configuration not yet loaded...

Question

In light of a recent security scan that brought to our attention the week ciphers and such on the F5 self-ip addresses it was decided to take the recommendation of setting the port lock down settings to allow-none. With a 2 node active/passive cluster I performed the port lock down on the active node first by doing the following. Click on all self-ip addresses (floating/non-floating) and set the port lock down setting to allow-none. I then performed a sync-to-group where everything sync'ed up just fine. I then let this sit for a few days to ensure we had no production problems with the configuration. I then did the same process on the standby node, port lock down on all sefl-ip then sync'ed-to-group.&nbsp;
When I did this on the passive node shortly after I started receiving a banner across the the top telling me "The configuration has not yet loaded. If this message persists, it may indicate a configuration problem.". Did I do something wrong here? I'm almost positive that it's a security best practice from F5 to enable these settings on the self-ip addresses.&nbsp;

nathe · Answer

Nathan - what happens if you load "tmsh load sys config" on the Standby - does this give you any more info as to why the config isn't loading?&nbsp;

nathan_vitiritt · Answer

I get the following when running "tmsh load sys config" on the standby unit:&nbsp;
Loading system configuration...
  /defaults/asm_base.conf
  /defaults/config_base.conf
  /defaults/low_profile_base.conf
  /defaults/policy_base.conf
  /defaults/wam_base.conf
  /defaults/analytics_base.conf
  /defaults/apm_saml_base.conf
  /defaults/app_template_base.conf
  /defaults/classification_base.conf
  /defaults/daemon.conf
  /defaults/fullarmor_gpo_base.conf
  /defaults/profile_base.conf
  /defaults/sandbox_base.conf
  /defaults/security_base.conf
  /usr/share/monitors/base_monitors.conf
Loading configuration...
  /config/bigip_base.conf
  /config/bigip_user.conf
  /config/bigip.conf
  /config/bigip_script.conf
01070712:3: _identify_jobs_todo:(/Common/.generic.com-20140214.crt) :Failed: name (/Common/.generic.com-20140214.crt) No copy in trash-bin                             to restore from. - sys/validation/FileObject.cpp, line 3064&nbsp;

nitass · Answer

is this relevant?

sol12812: The Configuration utility and tmsh incorrectly allow profile names that begin with a non-alphabetic character  
https://support.f5.com/kb/en-us/solutions/public/12000/800/sol12812.html

nathan_vitiritt · Answer

We are running 11.4.1 so from the article this doesn't apply.

nathe · Answer

that's  a new one on me. Anything else in /var/log/ltm? does the crt file exist on your bigip, or that active? hopefully some other DCer might have seen this. Have you got a recent UCS you can restore and then see if configsync works?

Forum Discussion

configuration not yet loaded...

7 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Related Content

Solution for delayed BIG-IP page load of the Configuration utility

Re: NGINX for Azure: Load Balancing

Certificate Expiry Email alert configuration

Deploying F5 BIG-IP with Azure Cross-region load balancer

NGINX Load balancing feature