No sync - F5 cluster (active/passive) 2 nodes

Question

Hi,&nbsp;
We meet a problem with F5 BIG-IP 5250v cluster.&nbsp;
Actually, we have 2 nodes (active/passive) and a Virtual-IP to access at this cluster. The VIP address redirect all requests to node 1 (active).&nbsp;
Recently, a modification has been realized on a passive node (node2), and now, it's impossible to synchronize the node1 to node2.&nbsp;
The modification has : (on common partition)&nbsp;
A local user has been added on node1 and node2 (not use the VIP)This same local user has been deleted on node2 and node1 (not use the VIP)
Error message :&nbsp;
Status: Sync FailedSummary: A validation error occurred while syncing to a remote deviceDetails:Sync error on node01: Load failed from node02 01070821:3: User Restriction Error: Once configured for specific partition(s), user cannot have [all].Recommended action: Review the error message and determine corrective action on the device
How to resolve this issue ?&nbsp;
Thanks for answers.&nbsp;
Regards,&nbsp;
jdekren&nbsp;

patrik_jonsson · Answer

Sounds like a configuration issue. Have you tried to delete the user on the other node?&nbsp;
Modify/add/delete the user as you want it on node 2Delete it on node 1Synchronize config from node 2 to node 1 (force overwrite).
/Patrik&nbsp;

patrik_jonsson · Answer

Then, if you've done a recursive grep and checked that the user does not exist in the peer node AND that the user does not exist in two places on the current node an MCPD reload might do the trick:
Log in to the command line of the peer.Create a null file in the /service/mcpd directory, with the filename forceload, by typing the following command: touch /service/mcpd/forceloadReboot the BIG-IP system by typing the following command: reboot
/Patrik

jdekren_303800 · Answer

I'm not sure, but I think that it's the latest version. 
Support information : "Unfortunately the bug has not yet been fix in a newer code release but there is a workaround."&nbsp;
Regards,&nbsp;
jdekren&nbsp;

kevin_o__39_nei · Answer

I don't have an answer but I have another question.  The workaround is "To resolve this issue, we need to change the authentication method on the active system to "Local" and retry the config sync operation."&nbsp;
If one currently has the auth. method as "Remote - Active Directory" and one changes to "Local", will one lose the "Remote - Active Directory" information, and have to input all the Remote Role Groups again?  Or can one change from Remote-AD to Local and back to Remote-AD without losing the configuration.  Thanks.  --Kevin O'Neil&nbsp;

Forum Discussion

No sync - F5 cluster (active/passive) 2 nodes

4 Replies

Recent Discussions

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

Related Content

Especial Load Balancing Active-Passive Scenario (I)

Especial Load Balancing Active-Passive Scenario (II)

BigIP 12.0 Active-Active cluster vs Active-Passive cluster

F5 BIG-IP per application Red Hat OpenShift cluster migrations

F5 BIG-IP deployment with OpenShift - multi-cluster architectures