Forum Discussion

jmanya_44531's avatar
jmanya_44531
Icon for Nimbostratus rankNimbostratus
Feb 20, 2014

GTM Sync Issue

Hello friends,

 

Hope you could help me with this issue.

 

I have a F5 HA pair system with two BIG IP 4000s which are running LTM+GTM. Unfortunately, I have realized that new configuration changes on the Active are not being replicated to the StandBy. I have performed the troubleshooting tasks listed here support.f5.com/kb/en-us/solutions/public/13000/600/sol13690.html and everything seems to be fine.

 

Besides the GTM configuration synchronization issue, the server objects and the links are marked in "red" in the StandBy unit. It could be a sign in order to find out why ths conf is not being replicated.

 

The gtm logs tell this:

 

Feb 11 04:03:39 F5-1 notice gtmd[7084]: 011a001d:5: SYNC loading from: xxx.xxx.xxx.xxx
Feb 11 04:03:39 F5-1 notice gtmd[7084]: 011a0046:5: SYNC_ZONES attempting to sync from xxx.xxx.xxx.xxx
Feb 11 04:03:39 F5-1 notice zrd[6674]: 01150a42:5: Sync Zones starting from ip 'xxx.xxx.xxx.xxx' with timeout '300'.
Feb 11 04:03:39 F5-1 Connection to ::ffff:xxx.xxx.xxx.xxx:4353 failed: Connection refused
Feb 11 04:03:39 F5-1 err gtmd[7084]: 011a0005:3: hookOnChild: SYNC syncer exited with error code 255
Feb 11 04:03:39 F5-1 err zrd[6674]: 01150a39:3: Sync Zones pid:27604 exited with error 255
Feb 11 04:03:39 F5-1 notice gtmd[7084]: 011a0047:5: SYNC_ZONES completed from xxx.xxx.xxx.xxx

I have read this https://devcentral.f5.com/questions/gtm-not-synchronizing but it is kind of old.

 

Hope you could support me this thi

 

APM
application delivery
deployment
management
performance
security
TMSH

5 Replies

Sort By
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Feb 20, 2014

    Connection refused from the peer could be several things. Are there any devices between these two BIG-IP appliances that could be filtering the communications, like a firewall?

     

  • jmanya_44531's avatar
    jmanya_44531
    Icon for Nimbostratus rankNimbostratus
    Feb 20, 2014

    Hello Cory,

     

    Lot of thanks for your answer.

     

    There are no devices between the F5 boxes. Indeed, I have a dedicated VLAN and ports for HA. In other words, I separated the interfaces number 1.8 on each device to connect a cable and I created a VLAN_Sync which was considered in the HA configuration.

     

    I will appreciate any idea you could share.

     

    Thanks

     

    George

     

    • John_Heyer_1508's avatar
      John_Heyer_1508
      Icon for Cirrostratus rankCirrostratus
      Aug 19, 2017

      I've found the magic solution to most sync issues caused by certificate trust problems is re-running bigip_add on both units. It's step 4 on this post:

       

      Enabling Config Syncing on BigIP GTMs

       

      I had already imported certificates via the GUI but for whatever reason kept seeing sync problems until I did bigip_add

       

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Feb 20, 2014

    So it sounds like your standby unit may not be trusting your primary. Under System -> Configuration -> Global Traffic -> General, is your synchronization group name the same on both units?

     

    Also, when you perform a 'netstat -an' on your standby unit, is it listening on 4353?

     

  • smp_86112's avatar
    smp_86112
    Icon for Cirrostratus rankCirrostratus
    Feb 20, 2014

    You didn't mention what version you are running, but in v10 I would start by testing "iqdump (peer name/address)". That should tell you if the certificate exchange is OK.