentials.

Under Items list look for "f5-ssl-orchestrator-topology" block with name referring to ‘Existing Application’ topology type and copy the Block ID and the entire ‘inputProperties’ array under this block.

Body should be in this format { inputproperties: [ <COPY the entire inputProperties block copied in Step 2> ] }.

Change the ‘sslSettingReference’ field value to empty list ‘[]’ instead of empty string (“”).

Do a PATCH request to endpoint https://<big-ip-address>/mgmt/shared/iapp/blocks/{id} with body after modification from above step.

Add the BIG-IP device again to BIG-IQ and import its services.

1123789-1 : Unable to change password from the User Preferences screen

Links to More Info: BT1123789

Component: BIG-IQ System User Interface

Symptoms:
After changing a password from the User Preferences screen, the change is not applied.

Conditions:
Change password from the User Preferences screen on BIG-IQ version 7.1.0.3 and later.

Impact:
User is unable to change their password from the User Preferences screen.

Workaround:
The BIG-IQ admin must change the user's password from the User screen.

1117597-1 : Appiq logs not found after upgrade to BIG-IQ version 8.2.0★

Links to More Info: BT1117597

Component: AppIQ

Symptoms:
After upgrading to BIG-IQ version 8.2.0, the following log files are no longer updated or added in/var/log/appiq:

*configserver.log
*queryservice.log
*postaggregator.log
*agentmanager.log

Conditions:
After upgrading to BIG-IQ version 8.2.0.

Impact:
Non-existent or outdated configserver.log, queryservice.log, postaggregator.log in CM and Non-existent or outdated agentmanager.log in DCD under /var/log/appiq

Workaround:
1. Go to the F5 Downloads portal(https://downloads.f5.com/esd/index.jsp).
2. Select Find a Download > BIG-IQ Centralized Management > 8.2.0 > Utilities.
3. Download the AppiqLogsWorkaroundID1117597.tar.gz file and transfer the AppiqLogsWorkaroundID1117597.tar.gz to /shared/tmp/ folder of BIG-IQ CM and DCD.
4. Extract the AppiqLogsWorkaroundID1117597.tar.gz on BIG-IQ CM and DCD and update the permissions.
a. cd /shared/tmp/
b. tar -xzvf AppiqLogsWorkaroundID1117597.tar.gz
c. chmod 644 agentmanager_log4j2.xml configserver_log4j2.xml queryservice_log4j2.xml postaggregator_log4j2.xml
5. Replace the files on BIG-IQ CM and DCD:
a. yes | cp /shared/tmp/agentmanager_log4j2.xml /var/config/appiq/agentmanager/config/log4j2.xml
b. yes | cp /shared/tmp/configserver_log4j2.xml /var/config/appiq/configserver/config/log4j2.xml
c. yes | cp /shared/tmp/queryservice_log4j2.xml /var/config/appiq/queryservice/config/log4j2.xml
d. yes | cp /shared/tmp/postaggregator_log4j2.xml /var/config/appiq/postaggregator/config/log4j2.xml
6. Restart restjavad for the configurations to take effect on BIG-IQ CM and DCD:
a. tmsh restart sys service restjavad
7. Once restarted confirm if the below logs are generated in /var/log/appiq/
a. For BIG-IQ CM:
i. configserver.log
ii. queryservice.log
iii. postaggregator.log
b. For BIG-IQ DCD:
i. agentmanager.log

1100377 : Removing SSLO configuration managed BIG-IP devices doesn't delete all configurations from BIG-IQ

Links to More Info: BT1100377

Component: BIG-IQ SSL Orchestrator

Symptoms:
When deleting SSLO configurations from BIG-IQ for managed BIG-IP devices in a high availability configuration, the configurations persist.

Conditions:
Navigate to Configuration > SSL ORCHESTRATOR > Devices and select BIG-IP devices in an HA configuration, and click the Remove SSLO Configuration button.

Impact:
Configurations are not deleted on BIG-IQ, but they are deleted from the BIG-IP devices.

Workaround:
Attempt to 'Remove SSLO Configurations' once again for BIG-IP devices still showing configurations on BIG-IQ.

1094089 : Remove SSLO Configuration Button is still displaying after removing a BIG-IP device's SSLO configuration

Links to More Info: BT1094089

Component: BIG-IQ SSL Orchestrator

Symptoms:
If you select a BIG-IP device with SSLO configured and remove the SSLO configuration, the remove SSLO Configuration button still displays.

Conditions:
'Remove SSLO Configuration' button is not greyed out after BIG-IP SSLO Configuration is removed.

Impact:
No functional impact.

Workaround:
NA

1016221-1 : Error 400 when associating a default resource group for a user

Links to More Info: BT1016221

Component: REST Framework and TMOS Platform

Symptoms:
When associating a default resource group for a user, BIG-IQ returns the following error:

"The system returned an unexpected error (400 Bad Request)

Conditions:
Log in to BIG-IQ, click on the active username at the top of the screen, and select 'Resource Groups'. This active user can select/save a default 'target Resource Group' for objects. If there are multiple resource groups associated with the active user, you might see multiple resource group options or just one. Select an option and save it. BIG-IQ returns an error.

Impact:
Users will not be able to save the default target resource group for dynamic objects

Workaround:
None.

★ This issue may cause the configuration to fail to load or may significantly impact system performance after upgrade