MCP Full configuration load failed.

Question

My F5 running on AWS has twice failed in 2 weeks. the system seems to be unresponsive and after rebooting, each time when I tried to login back to check things up, the browser just show "Configuration utility restarting..."&nbsp;
I'm able to login via ssh and the only log that I can see related to this issue is this:&nbsp;
err mcpd[5567]: 01070151:3: Rule [/Common/] error: Unable to find profile_dos (/Common/) referenced at line 13: [DOSL7::enable "/Common/"]
err mcpd[5567]: 01070425:3: Full configuration load failed.&nbsp;
Have been scratching my head for this two weeks on why this happened (F5 suddenly stop working) and afterwards failed to load the config after restarting services or rebooting.&nbsp;
What I have done to resume F5 operation was editing the /config/bigip.conf file by commenting out all those line in iRule with DOSL7::enable. The system then boot up successfully in which then I enable back the iRule lines.&nbsp;

iamczar_12961 · Answer

A workaround is possible by changing the order of the objects in the saved config file before loading it.However, every time another config save is issued, the file is rewritten with the original order. So, after every save, or before every load, the order should be changed. 
For example, after running "tmsh save sys config":
1. Edit the file /config/bigip.conf
2. Locate the DOS profile in use by the iRule, for example:
security dos profile /Common/dos1 {
...
}
3. Move this block of the DOS profile before the iRule.
That is, before the block of:
ltm rule /Common/dosrule {
...
}

Then running "tmsh load sys config" will succeed.

Manually editing the config and moving the iRule block after the DoS L7 profile block will allow the config to load.  However, any configuration save will revert the order.  Additionally, F5 does not recommend manually editing config files unless the need is urgent.

iamczar_12961 · Answer

A workaround is possible by changing the order of the objects in the saved config file before loading it.However, every time another config save is issued, the file is rewritten with the original order. So, after every save, or before every load, the order should be changed. 
For example, after running "tmsh save sys config":
1. Edit the file /config/bigip.conf
2. Locate the DOS profile in use by the iRule, for example:
security dos profile /Common/dos1 {
...
}
3. Move this block of the DOS profile before the iRule.
That is, before the block of:
ltm rule /Common/dosrule {
...
}

Then running "tmsh load sys config" will succeed.

Manually editing the config and moving the iRule block after the DoS L7 profile block will allow the config to load.  However, any configuration save will revert the order.  Additionally, F5 does not recommend manually editing config files unless the need is urgent.

steve_laffan_11 · Answer

What version of code are you running and what licensing?&nbsp;

patrick_albane_ · Answer

Thanks for the explanation. Is this a known behaviour? I fully understand that we should not meddle with the config file manually as human error is inevitable. I do wonder if F5 will release a fix so that iRule section will be written last all the time by the save command either via tmsh or from the configuration utility.

patrick_albane_ · Answer

I have the F5 instance launched from AWS marketplace. It is running 11.6.0 build 6.0.442 (with HF6). It is perpetual production license with active module "APM, Base, VE GBB" &amp; "Best, Marketplace, 25Mbps Hourly".

Forum Discussion

MCP Full configuration load failed.

8 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

fastl4 vs full-acceleration

Application tunnel Failed to download configuration

Certificate Expiry Email alert configuration

Re activate license failed

APM Full Step Up Authentication