Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Migrate same Configuration from Big IP 4000 Device into BIG IP2000 Device

Dear Team,

We have Big IP 4000 Device which having running firmware version BIGIP-12.1.2.0.0.249 In destination device 2000 firmware version is running BIGIP 11.X

So please suggest us if we need to do same firmware with same configuration from BIGip 4000 device to BIGIP 2000 device what is the easiest process to do this .

And for firmware we need direct format procedure becuase in BIGIP 2000 firmware is old so direct we can do with 12.1.2.0.0 .

Thanks in advance

Regards, Harmesh Yadav

0
Rate this Question
Comments on this Question
Comment made 1 week ago by Dojs 110

Hi harmesh,

you need to transport with your configuration, the master key. Without it you wont take successfull on your migration.

https://securityguy225.wordpress.com/2016/11/11/how-to-migrate-all-configuration-from-2-different-f5-appliance/

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

First of you must be in the same version so Upgrade your 2000 to the same version (BIGIP-12.1.2.0.0.249).

Then when you import configuration don't fotget to use the following command:

tmsh load sys ucs [ucs file name] no-platform-check

https://support.f5.com/csp/article/K14906

I thing it's because of configuration don't match (hardware that you have your error): mcpd...

regards

0
Comments on this Answer
Comment made 1 week ago by harmesh_88 1

Dear Team ,

Thanks for your suggestion we have upgraded device with new Firmware which is same as source deviec

but we are getting issue for license

ec 31 20:18:21 localhost emerg mcpd[6191]: 01070608:0: License is not operational (expired or digital signature does not match contents). Dec 31 20:28:21 bigip1 emerg mcpd[6191]: 0107070e:0: Software version not covered by service agreement. Reactivate license before continuing. Dec 31 20:28:21 bigip1 emerg mcpd[6191]: 01070608:0: License is not operational (expired or digital signature does not match contents). Dec 31 20:38:21 bigip1 emerg mcpd[6191]: 0107070e:0: Software version not covered by service agreement. Reactivate license before continuing. Dec 31 20:38:21 bigip1 emerg mcpd[6191]: 01070608:0: License is not operational (expired or digital signature does not match contents). Dec 31 20:48:21 bigip1 emerg mcpd[6191]: 0107070e:0: Software version not covered by service agreement. Reactivate license before continuing. Dec 31 20:48:21 bigip1 emerg mcpd[6191]: 01070608:0: License is not operational (expired or digital signature does not match contents).

0
Comment made 1 week ago by boneyard 5627

a quick google shows you that you have "Reactivate license before continuing".

you do have an active service contract on the unit right?

more is explained here: https://support.f5.com/csp/article/K52240358

i would go back to old version and reactive there, try again

but you can also try to license again like this: https://support.f5.com/csp/article/K7752

0
Comment made 1 week ago by youssef 4067

Hi,

In fat you should have to not restore license from old backup.

You have restore 4000 license on 2000...

You should use no-license:

tmsh load sys ucs [ucs file name] no-platform-check no-license

Keep me in touch.

regards

0
Comment made 1 week ago by harmesh_88 1

Dear Team,

Actually We are using this device is for temporary movement of Datacentre , actual 4000 device is in datacentre , so that device we will remove and will send to new datacentre and 2000 device which we will use temporary time till 4000 device will be live in new datacentre

SO , Please suggest in this case what should we do ?

Regards, Harmesh Yadav

0
Comment made 1 week ago by harmesh_88 1

I am getting error like "valid service contract is require to complete installation" .

So, Without Licence deviec will work or i have to install licence before restore config?

Also i want to know that as suggested by you we can add directly backup file by entering command , so can you tell me how can i copy that backup file into device to enter load commad.

tmsh load sys ucs [ucs file name] no-platform-check no-license

Beucase in GUi i am getting error for license and i could not add archive(backup file) from gui

Regards, harmesh Yadav

0
Comment made 1 week ago by youssef 4067

First of you have to install valid license.

Then restore configuration, but don't forget to set no-license in order to not restore license that is set in the backup.

So once you activate license, upload backup then from cli enter command:

tmsh load sys ucs [ucs file name] no-platform-check no-license

0
Comment made 5 days ago by harmesh_88 1

Dear Team I am getting error when restore configuration

find below error

Installing configuration... Post-processing... usermod: no changes Reloading License and configuration - this may take a few minutes... Apr 19 06:59:52 bigip1 emerg load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all " - failed. -- 01071769:3: Decryption of the field (secret) for object (/Common/system-auth) failed. Unexpected Error: Loading configuration process failed. Apr 19 07:00:18 BIGIP01 emerg load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all " - failed. -- 01071769:3: Decryption of the field (secret) for object (/Common/system-auth) failed. Unexpected Error: Loading configuration process failed. Configuration loading error: base-config-load-failed For additional details, please see messages in /var/log/ltm

WARNING: There were one or more errors detected during installation. Check the error messages and take the proper actions if needed. ERROR: UCS installation failed. Operation aborted. Unexpected Error: UCS loading process failed.

Please reply early if possible i am at customer end

Regards, Harmesh Yadav

0
Comment made 5 days ago by harmesh_88 1

Dear Team Thanks For your Help ,

We did configuration same like present device with success.

WE got license after license activation we have initiated command for restore config, we got error becuase of Master key mismatch

We have followed below artical https://support.f5.com/csp/article/K9420#proc2

Section :- You don't know the BIG-IP system master key password or passphrase but have access to the original BIG-IP system

After following this proecess restore backup successfully and saved configuration

Final command entered :- tmsh load sys ucs [ucs file name] no-platform-check no-license

Regards, Harmesh Yadav

Thank You so much for your help

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

same firmware is best, so upgrade the 2000s unit to 12. as you will overwrite the configuration later on it shouldn't be that difficult. you might want to do factory reset first so there is no configuration that can bother the upgrade.

see for factory reset: https://support.f5.com/csp/article/K13127

a restore of the 4000s UCS archive is the first thing to try afterwards, with the no-platform and no-license flags.

for those flags see: https://support.f5.com/csp/article/K14906

0
Comments on this Answer
Comment made 1 week ago by harmesh_88 1

Dear Team ,

I am recived below error

Unexpected Error: MCP must be in the running phase to reset the trust domain. Examine the output of tmsh show sys mcp-state for failures.

0
Comment made 1 week ago by youssef 4067

Hi,

Can you run the following command using CLI:

tmsh load sys config default

Give me output if config don't load.

regards,

0
Comment made 1 week ago by harmesh_88 1
  • [root@lab:Active] config # tmsh
  • root@(lab)(cfg-sync Standalone)(Active)(/Common)(tmos)# load /sys config default
  • Reset the system configuration to factory defaults? (y/n) y
  • Loading system configuration...
  • /defaults/app_template_base.conf
  • /defaults/config_base.conf
  • /config/low_profile_base.conf
  • /defaults/wam_base.conf
  • /usr/share/monitors/base_monitors.conf
  • /config/daemon.conf
  • /config/profile_base.conf
  • /defaults/fullarmor_gpo_base.conf
  • /defaults/classification_base.conf
  • /usr/share/monitors/gtm_base_monitors.conf
  • /usr/local/gtm/include/gtm_base_region_isp.conf
  • Loading configuration...
  • /defaults/defaults.scf
  • Resetting trust domain...
  • Unexpected Error: MCP must be in the running phase to reset the trust domain. Examine the output of tmsh show sys mcp-state for failures.
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)#
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# save /sys config partitions all
  • Unexpected Error: Configuration cannot be saved unless mcpd is in the running phase. Save was canceled. See "show sys mcp" and "show sys service". If "show sys service" indicates that mcpd is in the run state, but "show sys mcp" is not in phase running, issue the command "load sys config" to further diagnose the problem.
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# cp /usr/share/defaults/fs/var/named/config/named.conf.rpmbackup /var/named/config/named.conf
  • Syntax Error: "/usr/share/defaults/fs/var/named/config/named.conf.rpmbackup" unexpected argument
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# rm /config/gtm/server.crt
  • Syntax Error: unexpected argument "rm"
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# tmsh load sys config
  • Syntax Error: unexpected argument "tmsh"
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# tmsh show sys mcp-state
  • Syntax Error: unexpected argument "tmsh"
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# exit
  • Use "quit" to end the current session
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# exit
  • Use "quit" to end the current session
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# exit
  • Use "quit" to end the current session
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# exit
  • Use "quit" to end the current session
  • root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)#
  • [1]+ Stopped tmsh
  • [root@localhost:Active] config # tmsh show sys mcp-state
  • --------------------------------------------------------
  • Sys::mcpd State:
  • --------------------------------------------------------
  • Running Phase base
  • Last Configuration Load Status base-config-load-succeed
0