High Availability configsync error

install_authority_trust: Exception caught in Management::urn:iControl:Management/Trust::install_authority_trust() Exception: Common::OperationFailed primary_error_code : 16908289 (0x01020001) secondary_error_code : 0 error_string : Trust daemon returned an error: 0107146f:3: Self-device config sync address cannot reference the non-existent Self IP (1.1.1.1); Create it in the /Common folder first.

Above is the error I encountered. On my setup, we are using port 1.8 for high availability.

so on first device, i created vlan "vlan_ha" where 1.8 is untagged, then created a self ip of 1.1.1.1 using this vlan and "allowed default" port lockdown and "traffice group local-only".

on second device, i created vlan "vlan_ha" where 1.8 is untagged, then created a self ip of 1.1.1.2 using this vlan and "allowed default" port lockdown and "traffice group local-only".

then i configure configsync using 1.1.1.1 on first device and 1.1.1.2 for the second device. Same with failover network -> failover unicast with 1.1.1.1 port 1026 on first device and 1.1.1.2 port 1026 on second device.

then i go to device trust, reset device trust and generate new self-signed authority, this is done for both device and on first device i configure peer list: device ip: 1.1.1.2 admin username: admin password: *****

then retrieve device, then i can see the details of the peer device but when i update, the error above is what get.

The setup is a direct cable connection from both device for HA. Can anyone suggest or help me with this, I am a newbie on using F5. Thanks.

25 Replies

NikhilB
Employee
Jan 22, 2015
Are both devices reachable between each other?

NTP configured?
Allanwynn_16283
Nimbostratus
Jan 23, 2015
There is no ntp configured, but i assure they are using same time and timezone. Yes they are both reachable between each other.
Allanwynn_16283
Nimbostratus
Jan 23, 2015
There is no ntp configured, but i assure they are using same time and timezone. Yes they are both reachable between each other.
LyonsG_85618
Cirrostratus
Jan 23, 2015
Can you ping first device from second device (and vice versa)?

Have you ensured network failover option is still configured properly (i had problems with this disappearing when i reset device trust)
Allanwynn_16283
Nimbostratus
Jan 23, 2015
Yes I can ping each other. How can i say network failover is still configured properly,, but based on my post, my procedures are correct sir?
LyonsG_85618
Cirrostratus
Jan 23, 2015
Just reading your post again

Self-device config sync address cannot reference the non-existent Self IP (1.1.1.1); Create it in the /Common folder first.

Can you confirm Self IP is in common partition?
- Rodrigo_Mori_13
  Cirrus
  Mar 09, 2016
  I have the same problem. As it has been resolved?
Kash_118367
Nimbostratus
Mar 09, 2016
What code version are your F5s running on?
- Rodrigo_Mori_13
  Cirrus
  Mar 10, 2016
  11.6
- Kash_118367
  Nimbostratus
  Mar 14, 2016
  I would try to re-create the self-ip for that you can follow these steps: 1. On GUI: Device Management --> Devices --> Cick on "Self" device --> Device Connectivity --> Network Failover --> Delete the unicast address (1.1.1.1 in your case). 2. Delete Self IP 1.1.1.1 from GUI: Network --> Self IP --> Select 1.1.1.1 --> Delete. 3. Re-create Self IP 1.1.1.1 fro GUI (make sure you are in "Common" partition --> Network --> Self IP --> Create 4. On GUI: Device Management --> Devices --> Cick on "Self" device --> Device Connectivity --> Network Failover --> Create the unicast address. Follow same steps on F502.
- Rodrigo_Mori_13
  Cirrus
  Mar 14, 2016
  I am creating a step by step how I'm doing the HA to see where the error may be
Rodrigo_Mori_13
Cirrus
May 18, 2016
Good afternoon

The problem was solved

It was necessary to change the interfaces manage the boxes, leaving distinct networks. After this procedure it was possible to make the HA.

Thank you all.
- OhHwanYoung_297
  Nimbostratus
  Feb 21, 2017
  what does 'interfaces manage the boxes' means??