Applies To:

Show Versions Show Versions

Supplemental Document: Log Messages Reference

Original Publication Date: 07/18/2018



Log Messages List



ID Number Description
00020000 Resuming log processing at this invocation; held %d messages.
01010001 %s starting
01010004 Memory allocation failed: %s
01010007 "Config error: %s"
01010011 Persistence cookie hash failed
01010013 database size increased by %d bytes, %d total
01010019 Caught signal %d, exiting
01010020 MCP Connection %s, exiting
01010027 Unable to attach to PCI device %02x:%02x.%02x
01010028 No members available for pool %s
01010029 Clock advanced by %u ticks
01010038 Syncookie counter %d exceeded vip threshold %u for virtual = %A:%d
01010040 Clock has unexpectedly adjusted by %lld ms
01010044 "%s feature %s licensed"
01010045 Bandwidth utilization is %d Mbps, exceeded %d%% of Licensed %d Mbps
01010054 tmrouted connection %s
01010201 Inet port exhaustion on %*A to %*A%c%d (proto %d)
01010213 L3 Address LB method deprecated; using 'Least Connections' for pool %s
01010216 DNSSEC: Signature failed (%s) for RRSET (%s, %lu) with key %s, generation %llu.
01010221 Pool %s now has available members
01010225 Failure to query dns-express db (%s)
01010231 DNSSEC: Did not add RRSIGs to response RR set (owner: %s).
01010235 Inet port find called for pg %d with invalid cmp state %x
01010239 LSN error: %s
01010240 Syncookie HW mode activated, server = %A:%d, HSB modId = %d
01010241 Syncookie HW mode exited, server = %A:%d, HSB modId = %d from %s
01010250 Pool member %A:%u exceeded configured rate limit.
01010251 Virtual %s exceeded configured rate limit.
01010259 External Datagroup (%s) %s.
01010260 Hardware Error(%s): %s %s
01010273 Access policy Configuration object: [%s] not found
01010274 Access Policy and Access Policy Item join failed: [%s] not found
01010276 FTPS warning: Security policy disabled for %A%%%u:%u due to explicit FTPS mode negotiation
01010290 TCP: Memory pressure activated
01010291 TCP: Memory pressure deactivated. Dropped %llu packets, %llu bytes
01010300 BDoS: (TMM) Histogram (%p) %s for context %s (ref cnt %d).
01010301 BDoS: (TMM) %s failure for context %s - %s (error %s).
01010302 BDoS: (TMM) %s signature (%s) for context %s at idx %u (detection=%u mitigation=%u state=%s transient=%s retired=%s).
01010303 BDoS: (TMM) signature (%s) removed (at idx %u of signature table) from context %s.
01010305 BDoS: (TMM) afm_provisioned=%s dos_provisioned=%s l4_bdos_licensed=%s bdos_feature_enabled=%s detection=%s
01010307 Memory allocation failed: %s %s
01010308 Access Policy update: %s End Txn Failed (%d)
01010309 Access Policy(%s) update: Subroutine properties can be only assigned to Access policy of type subroutine
01010311 Failed to configure VDI-enabled listener %s: %En
01010313 Profile %s create failed.
01010314 profile %s update: bad profile
01010315 Agent [%s] update: Invalid event validate
01010316 Agent [%s] update: agent clone failed
01010317 Agent [%s] update: agent store failed
01010318 Agent [%s] update: agent construct failed
01010322 pem protocol profile gx modify {%s}: invalid
01010323 {%s, %s}: protocol message cannot be deleted, error %E
01010324 {%s, %s}: not found, cannot modify.
01010325 pem protocol profile radius modify {%s}: invalid
01010326 {%s, %s}: protocol message cannot be deleted, error %E
01010327 {%s, %s}: not found, cannot modify.
01010328 BDoS: (TMM) afm_provisioned=%s dos_provisioned=%s dns_bdos_licensed=%s detection=%s
01010329 BDoS: (TMM) Signature %s: threshold_mode=%s detection=%u mitigation_curr=%llu
01010330 Failed to register the Neuron App %s with the Neuron client
01010331 Neuron client %s failed with %s(%s)
01010332 Neuron application %s registered
01020037 The requested %s (%s) already exists
01020066 The requested %s (%s) already exists in partition %s
0102006e IP Address %s is invalid with netmask %s, must not be the same as network address.
0102006f The string does not contain only space separated integers between 0 and 4294967295
01060001 Service detected %s for %s:%u monitor %s.
01060002 Node address detected %s for %s monitor %s.
01060110 Lost connection to mcpd with error %d, will reinit connection.
01060111 Open SSL error - %s
01060136 Received links up - monitoring starts.
01060145 Pool %s member %s monitor status %s. [ %s ] [ %s ]
01060156 Bigd PID %d, instance %d, fail to serialize 'bigd=>mcpd' message (exceed msg-length limit?): %s.
01060157 Receive string cannot be empty for reverse monitor '%s'
01060158 Disable string must be empty for reverse monitor '%s'
01070007 Received shutdown signal %d
01070043 Monitor %s parent not found.
0107004e LTM configuration is not allowed when VCMP is provisioned. Virtual server %s conflicts with VCMP.
01070069 Subscription not found in mcpd for subscriber Id %s.
01070147 Snatpool %s must reference at least one translation address.
01070151 Rule [%s] error: %s
01070165 "License file stat fails: %s."
01070259 Requested member (%s) is untagged on another VLAN
01070261 Can't create a home directory for username %s (%s)
01070265 The %s (%s) cannot be deleted because it is in use by a %s (%s)
01070277 The requested %s (%s) was not found
0107028a The source address (%s) for virtual server (%s) must have a prefix length.
01070301 Pool (%s) is referenced by one or more virtual servers
0107030c Host persistence requires an HTTP profile to be associated with the virtual server
01070315 profile %s requires a key
01070318 The requested media %s for interface %s is invalid.
01070320 Snatpool %s is still referenced by a virtual server.
0107032f The vlan (%s) associated with the static route %s/%d must have a Self IP using the IPv%u protocol.
01070340 %s (%s) is referenced by one or more rules
01070341 Virtual server %s references rule %s which does not exist.
01070354 Self IP %s / %s: This network is defined on two vlans (%s and %s)
01070356 %s feature not licensed
01070392 Self IP %s / %s: This IP shares a network with %s (%s / %s).
01070394 %s in rule (%s) requires an associated %s profile on the virtual server (%s)
01070404 Add a new Publication for publisherID %s and filterType %p
01070406 Removed publication with publisher id %s
01070407 Removed information for Publication %s and filterType %p
01070408 Deleting abandoned subscriber connection for %s
01070410 Removed subscription with subscriber id %s
01070413 Updated existing subscriber %s with new filter class %llx
01070417 AUDIT - user %s - transaction #%u-%u - object %u - %s
01070418 connection %p (user %s) was closed with active requests
01070419 Platform initialization phase triggered
01070421 Base configuration initialization phase triggered.
01070424 Full configuration initialization phase triggered.
01070427 Initialization complete. The MCP is up and running
01070465 DB changed: %s, configsync needed
01070466 Received end of platform data
01070468 %s
01070596 An unexpected failure has occurred, %s, exiting...
01070604 Cannot delete IP %s because it would leave a route unreachable.
01070608 License is not operational (expired or digital signature does not match contents)
01070622 The monitor %s has a wildcard destination service and cannot be associated with a node that has a zero service
01070638 "Pool %s member %s:%u monitor status %s."
01070639 Pool %s member %s:%u session status %s.
01070640 Node %s address %s monitor status %s.
01070690 Port mirroring is not supported on this platform.
0107070e Software version not covered by service agreement. Reactivate license before continuing.
01070712 "Caught configuration exception (%d), %s."
01070727 "Pool %s member %s:%u monitor status up."
01070728 Node %saddress %s monitor status up.
01070730 Configuration restored from binary image
01070734 Configuration error: %s
01070736 Couldn't write to the user/role/partition file, %s (%d)
01070737 Couldn't rename the user/role/partition file from %s to %s (%d)
01070807 Monitor %s instance %s:%u has been %s.
01070822 "Access Denied: %s"
01070823 Read Access Denied: %s
01070827 User login disallowed: %s
01070921 Virtual Server '%s' on partition '%s' %s by user '%s'.
01070927 Request failed, data provider (%s) disconnected from mcpd
01070931 Clustering quorum reached
01070933 License blob received from primary.
01070967 The specified vlan, vlangroup or tunnel (%s) cannot be removed from its default route domain (%s).
01070978 The vlan (%s) for the specified self IP (%s) must be one of the vlans in the associated route domain (%s). For example: 192.168.0.1%1234 for self IP in route-domain 1234.
01070979 The specified vlan (%s) for route domain (%s) is in use by a self IP.
01070995 get_tmstat: tmstat_sample not ready. Statsd may not be running.
01071027 Master key OpenSSL error: %s
01071029 %s
0107102d Cannot load master key file. Updating to a new master key.
01071031 %s
01071038 %s
01071047 Removing %d %s local objects from slot %d
01071070 Failed to %s file %s with error %d
01071138 The access policy (%s) has an action/macrocall item (%s) that is referenced by any rule's next item for %d time(s). Exactly one reference is allowed.
01071246 "Unable to reload the dns cache\n"
010712a5 Ha_group %s unknown %s %s.
01071321 Vlan allowed mismatch found: hypervisor (%s:%s), guest (%s:%s) and (%s:%s).
01071392 Background command '%s' failed. %s
010713b1 Cannot delete IP (%s) because it is used by the system state-mirroring (%s) setting.
010713b8 Propose change to system hostname (%s).
010713ba Propose change to default gateway (%s).
010713bc Propose change to management IP address (%s/%s).
010713c0 System state ready for hypervisor mgmt settings: (%s)
010713c1 Initial management network proposals triggered (%s)
010713c2 No new proposal values detected
010713c3 Hypervisor updating %s. Old value: (%s) New value: (%s).
010713f6 CentMgmt objects must be in the '/Common' folder
01071412 Cannot delete IP (%s) because it is used by the system config-sync setting.
0107142f Can't connect to CMI peer %s, %s
01071430 Cannot create CMI listener socket on address %s, port %d, %s
01071431 Attempting to connect to CMI peer %s port %d
01071432 CMI peer connection established to %s port %d after %d retries
01071434 No CMI peer devices configured
01071435 Disconnecting from CMI peer %s as a result of a reconfiguration
01071436 CMI listener established at %s port %d
0107143a CMI reconnect timer: %s
0107143b CMI connection debug info: %s
0107143c Connection to CMI peer %s has been removed
01071451 Received CMI hello from %s
0107146f Self-device %s address cannot reference the non-existent Self IP (%s); Create it in the /Common folder first.
01071470 Disconnecting from CMI device %s, the device is not in a trust domain
0107147f Could not read certificate file (%s)
01071485 %s (%s) content does not match the signature.
01071488 Remote transaction for device group %s to commit id %llu %llu %s %llu failed with error %s
0107149c Virtual server %s has more than one clientssl/serverssl profile but none of them is default for SNI.
010714a0 Sync of device group %s to commit id %llu %llu %s %llu from device %s complete
01071515 Unclassified domain logging on %s requires log publisher to be set.
01071528 Device group '%s' sync inconsistent, %s.
01071539 Mcpd is starting. The BIG-IP version is %s
0107157D %s: %s
01071587 Commit ID message ignored, %s
010715bc "The application service (%s) has strict updates enabled, the object (%s) must be updated using an application management interface."
0107167d Data publisher not found or not implemented when processing request %s.
01071681 SNMP_TRAP: Virtual %s has become available
01071682 SNMP_TRAP: Virtual %s has become unavailable
0107168c Incremental sync complete: This system is updating the configuration on device group %s device %s from commit id { %llu %llu %s } to commit id { %llu %llu %s }.
0107168e Unable to do incremental sync, reverting to full load for device group %s device %s from commit id { %llu %llu %s } to commit id { %llu %llu %s }.
010716b3 A draft policy (%s) can not be applied to a ACL rule.
010716b4 Policy %s cannot be assigned to %s, because %s.
010716e3 Policy '%s'; an action occurs before conditions in another rule. For best-match, all actions must happen later than all conditions.
0107172d Policy '%s' can't be applied to virtual server '%s' because it has no rules
01071764 HA order list in traffic group (%s) cleared because there is no self failover device group.
010717b3 Setting DHCP request-option to none can result in management-ip misconfiguration and loss of management connectivity.
010717b6 %s can only be used in one LSN pool or security nat source translation object. The PCP Server %s (%s) is in use by lsn pool %s.
010717dc VXLAN tunnel remote address can be configured only as any(0.0.0.0) with flooding types none and multipoint.
0107183b Cannot disable LDNS cache when a Wide IP has persistence enabled.
01071860 Cannot enable feed list %s. Maximum number of enabled feed list allowed is %d.
01071863 OCSP cert-validator (%s): DNS resolver and proxy server pool can not be both empty.
01071864 OCSP cert-validator (%s): The certificate (%s) can not be used by an OCSP cert-validator as a %s, because it is currently using some cert-validator (%s) to monitor its status.
01071865 Unable to find an HTTP-based OCSP responder URL that is configured in the OCSP cert-validator (%s) or in the AIA (Authority Information Access) extension of the certificate (%s).
01071866 OCSP cert-validator (%s): Please specify a HTTP-based absolute URL for the OCSP responder.
01071867 OCSP cert-validator (%s): Both key and certificate should be specified for signing the OCSP request.
01071868 OCSP cert-validator (%s): Only prime256v1 named curve is supported for signer key.
01071869 OCSP cert-validator (%s): Security type %s is not supported for signer key.
0107186a OCSP cert-validator (%s): Signer key (%s) and signer certificate (%s) do not match.
010718e1 Only the standard-balanced-fpga firmware type is permitted in vCMP mode.
010718e3 Certificate (%s) has enabled OCSP at cert-validation-option but is not associated with any OCSP cert-validator.
010718e4 OCSP cert-validator (%s): can not use both DNS resolver and proxy server pool. Please ensure that only one of them is configured.
01071909 Log publisher '%s' used by the Anti-Fraud profile '%s' must have a single destination of type '%s'.
0107190a Field '%s' cannot be empty in the Anti-Fraud profile '%s'.
01071911 %s in rule (%s) are not allowed under %s event on the %s (%s).
01071912 %s in rule (%s) requires an associated %s profile on the %s (%s).
01071913 %s in rule (%s) under %s event at %s (%s) does not satisfy cmd/event/profile requirement.
01071918 CMI device (%s) has a different version (%s) from this device (%s).
010719a8 URL parameters can be %s only when %s is enabled in the Anti-Fraud profile '%s'.
010719ac Anti-Fraud parameter '%s' is invalid. Parameter cannot be %s while it is %s in the Anti-Fraud profile '%s' (Anti-Fraud URL: '%s').
010719b7 URL whitelist words can be selected only from malware blacklist words in the Anti-Fraud profile '%s'.
010719c9 Unicast address warning (FAILOVER MAY NOT WORK): %s should be a mgmt (blade) address or non-floating self IP.
010719d6 The location '%s' cannot have empty path between leading '/' and file extension or trailing '/', and also cannot contain only '/' and '.' in the Anti-Fraud profile '%s'.
010719e7 Virtual Address %s general status changed from %s to %s.
010719e8 Virtual Address %s monitor status changed from %s to %s.
010719ea GTM changed state from %s to %s.
010719fd No IPv%s self IP exists on VLAN (%s) for static route (%s)
01071a01 Anti-Fraud parameter '%s' is invalid. URL parameters can appear only in POST request when URL Application Type is Mobile in the Anti-Fraud profile '%s' (Anti-Fraud URL: '%s').
01071a14 device_trust_group: Requesting device data from device %s.
01071a15 device_trust_group: Sending device data to device %s.
01071a37 Anti-Fraud %s '%s' was created as %s and this setting cannot be changed.
01071a38 Wildcard %ss must have unique priorities in the Anti-Fraud profile '%s'.
01071a39 Cannot %s of explicit %s in the Anti-Fraud profile '%s'.
01071a6e Incompatible options - traffic group %s cannot have both auto-failback-enabled and the failover-method set to ha-score
01071a85 Anti-Fraud URL '%s' is invalid. Wildcard URL cannot have %s enabled in the Anti-Fraud profile '%s'.
01071a95 Admin IP (%s/%s): Gateway (%s) for management route (%s) is not in a connected network.
01071a9a The '%s' for interface %s has been adjusted to '%s'.
01071aa6 %s bad actor cannot be enabled if per-source detection/limit pps is less than 1% of the DoS vector (%s) %s setting for %s.
01071aa7 %s bad actor per-source detection/limit pps cannot be greater than the Dos vector (%s) %s setting for %s.
01071acc Cannot enable maintenance mode when device is forced offline.
01071acd The requested device (%s) was not found in self failover device group (%s).
01071ad3 The requested provision module (%s) is not compatible with already provisioned module (%s).
01071ad4 LSN pool %s shares the same name as security nat source translation object. LSN iRules that take in 'pool name' as an argument would default to LSN objects
01071ad9 Security NAT Source Translation object %s shares the same name as LSN pool. LSN iRules that take in 'pool name' as an argument would default to LSN objects.
01071af3 Anti-Fraud parameter '%s' is invalid. URL parameters cannot be entangled for Mobile while no parameter is encrypted for Mobile in the Anti-Fraud profile '%s' (Anti-Fraud URL: '%s').
01071af8 The firewall rule UUID cannot be modified by user once it's created.
01071af8 The firewall rule UUID (%s) already exists in other rules.
01071af9 The specified firewall rule UUID (%s) is diffrent from exists rule UUID.
01071aff AOM webui is not available in this release.
01071b00 AOM vkvm is not available in this release.
01071b27 Scope name cannot be empty for OAuth Authorization agent %s.
01071b28 Scope name (%s) associated with OAuth Authorization agent (%s) is not defined under OAuth scope. If this error appears during import access profile, then the scope-name in the scope already exists on this BIG-IP as part of another scope object. You may want to edit the existing scope and retry importing access profile.
01071b29 %s entry refers to invalid OAuth Authorization agent %s, entry %d.
01071b2c The client app (%s) that is associated with the %s (%s) does not exist.
01071b3b Notice: Purging initiated for OAuth DB Instance (%s). Time taken for DB purging depends on the amount of data; BIG-IP performance may be affected during this time. Only expired tokens will be removed.
01071bad The certificate (%s) can not simultaneously use a cert-validator (%s) and be configured as the %s of a cert-validator (%s).
01071bcd Security NAT Source Translation object (%s) cannot use both Self IP and DSLITE tunnel for PCP configuration.
01071bd1 Inbound CMI connection from IP (%s) denied because it came from VLAN (%s), not from expected VLAN (%s).
01071bd6 %s (%s): Cannot enable Device-ID without enabling Bot Signatures and the 'Search Engine' Bot Signature Category.
01071bd8 The tag-mode for requested member %s has to be 'none' on platforms that do not support QinQ.
01071be4 port-fwd-mode value of interface (%s) is not compatible with vlan (%s) member interface (%s).
01071be5 Member interface (%s) of trunk (%s) not found.
01071be6 port-fwd-mode value of interface (%s) is not compatible with trunk (%s) member interface (%s).
01071bed The URL (%s) belongs to Custom Category (%s) has invalid type as regex-match and not supported yet.
01071bee SSLv2 is no longer supported and has been removed. The 'sslv2' keyword in the cipher string has been ignored.
01071bf0 Vlan %s c-tag %s is out of range.
01071bf1 Vlan %s tag %d is out of range.
01071bf6 Cannot change FIPS name on busy guest: %s.
01071bf7 Invalid URL format %s in CA-bundle manager %s. Check help page.
01071bf8 Bundle manager %s cannot use a certificate file object %s that depends on itself. This would cause a cyclic dependency.
01071bf9 CA-bundle management trace: CA-bundle %s depends on %s.
01071bfa CA-bundle manager %s does not exist.
01071bfb The default CA-bundle manager %s cannot be deleted.
01071bfc The default CA-bundle manager %s cannot be changed.
01071bfd The default CA-bundle manager %s cannot change the exclude-url or exclude-bundle sets.
01071bfe The port number must be removed from %s, and set separately.
01071bfe %s: %s can't be deleted because %s.
01071bff The trusted CA-bundle must be provided in CA-bundle manager %s in order to download from URLs.
01071c00 The requested certificate file object %s for %s was not found.
01071c01 Object %s cannot be used in both include and exclude sets in CA-bundle manager %s.
01071c02 CA-bundle URL %s in CA-bundle manager %s only supports HTTPS.
01071c03 F5 CA-bundle %s cannot be dynamically managed.
01071c04 Cannot find device group (%s).
01071c05 Cannot find Policy Sync object definition file (%s).
01071c06 Cannot find Policy Sync object list file (%s).
01071c07 Cannot find Policy Sync data file (%s).
01071c08 Cannot determine whether agent type %s is appropriate for access policy (%s) of type %s because it is not attached to apm profile access using access-policy property.
01071c0d Default attribute consuming service (%s) must be present in the list 'attribute-consuming-services' of apm saml aaa (%s)
01071c0e Attribute consuming service session variable and object cannot be configured at the same time in agent (%s)
01071c0f Attribute consuming service variable (%s) in agent (%s) is not in session variable format
01071c10 'attribute-name' must be configured for attribute (%s) in attribute-consuming-service (%s)
01071c11 All attribute names must be unique within attribute-consuming-service (%s). Provided attribute name (%s) is not unique
01071c12 attribute-consuming-service (%s) must specify at least one attribute
01071c13 attribute-consuming-service-index (%d) in aaa saml server (%s) conflicts with index of existing service (%s). Please provide unique index.
01071c14 'service-name' value must be configured in attribute-consuming-service (%s)
01071c15 aaa saml server must be configured before attribute consuming service can be specified
01071c16 SAML agent (%s) specifies attribute consuming service (%s) that is not configured in aaa saml server (%s)
01071c18 Attribute consuming service (%s) cannot be removed from aaa saml server (%s) because service is set as default
01071c19 The requested username source (%s) is not a valid session variable.
01071c1a The requested password source (%s) is not a valid session variable.
01071c1b Virtuals Servers in the same listener group can have different profiles. Modifying the profiles in the listener will not update the profiles in the Virtual Servers. To update the profiles in Virtual servers, modify the Virtual Servers individually.
01071c1c You cannot delete the nodejs version (%s).
01071c1d You cannot modify the nodejs version (%s).
01071c1e Cannot perform Protocol inspection update: %s
01071c1f Protocol Inspection compliance inspection %s requires valid value: %s
01071c20 Too many Protocol Inspection profiles. Up to %d supported.
01071c22 Modifying predefined Protocol Inspection profiles are not allowed.
01071c23 Creating predefined Protocol Inspection profiles are not allowed.
01071c24 Deleting predefined Protocol Inspection inspections are not allowed.
01071c25 Modifying predefined Protocol Inspection inspections are not allowed.
01071c27 Protocol Inspection internal error: %s.
01071c28 Invalid Protocol Inspection snort signature: %s.
01071c2a Creating/Modifying Protocol Inspection compliance enums are not allowed.
01071c2b Deleting Protocol Inspection services are not allowed.
01071c2c Creating/Modifying Protocol Inspection services are not allowed.
01071c2d The VLAN (%s) tag is %u. The port-fwd-mode value of %s (%s) must be set to (%s).
01071c2e The VLAN (%s) can have at most %u member because member (%s) port-fwd-mode value is (%s).
01071c2f The requested VLANGROUP (%s) can have at most %u member(s) because VLAN members have virtual-wire members.
01071c30 Vlan (%s) is not compatible with member vlan in VLANGROUP (%s).
01071c31 The VLANGROUP (%s) mode and the VLAN (%s) member (%s) port-fwd-mode are not compatible.
01071c32 The VLANs must have the same tag in VLANGROUP (%s) when they have l2wire member.
01071c32 The VLANs must have the same tag in VLANGROUP (%s) when they have virtual-wire member.
01071c33 The VLAN (%s) tag (%u) cannot be modified %s '4096'.
01071c34 The requested member (%s) is already configured as a member of VLAN (%s) with tag (%d). A member can belong to only one VLAN for a given tag.
01071c34 The requested member (%s) is already configured as a member of VLAN (%s) with tag (%u). A member can belong to only one VLAN for a given tag.
01071c35 The VLAN (%s) has %s interface while the VLAN (%s) has %s interface. Interfaces of VLANs that are in the same 'virtual-wire' VLANGROUP (%s) must have the same taggedness.
01071c36 The SelfIP (%s) cannot associate with %s (%s) with (%s) interface.
01071c37 %s: %s is not supported on this platform (%s).
01071c38 Rule Profiler object %s requires log publisher to be specified.
01071c38 Modify of ephemeral %s (%s) is not permitted.
01071c3a Route MTU for (%s) below minimum %u.
01071c52 Routing object (%s) cannot have both items: %s.
01071c55 Invalid as-path (%s): %s.
01071c56 Invalid as-path entry (%s) for as-path (%s): %s.
01071c58 Virtual server %s is in ALG mode. Must not use static source translation, as used by attached profile %s.
01071c5c Cannot disable AJAX encryption for URL '%s' while parameter '%s' has AJAX mapping enabled in the Anti-Fraud profile '%s'.
01071c5d Anti-Fraud parameter '%s' is invalid. AJAX mapping '%s' for parameter cannot start or end with a '.' in the Anti-Fraud profile '%s' (Anti-Fraud URL: '%s').
01071c5e AJAX mapping for parameter '%s' requires POST method and either 1. AJAX encryption and either value substitution or Real-Time Encryption or parameter encryption enabled 2. Full and Enhanced AJAX Data Manipulation Check enabled in the Anti-Fraud profile '%s'.
01071c60 DynaD private key generation failed ('%s').
01071c61 DynaD public key generation failed ('%s').
01071c62 DynaD failed to decrypt private key. Re-generating.
01071c63 DynaD development mode requires an F5 development license.
01071c64 DynaD signature verification failed ('%s').
01071c65 DynaD cannot activate unsigned instrumentation.
01071c66 The VLAN (%s) member (%s) must be tagged when the tag is '4096'.
01071c67 The PEM rating group id needs to be greater than Zero. Rating group %s cannot use rating group id %d because it is invalid.
01071c68 Profile %s's SSL client certificate constrained delegation CA key is missing.
01071c69 Profile %s's SSL client certificate constrained delegation CA cert is missing.
01071c6a Profile %s's SSL client certificate constrained delegation peer-cert-mode is invalid.
01071c6b Profile %s supports only RSA key and certificate for SSL client certificate constrained delegation.
01071c6c Profile %s's SSL client certificate constrained delegation key is missing.
01071c6d Profile %s's SSL client certificate constrained delegation CA key and certificate do not match
01071c6e PKCS11d (re)initialized. Re-connecting to network-HSM PKCS11d.
01071c72 Policy '%s', rule '%s'; %s SSL server profile %s not found.
01071c73 F5 Service Connector %s validation error: %s.
01071c74 F5 MFA Configuration %s validation error: %s.
01071c75 F5 MFA User Verification Agent %s validation error: %s.
01071c76 F5 MFA Device Registration Agent %s validation error: %s.
01071c77 Issuer is required for JWT config (%s).
01071c78 Invalid %s (%s) in JWT config (%s). The value %s.
01071c79 Self-issued token is not allowed (%s) for JWT config (%s).
01071c7a In JWT config (%s), same signing algorithm is present in both allowed signing algorithms and blocked signing algorithms. This is not allowed.
01071c7b OAuth Provider (%s) references OAuth JWT Config (%s) that does not exist.
01071c7c When key-type is '%s', '%s' must be present for jwk-config (%s).
01071c7d The JWK config (%s) with key-type '%s' cannot contain an empty '%s'.
01071c7e The field (%s) is not relevant to key-type '%s' and thus cannot be present for jwk-config (%s).
01071c7f Certificate key file must be referenced when passphrase is present for jwk-config (%s).
01071c80 JWT access token lifetime (%u) for %s (%s) must be in range of (%u-%u).
01071c81 JWT refresh token lifetime (%u) for %s (%s) must be in range of (%u-%u).
01071c82 OpenID Connect Configuration Endpoint URL (%s) for %s (%s) must end with (%s).
01071c83 (%s) (%s) load failed due to %s
01071c85 (%s) key-type (%u) does not match certificate (%s) type (%u).
01071c86 The %s must be provided in base64url encoded format for jwk-config (%s).
01071c87 The claim name (%s) of claim (%s) cannot contain spaces.
01071c88 The word (%s) is a reserved word and cannot be used as claim name for the claim (%s).
01071c89 The %s claim name (%s) is already in use by agent %s for this entry.
01071c8a The %s claim (%s) that is associated with the %s (%s) does not exist. If this error appears during import access profile, then the claim-name in the claim already exists on this BIG-IP as part of another claim object. You may want to edit the existing claim and retry importing access profile.
01071c8b The %s claim name cannot be empty for OAuth Authorization agent %s.
01071c8c %s claim name (%s) associated with OAuth Authorization agent (%s) is not defined under OAuth claim. If this error appears during import access profile, then the claim-name in the claim already exists on this BIG-IP as part of another claim object. You may want to edit the existing claim and retry importing access profile.
01071c8d %s cannot be empty because %s for %s (%s).
01071c8e %s in %s (%s) is not an allowed URL: %s
01071c8f The %s (%s) associated to %s (%s) is not a valid %s.
01071c90 JWT config %s to be associated with JWK config (allowed keys) %s does not exist.
01071c91 In JWT config %s, allowed keys '%s' do not exist. Use a valid JWK config for allowed keys.
01071c92 In JWT config (%s), the same JWK config (%s) is present in both allowed keys and blocked keys. This is not allowed.
01071c93 JWT config %s to be associated with JWK config (blocked keys) %s does not exist.
01071c94 In JWT config (%s), blocked keys '%s' do not exist. Use a valid JWK config for blocked keys
01071c95 JWT Provider List %s to be associated with OAuth Provider %s does not exist.
01071c96 In JWT Provider List %s, OAuth Provider %s does not exist. Use a valid OAuth Provider for providers attribute.
01071c97 Error generating JWT encryption key using secret.
01071c98 The JWK config (%s) associated to %s (%s) can contain public key types only (such as, rsa, elliptic-curve).
01071c99 The OAuth profile (%s) does not allow JWK config (%s) with duplicate key-id (%s) of type (%s).
01071c9a The JWK config (%s) containing algorithm (%s) does not match key type (%s).
01071c9b The JWK config (%s) associated to %s (%s) contains an invalid signing algorithm.
01071c9c The JWK config (%s) associated to %s (%s) can only be used for signing.
01071c9d The JWK config (%s) associated to %s (%s) requires certificate key configuration.
01071c9e The encryption secret is needed to generate an encryption key for OAuth profile (%s).
01071c9f Allowed signing algorithms list cannot be empty in JWT config (%s) for Issuer (%s).
01071ca0 When the %s flag is enabled, OAuth Provider (%s) must have %s JWT config attached for the JWT provider list (%s)
01071ca1 The JWK config (%s) associated to %s (%s) was auto-generated and is meant for Client/Resource Server purposes only.
01071ca2 When jwt-token is enabled, a JWK config must be assigned as the JWT Primary Key for OAuth Profile (%s).
01071ca3 Error loading cert-chain (%s) associated to JWK config (%s)%s
01071ca4 Invalid certificate order within cert-chain (%s) associated to JWK config (%s).
01071ca5 The JWK config (%s) associated to OAuth %s (%s) failed trust verification with trusted CA bundle (%s).
01071ca6 Only '%s' token validation mode is allowed for OAuth %s agent '%s'.
01071ca7 JSON web token '%s' already exists in Provider List '%s'. The change you are trying to make is not allowed because it would result in a provider list that contains more than one instance of the same JSON web token.
01071ca8 JSON web key '%s' already exists in Provider List '%s'. The change you are trying to make is not allowed because it would result in a provider list that contains more than one instance of the same JSON web key.
01071ca9 OAuth parent profile's jwt-refresh-token-enc-secret attribute cannot be modified.
01071caa The encryption key for OAuth profile (%s) cannot be specified directly. Use encryption secret to generate a new encryption key and make sure that jwt-token is enabled.
01071cab The JWK config (%s) associated to %s (%s) requires key ID configuration.
01071cac When more than one JWK config of key-type '%s' is present in a JWT config, all the keys of that key-type must have key-id or cert-thumbprint-sha1 or cert-thumbprint-sha256 present.
01071cad All the JWK configs in a JWT config must have unique key-id for each key-type. The key-id '%s' for key-type '%s' is already present in JWT config '%s'.
01071cae %s (%s) for OAuth profile (%s) should be unique across other OAuth Authorization Server endpoints.
01071caf The issuer cannot be modified for autodiscovered JWT config '%s'.
01071cb0 Cannot enable Real-Time Encryption when a custom encryption function is specified in the Anti-Fraud URL '%s'.
01071cb0 For autodiscovered JWT config '%s', you can move algorithms between the allowed and blocked lists only.
01071cb1 JWK config '%s' is autodiscovered, JWT config '%s' is not. An autodiscovered JWK config can be added to an autodiscovered JWT config only.
01071cb2 For autodiscovered JWT config '%s', you can move autodiscovered keys between the allowed and blocked lists only.
01071cb3 Autodiscovered JWK config '%s' cannot be modified.
01071cb4 Autodiscovered JWT config cannot be modified for OAuth Provider '%s'.
01071cb5 Autodiscovered JWT config '%s' is associated with OAuth Provider '%s'. It cannot be added to Provider '%s'.
01071cb6 Support for at least Opaque or JWT token should be enabled for OAuth profile (%s).
01071cb7 The auto-generated attribute for %s '%s' cannot be modified.
01071cb8 The auto-generated attribute for %s '%s' cannot be specified.
01071cb9 Claim value cannot be empty for OAuth claim (%s).
01071cba %s claim value associated with OAuth claim (%s) cannot be empty for OAuth Authorization agent %s, entry %d.
01071cbb The JWK config (%s) containing algorithm (%s) does not match curve (%s) for elliptic-curve.
01071cbc The last-discovery-time cannot be specified while creating Provider '%s'.
01071cbd The last-discovery-time cannot be modified for Provider '%s'.
01071cbe When use auto JWT config is enabled, OAuth Provider (%s) must have trusted CA present.
01071cbf The JWK Config (%s) cert field cannot be empty if cert-key (%s) is specified.
01071cc0 %s (%s): Traffic Scrubbing Advertisement Duration must be more than zero.
01071cc1 %s (%s): RTBH Advertisement Duration must be more than zero.
01071cc2 Anti-Fraud parameter '%s' is invalid. Cannot enable both %s and %s for same parameter in the Anti-Fraud profile '%s' (Anti-Fraud URL: '%s').
01071cca Dos Signature (%s): %s is not user settable field.
01071ccb %s (%s): Attacked dst can not be enabled if per-destination detection/limit pps is less than 0.1%% of the corresponding vector setting.
01071ccc %s (%s): Attacked dst per-destination detection/limit pps cannot be greater than the corresponding vector setting.
01071cd4 %s: %s can't be deleted because %s.
01071cd5 %s: %s can't be modified because %s.
01071cd6 Dos Signature (%s): %s is not allowed to be reset by user once it is specified.
01071cd9 Field-list contains an invalid/duplicate value.
01071cdc Security static PAT %s translation object '%s' address (%s) is overlapping with another address (%s) located in '%s' PAT %s translation object.
01071cdd Traffic-group (%s) is referenced by security NAT Policy (%s) and cannot be deleted.
01071cde Traffic-group (%s) is referenced by security source translation (%s) and cannot be deleted.
01071cdf Dos vector (%s) does not support Attacked destination DOS attack detection.
01071ce3 %s (%s) cannot be set to (%s) when %s (%s) is set to (%s)
01071ce4 %s (%s): %s feature is not supported for %s attack type.
01071ce5 %s (%s): %s cannot be enabled if %s is not enabled for %s attack type.
01071ce6 The value (%s) is invalid. Valid TTL is %s.
01071ce7 Cannot configure Advertisement TTL while scrubbing is in progress.
01071ce8 The VLAN %s has the same tag %u as VLAN %s. So the port-fwd-mode of the interface associated with the VLAN must be set to l2wire.
01071ce8 The VLAN (%s) has the same tag %u as VLAN (%s). So the port-fwd-mode of the interface associated with the VLAN must be set to virtual-wire.
01071ce9 The Scrubber Route Domain (%s) has a destination IP (%s) that overlaps with (%s).
01071ceb Operation failed for CA bundle manager %s due to other pending operation.
01071ced MQTT monitor '%s' must have a username when password is configured.
01071cef Policy (%s) of type %s cannot have subroutine-properties attached, policy type must be %s.
01071cf0 DNS resolver must be configured for SAML metadata automation object (%s).
01071cf1 SAML metadata automation object (%s) should have only one 'connection-properties' attribute configured.
01071cf3 Authorize redirect request (%s) must always use 'GET' method.
01071cf4 Invalid %s for Monitor Test (%s) conflicts with monitor value (%s)
01071cf5 Invalid state (%s) for Monitor Test target (%s) marked for cleanup
01071cf6 The current provisioning does not support the TurboFlex profile. Please provision LTM first or choose another profile suggested on the help page.
01071cf7 The chosen turboflex is not licensed, therefore the change cannot be made.
01071cf9 The provision module %s requires TurboFlex profile %s. Please either un-provision the module or choose the required profile. For more information, please see 'tmsh help sys turboflex' on the command line, or look at the 'Help' tab on the TurboFlex page under Resource Provisioning.
01071cfb Please get the Advanced Protocols or FIX add-on license to enable FIX features.
01071cfc %s changing OpenSSL FIPS flag from (%d) to (%d). Reboot is required for changes to take full effect.
01071cfd The VLAN (%s) tag %u cannot be modified to %u once the VLAN is created. Please delete and re-create it.
01071cfe %s (%s): AutoMitigate %s %u must be lower than AutoMitigate ceiling %u.
01071cff %s (%s): AutoMitigate %s 'infinite' must be lower than AutoMitigate ceiling %u.
01071d00 Maximum response size (%u) for OAuth provider (%s) must be in range of (%u-%u).
01071d01 Invalid value (%s) for profile %s field %s. Only integers between 0 and 4294967295 are permitted.
01071d02 Size of field '%s' for monitor '%s' exceeds allowed maximum of %d bytes.
01071d03 Encryption object is too big.
01071d04 Encryption failed.
01071d05 %s is not a valid IP address or hostname.
01071d06 Overlapping %s IP addresses (%s) is in NAT policy '%s', rule '%s'.
01071d09 Management auto-lasthop (%s) can't be disabled on a 1-NIC platform.
01071d0e Global ASM health alerts configurations error: %s
01071d16 DNS profile (%s) cannot have both edns0 client subnet insertion and the DNS cache enabled simultaneously.
01071d17 DNS profile (%s) inherits options from DNS profile (%s) and cannot have both edns0 client subnet insertion and the DNS cache enabled simultaneously.
01071d44 The Traffic Matching Criteria (%s) is already in use by another Netflow Protected Server (%s).
01071d45 Invalid Netflow Protected Server [%s] name for stopping redirection
01071d46 Netflow Protected Server (%s) cannot have a Traffic Matching Criteria that references a route domain.
01071d47 (%s) has an invalid mask %u.
01071d62 CMI device (%s) attempted to connect but is running an incompatibly old version of TMOS.
01071d63 CMI device (%s) attempted to connect but is running a version of TMOS with incompatible version (%s) (expected %s).
01073035 The encryption key for OAuth profile (%s) cannot be modified directly. Use encryption secret to generate a new encryption key.
01073039 All the JWK configs in a JWT config must have unique cert-thumbprint-sha1. The cert-thumbprint-sha1 '%s' is already present in JWT config '%s'.
01073040 All the JWK configs in a JWT config must have unique cert-thumbprint-sha256. The cert-thumbprint-sha256 '%s' is already present in JWT config '%s'.
010c0009 Lost connection to mcpd - reestablishing
010c0018 Standby
010c0022 Opening %s for failover monitoring
010c002a Requesting tmm to resend gratuitous arps for traffic group %s.
010c002b Traffic group %s received a targeted failover command for %s.
010c002c Traffic group %s received a targeted failover command from cluster mate for %s.
010c002d Traffic group %s going standby via targeted failover command.
010c0037 Up service module error %s.
010c003b Bind fails on %s addr %s port %d error %s
010c003c Connect fails on %s addr %s port %d error %s
010c003e Offline
010c003f Forced offline
010c0044 Command: %s
010c0048 Bcm56xxd and lacpd connected - links up
010c0049 Tmm ready - links up.
010c0050 Sod requests links down
010c0052 Standby for traffic group %s
010c0054 Offline for traffic group %s.
010c0055 Forced offline for traffic group %s.
010c0056 Deactivating traffic group %s
010c0057 Activating traffic group %s
010c005a Dropping a failover packet that is too small (%u)
010c005b Dropping a packet that is not a failover packet.
010c005e Waiting for mcpd to reach phase base, current phase is %s
010c005f Mcpd has reached phase base, current phase is %s
010c0063 Waiting for Mcpd without a response. Try again...
010c006a Configuration CRC values disagree amongst peers. Suggest configsync peers.
010c006b Configuration CRC values agree amongst peers
010c006c proc stat: [0] %s
010c006d %s.
010c006e All devices in traffic group %s %s have a HA group.
010c0076 Exceeded mcp recv soft limit: %d. Succeeded after %d messages.
010c0077 Listening for unicast failover packets on address %s port %d.
010c007b Deleted unicast failover address %s port %d for device %s.
010c007e Not receiving status updates from peer device %s (Disconnected).
010c0082 Sorted Load-Aware failover %s.
010c0083 No failover status messages received for %s seconds, from device %s (%s).
010c0084 Failover status message received after %s second gap, from device %s (%s).
010c0085 First failover status message received from device %s (%s).
010c0089 Invalid go standby command. %s is not a valid traffic-group or device.
010c008a Invalid go standby command. %s is not a valid device.
010c008b Unable to send to unreachable unicast address %s port %d.
010c008c Previously unreachable unicast address %s port %d is now reachable.
010d0005 Chassis fan %d: status (%d) is bad
010d0006 Chassis power supply %d has experienced an issue. Status is as follows: %s
010d0009 %s: voltage (%d) is too high
010d0010 %s: fan speed (%d) is too low
010d0017 %s: milli-voltage (%d) is too low
010e0001 Cannot communicate with MCPD server
010e0002 Established new connection to MCPD server
010e0004 MCPD query response exceeding %d seconds
01100002 alertd is going down
01100017 Email action is failed for toaddress %s
01100042 Failed with MCPD at: %s (%s)
01100043 logcheck Notice: %s %d
01100048 "Log disk usage still higher than %d%% after logrotate and %d times log deletion"
01100049 logcheck Info: %s %d
01100053 %s
01100054 %s
01100055 %s
01100056 %s
01100057 %s
01100058 %s
01100059 Found db_name %s without value - reset to default %s.
01110001 Error running %s
01110034 The configuration for running config-sync is incorrect.
01140029 HA %s %s fails action is %s.
0114002a HA %s %s created.
0114002b HA %s %s enabled.
0114002c HA %s %s disabled.
01140030 HA %s %s is now responding
01140043 Ha feature %s reboot requested
01140044 HA reports tmm ready
01140045 HA reports tmm NOT ready
01140100 Overdog daemon startup
01140101 Overdog daemon shutdown
01140102 Overdog daemon requests reboot
01140103 Watchdog touch enabled with %d seconds
01140104 Watchdog touch disabled
01140106 Overdog daemon calling bigstart restart
01150216 Notice from %s: %s
01160004 LACPD reporting error conditions
01160005 LACPD reporting internal error conditions
01160009 LACPD reporting a link being added to aggregation
01160010 LACPD reporting a link being removed from aggregation
01160011 LACPD reporting a churn condition
01160012 LACPD reporting a churn condition
01160016 LACP reporting an internal condition as informational message
01160017 Internal Link %s is AVAILABLE.
01160018 Internal Link %s is UNAVAILABLE.
01160024 %s
01170003 halGetDossier returned error (%d): Dossier generation failed.
01170012 Unsupported argument (-%c).
01170019 Detected Registration Key-Less dossier generation for CSP.
01170020 Option -%c requires an argument.
01170021 Invalid value (%s) passed for option (-%c).
01180010 [license processing][error]: %s
01190003 arp_input: packet too short (%lu/%lu)
01190004 address conflict detected for %a (%m) on vlan %d
01190007 Neighbor update, route lookup failed, address = %la%%%u
01190008 Neighbor update, route is not link type, address = %la%%%u
01190009 Neighbor update failed, err = %E, address = %la%%%u, ifc name = %s
01190010 Neighbor delete failed, err = %E, address = %la%%%u
011b0203 Error '%s' opening file %s
011b020b Error '%s' scanning buffer '%s' from file '%s'
011b0233 CACHE MISS during %s, prev=%s, curr=%s.
011b0236 Merged iStats merge interval changed to be every %d seconds.
011b0237 Merged iStats merge interval called with %d.
011b0309 %s %s %s
011b032e Graph '%s' is not supported, possibly because it is not licensed, or a license has expired.
011b0600 Error '%s' during rrd_update for rrd file '%s'
011b0601 Error '%s' during rrd_graph for graph '%s'
011b0816 Statistic collection has ALREADY been started.
011b0826 Cluster collection start error.Exitting
011b0900 TMSTAT error %s: %s
011b090c tmstat_query_rollup on table %s called
011b090e getTMValueUNKeyed start
011b090f DNS Services request rate limiter engaged.
011b0910 DNS Services request rate limiter disengaged.
011b0914 No individual CPU information is available.
011b0999 %s: %s
011d0002 No diskmonitor entries in database
011d0004 Disk partition %s has only %d free
011e0001 Limiting %s from %d to %d packets/sec for traffic-group %s
011e0002 %s: Aggressive mode %s %s (%llx) (%s %s). (%llu/%llu %s)
011e0003 mode sweeper: %s (%llx) (%s %s) %d Connections killed
011f0001 %s: Bad chunk state %d
011f0004 Invalid header insert profile, missing the colon separator in - %s
011f0005 HTTP header (%d) exceeded maximum allowed size of %d
011f0007 %s - Invalid action:0x%x %s (%C) %s (%C)
011f0008 %s - Invalid state transition to %s
011f0011 HTTP header count exceeded maximum allowed count of %d
011f0012 HTTP profile option %s incompatible with proxy_type. Using default instead.
011f0016 %s - Invalid action:0x%x Server sends too much data. serverside (%C) clientside (%C)
011f0017 Config error: HTTP Header Entry [%s:%d] update: agent clone failed
01200009 Packet rejected remote IP %*A port %d local IP %*A port %d proto %s: Connection limit exceeded.
01200012 Warning, connections equals limit %F, proto %s, VS %s: Connection limit reached.
01200014 Warning, connections equals limit %F, proto %s, RD %s: Connection limit reached.
01200016 Warning, node IP %*A has reached its connection limit.
01200017 Warning, pool member IP %*A port %u for pool %s has reached its connection limit.
01220001 TCL error: %s
01220002 Rule %s: %s
01220007 No pending rule event found for %F
01220008 Unable to resume pending rule event %s for closed %F
01220009 Pending rule %s aborted for %F
01220010 %d previous aborted rule log messages suppressed
01220011 Pending rule %s aborted for context %llx
01230001 Interface %d.%d: link is up, %dMbps %s
01230002 Interface %d.%d: link is down
01230032 Interface %s not found
01230066 Vlan %s - untagged interface %d/%d currently in use on vlan %s
01230087 Vlan %s, member %s instance add error %u
01230111 Interface %d.%d: HSB DMA lockup on %s.
01230113 "Unsupported media setting %s for interface %s"
01230140 RST sent from %A:%d to %A:%d, %s
01240006 Error querying request URI: %s
01260000 Profile %s: %s
01260006 Peer cert verify error: %s (depth %d; cert %s)
01260008 SSL transaction (TPS) rate limit reached
01260009 Connection error: %s:%d: %s (%d)
01260010 FIPS acceleration device failure: %s
01260012 Self-initiated renegotiation attempted while renegotiation disabled: %s
01260013 SSL Handshake failed for <PROTOCOL> <SRC> -> <DST>
01260014 Cipher %x:%x negotiated is not configured in profile %s
01260014 Cipher %x:%x negotiated is not configured in profile %s
01260015 Certificate supplied by server (subject CN: %s) was not configured on virtual: %s
01260017 Connection attempt to insecure SSL server (see RFC5746) aborted: %A:%d
01260018 Connection attempt to insecure SSL server (see RFC5746): %A:%d
01260024 OCSP failure on profile %s, certificate with issuer %s and serial number %lx: %s - %s
01260025 Cipher %x:%x negotiated is not supported by Proxy SSL configured in virtual server %s
01260026 No shared ciphers between SSL peers %A.%d:%A.%d.
01260034 SSL decryption canceled.
01260039 Block cipher data limit exceeded.
01260040 SSID Message length exceeds maximum handshake size set for TMM.
01260041 SSID SSL Fragmented handshake received.
0127000c Coalesced (%lu) requests for the previous command into 1 execution
01280045 Debug: %s
01290003 HALMSG reporting error conditions
01290004 HALMSG reporting warning conditions
012a0000 "LIBHAL reporting system is unusable"
012a0002 "LIBHAL reporting critical conditions"
012a0003 LIBHAL reporting error conditions
012a0004 LIBHAL reporting warning conditions
012a0005 LIBHAL reporting normal but significant condition
012a0006 LIBHAL reporting informational
012a0007 LIBHAL reporting debug-level messages
012a0013 Blade %d hardware sensor critical alarm: %s
012a0016 Blade %d hardware sensor notice: %s
012a0017 Chassis power module %d turned on
012a0019 Chassis power module %d is on.
012a0021 Chassis power module %d absent.
012a0022 %s
012a0023 %s
012a0024 %s
012a0025 %s
012a0026 %s
012a0027 %s
012a0028 %s
012a0029 %s
012a0030 %s
012a0031 %s
012a0032 %s
012a0033 %s
012a0034 %s
012a0035 %s
012a0036 %s
012a0037 %s
012a0038 %s
012a0039 %s
012a0040 %s
012a0041 %s
012a0042 %s
012a0043 %s
012a0044 %s
012a0045 %s
012a0046 Chassis power module 1 turned on.
012a0047 Chassis power module 2 turned on.
012a0048 Chassis power module 3 turned on.
012a0049 Chassis power module 4 turned on.
012a0050 Chassis power module 1 turned off.
012a0051 Chassis power module 2 turned off.
012a0052 Chassis power module 3 turned off.
012a0053 Chassis power module 4 turned off.
012a0054 Chassis power module 1 absent.
012a0055 Chassis power module 2 absent.
012a0056 Chassis power module 3 absent.
012a0057 Chassis power module 4 absent.
012a0058 Chassis with %d blades (%d W) may be inadequately powered - increase active number of power supplies
012a0059 Chassis power module %d is unidentified.
012b0021 Executable %s version '%s'.
012b0022 Executable %s version is newer than %s.
012b3005 Error encountered while opening SSL certificates %s.
012b7010 No Route Domain support, cannot create a listener for Route Domain %u.
012c0004 Lost connection with MCP: %d ... Exiting
012c0010 BCM56XXD driver error
012c0011 BCM56XXD SDK error
012c0012 BCM56XXD info
012c0013 BCM56XXD starting
012c0014 SAMPLE: bcm56xxd - Exiting...
012c0015 Link: %s is %s
012c0016 BCM56XXD SDK info
012d0007 Lost connection with MCP: %08x
012e0029 The configuration was successfully loaded.
01300001 RAMCACHE Initialize - Not enough memory available to create the cache. Please try reducing the cache size and max entries
01300002 RAMCACHE Response - Too many Cache-Control headers in response, max is %d.
01300003 RAMCACHE - Header too long. Header %d of length %d exceeds the max %lu bytes.
01310027 ASM subsystem error (%s,%s): %s
01340001 HA Connection with peer %la:%d for traffic-group %s established.
01340002 HA Connection with peer %la:%d for traffic-group %s lost
01340003 Cluster error: %s
01340004 HA Connection detected dissimilar peer: local npgs %u, remote npgs %u, local npus %u, remote npus %u, local pg %u, remote pg %u, local pu %u, remote pu %u. Connection will be aborted.
01340007 HA Connection with peer %la:%d for traffic-group %s closing.
01340009 HA reconnect with peer %la:%d for traffic-group %s postponed.
01340012 HA context missing for %s on virtual %s
01360008 ERROR: Cannot connect to GWM server %s; Will try it again in 30 seconds.
01380002 Certificate '%s' in file %s will expire on %s
013a0004 %s
013a0005 %s
013a0006 %s
013a0007 %s
013a0008 %s
013a0014 %s
013a0015 %s
013a0016 %s
013a0018 "%s"
013a0019 %s
013a0020 %s
013a0024 %s
013b0004 %s
013b0008 %s
013c0004 %s
013c0006 %s
013d0006 cand done
013e0000 Tcpdump starting locally on %la:%u from %la:%u
013e0001 Tcpdump starting bcast on %la:%u from %la:%u
013e0002 Tcpdump stopping on %la:%u from %la:%u
013e0005 Tcpdump starting remote to %A from %A
013e0006 Tcpdump to %A failed to connect : %E
013e0007 Tcpdump stopping remote to %A from %A
013e0008 Tcpdump ICMP error Type:%d Code:%d from %A
01410000 %s
01410002 RTSP: %s buffer length %u or header size %u exceeds max_header_size %u
01410003 RTSP: %s queued data %u exceeds max_queued_data %u
01410004 RTSP: client_port and server_port not paired
01410005 RTSP: client_port and server_port not specified
01410006 RTSP: multicast not compatible with unicast or interleaved
01410007 RTSP: incompatible port specifications
01410008 RTSP: no multicast port(s) specified
01410009 RTSP: no multicast address specified
0141000a RTSP: Expiring active RTP peer connection
0141000b RTSP: Expiring active RTCP peer connection
0141000c RTSP: Expiring active RTP connection
0141000d RTSP: Expiring active RTCP connection
0141000e RTSP: release RTP peer conn flow
0141000f RTSP: release RTCP peer conn flow
01410010 RTSP: release RTP conn flow
01410011 RTSP: release RTCP conn flow
01410012 RTSP: Can't create RTP endpoints: %E
01410013 RTSP: Can't create RTCP endpoints: %E
01410014 RTSP: Failed to set up sa_entry on client
01410015 RTSP: Can't find a port for media connections
01420001 %s
01420002 SAMPLE: tmsh - AUDIT - pid=13324 user=root query_partitions=all update_partition=Common module=(tmos)# status=[Command OK] cmd_data=list ltm virtual idnshare3-139
01420003 "%s"
01420004 %s
01420006 %s
01420007 Certificate '%s' in file %s expired on %s
01420008 Certificate '%s' in file %s will expire on %s
01420010 %s
01460005 SAMPLE: promptstatusd - mcpd.running(1) held, wait for mcpd
01460006 SAMPLE: promptstatusd - semaphore tmm.running(1) held
01460007 SAMPLE: promptstatusd - semaphore tmm.running(1) released
01470000 iSession: Connection error: %s:%u: %s:%d
01470002 iSession: tunnel %F: connection error: deduplication: unrecognized control message %d
01470006 iSession: tunnel %F: internal error: %s:%d: %s: %E; connection aborted
01470007 iSession: internal error: %s:%d: %s: %E
01480001 %s
01480002 %s
01480010 Got a message(%d) for a non existent flow
01480024 Can't bind the flow, waiting for config response on channel %s
01480031 headers limited to %d bytes
01490510 %s: Initializing Access with max global concurrent access session limit: %d
01490523 {{Access Profile, %s}{Partition, %s}{Session ID, %s}{Max Concurrent Sessions, %d}} "#0:#1:#2: Initializing Access with max global concurrent connectivity session limit: #3"
01490526 %s: Initializing Access with max global concurrent connectivity session limit: %d
01490541 Access using device name: %s and device ID: %.*s.
01490555 %s: Initializing Access with max global concurrent url filtering session limit: %d
01490570 PPP listener local address %A tunnel nexthop is NULL
014b0002 RADIUS: %s error %lE
014c0001 DIAMETER: %s error: %lE
014c000f DIAMETER: Invalid AVP length: %d
014c0010 DIAMETER: Invalid AVP code
014c0010 DIAMETER: Invalid AVP length: %d
014c0011 DIAMETER: Invalid AVP code
014c0012 DIAMETER: Invalid event
014e0001 mysql failure detected, attempting to restart mysql (attempt %d).
014e0003 mysql service back online.
014e0007 mysqlhad starting to monitor mysqld
014f0001 %s
014f0002 %s
014f0004 %s
014f000e Becoming primary cluster member
014f0013 Script (%s) generated this Tcl error: (%s)
014f0017 Perpetual handler (%s) exited with failure
01510003 %s
01510004 %s
01510005 SAMPLE: vcmpd - VDisk (LBEMP-LOTWAN01.img/1): Failed to save info file - /shared/vmdisks/LBEMP-LOTWAN01.info
01510007 %s
01510011 vCMP guest %s powered off.
01530007 %s started ===============================
0153002c An instance of zxfrd (pid: %d) is already running! Exiting
01531003 Failed to sign zone transfer query for zone %s using TSIG key %s
0153100c Failed on receive of %d bytes for transfer of zone %s (%s)
0153100e Transfer of zone %s failed with rcode (%s).
01531010 Transfer of zone %s failed b/c there are no records
01531015 Failed to retrieve next RR in %s for zone %s
01531018 Failed to transfer zone %s from %s, will attempt %s
0153101b Ignoring NOTIFY for zone %s due IXFR in progress
0153101c Handling NOTIFY for zone %s
0153101f %s Transfer of zone %s from %s succeeded
01531023 Scheduling zone transfer in %ds for %s from %s
01531025 Serials equal (%d); transfer for zone %s complete
0153102a Failed connect callback to %s for transfer of zone %s
01531105 Zone %s expired. Zone will be unavailable until the next successful zone transfer.
01531300 Cluster status changing from %s to %s
0153e0f7 Lost connection to mcpd
01550004 Critical:
01550005 Critical:
01550006 Critical:
01570004 %s
015a0000 SAMPLE: devmgmtd - Initial trust configuration created
015a0004 "%s"
015c0004 %s
015c0009 IP Reputation has no license currently
015c0010 Initial load of IP Reputation database has been completed
015e0002 [pg:%d pu:%d] %s: %s
015e0004 [pg:%d pu:%d] %s: %s
01630002 (%s) (%s)
01660004 %s
01660009 %s
01660010 %s
01660011 %s
01660012 %s
01660013 %s
01660014 %s
01660015 Interface %s. Non-F5 branded optics are not supported
01660016 %s
01670003 Inbound entry %A,%d,%A,%A found
01670006 [%u.%u] DNAT Picked :%A,%d
01670009 Inbound connection :%A,%d is active
01670010 Inbound entry:%A%%%d:%d, ds-lite remote:%A local:%A timeout:%d for key:%A%%%d:%d proto:%d added. ha mirrored: %s
01670016 No inbound entry found for %A%%%u:%u proto:%u
01670019 "DNAT configuration: %s"
01670020 DNAT connection: %s
01670021 [%u.%u] LSN Pool %s has no usable translation address for DNAT
01670028 LSN pool(%s) inbound route domain id %d\n
01690000 SAMPLE: evrouted - shutdown cleanly
016b0002 Rewrite: %s
016e0002 Execution of action '%.*s' failed, error %E
016e0005 Unable to resume pending policy event on connflow %F
016e0006 Pending policy event missmatch found for %F
01700000 PPTP CALL-REQUEST id;%d from;%A%%%u to;%A nat;%A%%%u ext-id;%d
01700001 PPTP CALL-START id;%d from;%A%%%u to;%A nat;%A%%%u ext-id;%d
01700002 PPTP CALL-END id;%d reason;%d from;%A%%%u to;%A nat;%A%%%u ext-id;%d
01700005 Error creating PPTP-GRE local flows, error %E.
01700009 Unable to locate flow %F.
0170000a Received an unexpected PPTP Control Message(%s) while processing connflow %F. Reason: %s.
0170000b Connflow(%F) has no peer, ignoring.
01700020 Unable to locate PPTP GRE flow with %s key %d while processing connflow %F.
01700021 Unable to retrieve layer 3 header from packet while processing connflow %F.
01700023 Connflow (%F) ignoring an unexpected MPI remote flow response.
01700028 Unable to find serverside PPTP flow for clientside flow %F.
01700029 PPTP DSLITE-CALL-REQUEST id;%d from;%A%%%u,%A%%%u to;%A nat;%A%%%u ext-id;%d
01700030 PPTP DSLITE-CALL-START id;%d from;%A%%%u,%A%%%u to;%A nat;%A%%%u ext-id;%d
01700031 PPTP DSLITE-CALL-END id;%d reason;%d from;%A%%%u,%A%%%u to;%A nat;%A%%%u ext-id;%d
01700032 PPTP DSLITE-CALL-FAILED id;%d reason;%d from;%A%%%u,%A%%%u to;%A nat;%A%%%u ext-id;%d
01740018 Profile PCP error: Invalid operation for %s.
01740023 Profile PCP error: PCP %s missing from message.
01740036 PCP: Invalid %s Option length, Expected %lu, Found %d - Client %A rtid %d
01740039 PCP Request: Client %A - OpCode %s(%d), Lifetime:%u, Packet Length:%lu
017b0009 IVS (connecting from parent %F): Internal virtual server %s received injected message %s with data %#x
01810004 %s
01810007 "%s"
01810008 %s
01820004 %s
01830003 Unable to find a flow for remote vtep %A%%%u, tunnel name = %s.
01830004 Tunnel output has a potential loop for remote endpoint %A%%%u, tunnel name = %s.
01850027 MR: Proxy missing for %s %s
01850028 MR: Message drop due to wrong Hop-by-Hop ID (%u)
01860000 MR SIP: %s returned error: %lE
01860001 MR SIP: %s
01860002 MR SIP: Missing header %s in the message
01860003 MR SIP: Decrypt branch parameter failed with error : %lE
01860004 MR SIP: Encrypt branch parameter failed with error : %lE
01860005 MR SIP: %s
01860006 MR SIP: Invalid config attribute %s in profile %s
01860007 MR SIP: Generated response was not sent '%d - %s' (%F)
01860008 MR SIP: Generated response SENT '%d - %s' (%F)
01860009 MR SIP: Media flow creation (%F)<->(%F) failed due to collision
0186000a MR SIP: Parse error reading number for %s value near %d. Status Code %d
0186000b MR SIP: Parse error bad sip protocol version in headline near %d. Status Code %d
0186000c MR SIP: Parser error invalid or malformed uri in headline near %d. Status Code %d
0186000d MR SIP: Parser error invalid headline near %d. Status Code %d
0186000e MR SIP: Parser error too many header near %d. Status Code %d
0186000f MR_SIP: Parser error extraneous header field near %d. Status Code %d
01860010 MR_SIP: Parser error header too large near %d. Status Code %d
01860011 MR_SIP: Parser error missing header code %d. Status Code %d
01860012 MR_SIP: Parser error CSEQ method does not match headline tag %s : %s. Status Code %d
01860013 MR_SIP: Parser max-forwards value has reached zero. Status Code %d
01860014 MR_SIP: Server in maintence mode. Status Code 503
01860015 MR_SIP: Loop detected. Status code 482
01860016 MR_SIP: Missing Media Connection atributes. Status Code 488
01860017 MR_SIP: Too many media sessions %d / %d. Error Code %d
01860018 MR_SIP: Ingress message queue full, current message dropped (flow %F)
01860019 MR_SIP: Ingress message queue full, closing TCP window (flow %F)
0186001a MR_SIP: Ingress message queue draining, opening TCP window (flow %F)
01860026 MR SIP: invalid address: %A
01860027 MR SIP: Rejecting SIP registration request due to PBA Block timeout blackout. %d seconds left in block, %d-second blackout period
01860028 MR SIP: Backdown of SIP registration request expiry due to PBA Block timeout. %d -> %d in message
01860029 MR SIP: Re-writing SIP REGISTER response expiration value from registrar due to PBA Block timeout. %d -> %d
0186002a MR_SIP: Non-SIP message received. Client connection %F is in fail_open_enabled state
0186002b MR_SIP: Server side connection %F is established and in fail_open_enabled state
0186002c MR_SIP: Fail_open_enabled state %s side connection: %F is torn down or aborted, reason: %lE
01890008 Postgres stopped with a non-zero status (%d).
0189000b Shutting down postgres.
018e0002 %s
018e0005 Exiting, received shutdown signal
018e0017 %s
018e001d %s
018e001e %s
01900006 Profile SCTP error: SCTP %s missing from message.
01900020 SCTP %s association (%F) confirmed peer transport address %la.
01900021 SCTP %s association (%F) peer transport address %la not confirmed, path %F inactive.
01900022 SCTP %s association (%F) %s path %F failed (path-retransmit-exceeded).
01900023 SCTP %s association (%F) %s path %F failed (destination unreachable).
01900024 SCTP %s association (%F) path %F restored.
01900025 SCTP %s association (%F) primary path changed to %F.
01900026 SCTP %s association (%F) path %F usable.
01900027 SCTP %s association (%F) %s path %F not usable (path-retransmit-exceeded).
01900028 SCTP %s association (%F) %s path %F not usable (destination unreachable).
01900029 SCTP %s association (%F) failed (association-retransmit-exceeded).
01900030 SCTP %s association (%F) initialization failed (init-retransmit-exceeded).
01900031 SCTP %s association (%F) aborted by peer.
01900032 SCTP %s association (%F) aborted (%s).
01910001 Tmrouted starting.
01910014 FATAL error: non_initial state (%d) and some state vars are unknown (cluster: %d, primary: %d)
01910030 FATAL error: failed to set timer %p at %s:%d
01910031 FATAL error: failed to clear timer %p at %s:%d
01910032 FATAL error: attempt to set already active timer %p at %s:%d
01910033 FATAL error: attempt to clear inactive timer %p at %s:%d
01910034 FATAL error: attempt to clear wrong timer %p at %s:%d
01910035 FATAL error: timer array exceeded
01910036 FATAL error: RHI failed to send %s request.
01910050 error on cluster socket %d in state %d: %s
01910202 failed to add attribute %u to NETLINK message. got: %d need: %zu
01910204 memory allocation failed for %s: trying %zu bytes
01910300 HA daemon heartbeat disabled. Last value is %u.
01910301 HA daemon heartbeat enabled with %us period. Last value is %u.
01910600 Suppressing route %s matching admin network.
01910601 Unsuppressing route %s matched previous admin network.
01910602 Failed to suppress route %s matching admin network.
01910603 Withdrawing route %s matching admin network not suppressed.
01910604 New route %s matching admin network already suppressed.
01940007 "Failed to allocate the errdefs tmconf handle!"
0194000b "errdefs: error adding local syslog destination %s; check the configuration for missing elements."
0194000c "errdefs: error adding remote syslog destination %s; check the configuration for missing elements."
0194000d "errdefs: error adding remote hsl destination %s; check the configuration for missing elements."
0194000e "errdefs: error adding fslog destination %s; check the configuration for missing elements."
0194000f "errdefs: error adding alertd destination %s; check the configuration for missing elements."
01940010 "errdefs: failed to add splunk destination %s -- the delivering destination %s probably doesn't exist or contains errors."
01940011 "errdefs: error adding IPFIX destination %s; check the configuration for missing elements."
01940012 "errdefs: failed to add splunk destination %s -- the delivering destination %s probably doesn't exist or contains errors."
01940019 "Unable to connect to MCPD, will try again in 30 seconds."
0194001d Errdefsd is starting.
01940022 errdefs: error adding management port destination %s; check the configuration for missing elements.
01960002 netHSM: Failed to login to network HSM with login_status[%lu].
01960004 netHSM: Failed login: password[%s]. Error[%lu].
01960005 netHSM: The session with the network-hsm is invalid.
01960005 netHSM: The session with the network-hsm is invalid.
01960006 netHSM: Failed to open file [%s].
01960007 netHSM: Unknown client [%d].
01960008 netHSM: Thales RFS error [%s].
01960009 netHSM: Failed to allocate space [%u] for [%s].
01960010 netHSM: Unknown HSM vendor [%s].
01960011 netHSM: BigDB error [%d][%s].
01960012 netHSM: PKCS11d (re)initialization is not complete.
01960013 netHSM: PKCS11d stopped. Verify password, and restart PKCS11d.
01960014 netHSM: Error: %s.
01a40000 Failed to create IVS (%s).
01a40001 Failed to create OCSP context - %s, with error: %E.
01a40002 Failed to create OCSP request with OCSP object(%s), certificate(%s).
01a40003 HTTP status code of OCSP response(%d) indicates failure to obtain the response for certificate(%s).
01a40004 OCSP validation result of certificate(%s): OCSP response - (%s), certificate status - (%s), lifetime - %u.
01a50024 Node to corrupt %s is invalid
01a50027 The revoke option is only available on VE platforms.
01a50031 Manifest created is larger than 512K: %u
01a50033 Unable to parse the manifest with a json parser.
01a50034 Failed to get variables from mcpd: %s
01a50035 Failed to to connect to mcpd.
01a50100 Error: Failed to store EULA in %s.
01a50101 Error: Failed to install backup file %s to %s.
01a50102 Error: Failed when calling /usr/bin/chcon for %s.
01a50111 Error: Server busy, retry in %d seconds.
01a60001  
01a70121 Error: Failed while getting the status, %s.
01a70122 Error: Failed to obtain auto-check/auto-phonehome status.
01aa0000 ICAP (%F): Incomplete message body received from server
01aa0001 ICAP (%F): Unexpected status code %u received from server
01aa0002 ICAP (%F): Server responded 204 beyond or without preview ('Allow: 204' is not supported)
01aa0003 ICAP (%F): Parsing ICAP response headers failed
01aa0004 ICAP (%F): Parsing ICAP chunked response body failed
01aa0005 ICAP (%F): Status code %u received from server
01aa0006 ICAP (%F): Response completed after request completed - connection may be reused by 'oneconnect'
01aa0007 ICAP (%F): Response completed before request - request truncated and oneconnect reuse disabled
01aa0008 ICAP (%F): An IVS result was imposed during iRule event %s - ICAP transaction terminated
01aa0009 ICAP (%F): An iRule parked at event %s
01aa0010 ICAP (%F): Processing message %s failed: %s
01aa0011 ICAP (%F): Processing ingress from IVS failed: %s
01aa0012 ICAP (%F): Processing egress from server failed: %s
01aa0013 ICAP: Client-facing state transition %s -> %s
01aa0014 ICAP: Server-facing state transition %s -> %s
01ad0001 Monitor Agent TMM %u: channel could not be opened: error %s(%s)
01ad0003 Monitor Agent TMM %u: channel could not be authenticated: error %s(%s)
01ad0013 Monitor Agent TMM %u: failed to handle %s message: MID %u, error %s(%s)
01ad0014 Monitor Agent TMM %u: created activity: proto %s, endpoint %A:%u, monitor %s
01ad0015 Monitor Agent TMM %u: failed to create activity: proto %s, endpoint %A:%u, monitor %s
01ad0016 Monitor Agent TMM %u: deleted activity: MID %u
01ad0017 Monitor Agent TMM %u: sent probe: MID %u
01ad0018 Monitor Agent TMM %u: failed to send probe: MID %u
01ad0019 Monitor Agent TMM %u: received probe response: MID %u, reason %s(%s), info %#x
01ad0020 Monitor Agent TMM %u: probe response timeout: MID %u
01ad0021 Monitor Agent TMM %u: created/enlarged monitor table for %u entries

 

Log Messages Details

00020000 : Resuming log processing at this invocation; held %d messages.

Location:
/var/log/ltm

Conditions:
The following messages are not the actual log messages.

        00020000:6: Re-enabling general logging; held %d messages
        00020000:6: Cumulative log rate exceeded! Throttling all non-debug logs.

You should locate the unthrottled versions, which will look like one of the following:

        00020000:6: Developer error: unrecognised logging variable '$vname'!
        00020000:6: Developer error: unrecognised logging domain in '$prodsub'!

It would also help to have the name of the process that logged the message.

These messages occur when a feature tries to log, read, or write a control flag for a logging product or subset that does not exist (the initial four digits of a log number). It is also possible that these logs are being generated by code that is attempting to map command line options, GUI elements, db variables, etc., to log control variables.

Impact:
If these messages are coming from a feature, that feature is not successfully logging. If these messages are coming from some kind of bridge between command line options, GUI elements, db variables, or log control variables, then the knob or control does not work.

Recommended Action:
If these messages are the result of a miscoded feature, then the feature has never been able to send logs, and there is no work-around for the problem.

If these messages are the result of a miscoded control knob (command line option, GUI element, db variable, etc.), then that control knob will not work, but the associated logs can still be controlled via Common Logging Framework objects (Publishers, Destinations, and Filters).

In either case, please file a bug.


01010001 : %s starting

Location:
/var/log/ltm

Conditions:
Example:
01010001:5: pgo_use x86_64 padc TMM Version 13.0.0.0.0.1622 starting

The message is emitted at 'notice' priority, and is an announcement that the given TMM instance has started. It is always emitted, and provides the target, architecture, and build version for the TMM executable.

Impact:
The appearance of this message indicates system health. Its presence is useful for locating the point in the logs where TMM instances start.

Recommended Action:
None.


01010004 : Memory allocation failed: %s

Location:
/var/log/ltm

Conditions:
This error occurs when there is not enough free memory left in the system to allocate the required amount for a software module.

Impact:
The impact could range from some of the functionality being briefly delayed until more memory becomes available to a significantly more damaging issue, such as the system failing to allocate memory for new connections, causing the system to become unusable.

Recommended Action:
If possible, provision more memory to TMM.
Use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


01010007 : "Config error: %s"

Location:
/var/log/ltm

Conditions:
The following configuration error messages point to a failure in setting up internal services necessary for the Network Access feature in APM to work.
- Config error: Access forwarding virtual create failed.
- Config error: Access HTTP forwarding virtual create failed.

The following configuration error message points to a failure in setting up internal services necessary for the Portal Access feature in APM to work.
- Config error: Access portal virtual create failed.

Impact:
Network Access feature in APM will not work.
- Config error: Access forwarding virtual create failed.
- Config error: Access HTTP forwarding virtual create failed.

Portal Access feature in APM will not work.
- Config error: Access portal virtual create failed.

Recommended Action:
This issue might be a result of invalid configuration. Please reload configuration using 'tmsh load sys config'. The output of config reload should be without error.


01010011 : Persistence cookie hash failed

Location:
/var/log/ltm

Conditions:
This error can occur when, for a given persistence profile, a cookie hash entry (in the profile's persistence table) is either invalid or becomes stale, compared to the expected HTTP cookie header in the server side response from a pool member requiring persisted connections. The length of the HTTP cookie header probably exceeds the offset of the cookie hash specified in the persistence profile.

Impact:
This error indicates an invalid cookie hash persistence entry and, as a result, connections might not be persisted for the expected pool or pool members. Instead the default load-balancing method is applied.

Recommended Action:
Either of the following actions can help to solve the problem:
1. Correct the cookie hash entry in the persistence profile, by changing the cookie hash offset or length, to accommodate the HTTP cookie in the server side response for the correct parsing of the cookie hash.
2. Change the HTTP cookie header in the server side response, on the pool member requiring persistent connections, to accommodate the expected cookie hash in the related persistence profile.


01010013 : database size increased by %d bytes, %d total

Location:
/var/log/ltm

Conditions:
This message is an informative message that is logged when the BIG-IP configuration database needs to be extended. It does not necessarily reflect an error.

Impact:
None.

Recommended Action:
None.


01010019 : Caught signal %d, exiting

Location:
/var/log/ltm

Conditions:
Example:
01010019:5: Caught signal 2, exiting

The message is emitted at 'notice' priority, and is an announcement that the TMM has received either a SIGINT (2) or a SIGKILL (15) signal. The most common way to send TMM one of these signals is with the 'kill' command from the BIG-IP device's root shell.

The 'kill' command requires the process identifier ("pid") for the targeted executable. To find the list of pids for TMM, from the root shell, enter the following command:

cat /var/run/tmm.*.pid | sort -un

On a running BIG-IP system, one or two pids will be displayed. Choose either pid, substituting the number into the command "kill -INT ____". For example:

[root@bigip:Active:Standalone] log # cat /var/run/tmm.*.pid | sort -un
20050
[root@bigip:Active:Standalone] log # kill -INT 20050
[root@bigip:Active:Standalone] log # Jan 26 16:12:14 bigip emerg logger: Re-starting tmm
Jan 26 16:12:14 bigip emerg logger: Re-starting tmm1
Jan 26 16:12:14 bigip emerg logger: Re-starting tmm2
Jan 26 16:12:14 bigip emerg logger: Re-starting tmm3
Jan 26 16:12:14 bigip emerg logger: Re-starting tmm4
Jan 26 16:12:14 bigip emerg logger: Re-starting tmm5
Jan 26 16:12:14 bigip emerg logger: Re-starting tmm6
Jan 26 16:12:15 bigip emerg logger: Re-starting tmm7
# grep 01010019 /var/log/ltm
Jan 26 16:12:13 bigip notice tmm[20050]: 01010019:5: Caught signal 2, exiting

Impact:
When a TMM process instance receives a SIGINT or SIGKILL signal, all TMM instances are restarted immediately. No core file is produced. On systems where multiple TMM processes are running, tmm.start will detect the termination of any of its child TMM process instances and display the following message:

notice tmm.start: /etc/bigstart/scripts/tmm.start caught SIGCHILD, sending SIGTERM to all remaining tmms

This assures that if any TMM process is terminated for any reason, all TMM processes are restarted.

Recommended Action:
It is abnormal for SIGINT or SIGKILL to be sent to a process. If this message is seen in the logs, it indicates that a TMM process received the indicated signal. F5 Networks is not aware of any way this can occur, other than through the action of a root user at the bash shell prompt. Blocking access to the root ("Advanced") shell, or selecting Appliance Mode in the BIG-IP license should eliminate the possibility of seeing this message.


01010020 : MCP Connection %s, exiting

Location:
/var/log/ltm

Conditions:
MCP connection is closed, aborted, or expired after tmm saw any data coming from mcp. It might happen due to any connectivity problems between tmm and mcp or mcp being down.

Impact:
It is a critical error for TMM. It restarts. Attempts to reconnect will be made after that.

Recommended Action:
Verify that mcpd is up, and consider restarting it. Inspect /var/log/ltm to find mcpd messages pointing to the reason of failure.


01010027 : Unable to attach to PCI device %02x:%02x.%02x

Location:
/var/log/ltm

Conditions:
At startup, tmm attaches to several hardware acceleration devices (network devices such as kernel interfaces, HSB DMA engines, ssl crypto, and compression devices). Any failure to initialize a device results in the 'Unable to attach' with the specific PCI bus:slot.func coordinates.

Impact:
Device will not be used by tmm and could impact traffic passing, or result in fallback to software compression or crypto.

Recommended Action:
Restart tmm. System reboot. Potential RMA.


01010028 : No members available for pool %s

Location:
/var/log/ltm

Conditions:
The probable cause for this message is external to the BIG-IP system: the pool members (servers) are all either down or unreachable. Additionally, this message could also be caused by a hardware or software issue on the BIG-IP itself.

Impact:
Services that require access to members of the given pool log errors and cease to function.

Recommended Action:
Find and correct the server access problem following typical server connectivity debugging processes.


01010029 : Clock advanced by %u ticks

Location:
/var/log/ltm

Conditions:
This message will be logged if the tmm clock is modified by more than 100 ticks at once after tmm is ready. This could indicate a situation where the TMM might be preempted or has a lagging clock, or an NTP message was received with a large difference in time.

Impact:
The tmm common ticks which affects flow timeouts, TCP timestamps etc will be abruptly incremented.

Recommended Action:
After ensuring that the time/NTP server is correctly set on the blade(s) and chassis, reboot the BIG-IP once to ensure that the tmms are correctly synchronized to the NTP time.


01010038 : Syncookie counter %d exceeded vip threshold %u for virtual = %A:%d

Location:
/var/log/ltm

Conditions:
A virtual server is under high load such that the outstanding SYN cookie threshold is reached. The threshold is configured with the default-vs-syn-challenge-threshold LTM global-settings connection property.

Impact:
While the per-virtual server SYN cookie threshold is reached, SYN cookies will not be issued on the virtual server. Connections will be established without SYN cookies.

Recommended Action:
Investigate whether the traffic load is normal or excessive. The SYN cookie threshold might be reached due to a normal spike in traffic or an attack.


01010040 : Clock has unexpectedly adjusted by %lld ms

Location:
/var/log/ltm

Conditions:
Internal TMM clock adjustment occurred.

Impact:
TMM might be unable to converge on an accurate representation of its internal time. TMM clock has been advanced by more ticks than expected. This can indicate that TMM has been preempted or has a lagging clock.

Recommended Action:
If this message occurs routinely, contact support.


01010044 : "%s feature %s licensed"

Location:
/var/log/ltm

Conditions:
This message does not necessarily denote a problem. It displays the license status of BIG-IP device's component.
When status for component X is "licensed", this log displays the message:
Component X is licensed.
When the component is not licensed, the message is:
Component X is NOT licensed.

Impact:
If the message is "Component X is licensed", there is no impact. It is an informative message.
If the message is "Component X is not licensed", then you cannot use the mentioned component/feature.

Recommended Action:
If you want to use a component that is not currently licensed, you need to activate the license.


01010045 : Bandwidth utilization is %d Mbps, exceeded %d%% of Licensed %d Mbps

Location:
/var/log/ltm

Conditions:
This message appears when the system is using more bandwidth that it was licensed to use.

Impact:
The system will not perform at its full potential with a limited license.

Recommended Action:
A license with better bandwidth utilization would stop this message from appearing.


01010054 : tmrouted connection %s

Location:
/var/log/ltm

Conditions:
The connection between the tmrouted daemon and TMM has been lost.

Impact:
This is expected behavior during shutdown or restart. If it occurs during normal operation examine system log files for indications as to the behavior of the tmrouted daemon, which likely restarted. If the tmrouted deamon restarts, dynamic routing will be interrupted.

Recommended Action:
Look for tmrouted corefiles and tmrouted log messages in /var/log/ltm.


01010201 : Inet port exhaustion on %*A to %*A%c%d (proto %d)

Location:
/var/log/ltm

Conditions:
This error appears on a system when an unused ephemeral port cannot be found by using the ephemeral port search criteria. Variables specify the lost IP address and port connection due to this condition. The search criteria defaults to 16 random attempts, with 16 linear attempts. A single IP address can choose from about 64k ports, so not finding a port indicates that the system is using over 60k ports. The exact number of ports in use is unknown, because the algorithm discovers open ephemeral ports through a methodology, instead of counting ports. The results of the algorithm are approximately 64k ports.

Impact:
When this error occurs, the port-find functionality fails and the connection is lost.

Recommended Action:
There is no workaround for this error. The algorithm stops when this error is written to /var/log/ltm. To mitigate this condition, a warning message is available in BIG-IP version 12.0, indicating that the port-find functionality is heavily loaded (statistically 80% to 90% of the 64k ports in use). You can use an SNMP trap to alert this message, and inform the client to add more virtual IP's the system, relieving the heavily loaded connections.


01010213 : L3 Address LB method deprecated; using 'Least Connections' for pool %s

Location:
/var/log/ltm

Conditions:
A virtual server is configured with L3 Address load balancing method.

Impact:
The Least Connections load balancing method will be used instead of the deprecated L3 ADDR load balancing method.

Recommended Action:
Set the virtual server load balancing method to Least Connections. or other desired load balancing method.


01010216 : DNSSEC: Signature failed (%s) for RRSET (%s, %lu) with key %s, generation %llu.

Location:
/var/log/ltm

Conditions:
Unable to sign RRSet. See error for more details. Typically this is due to the device running out of memory, but could also be due to the device experiencing a heavier than usual load.

Impact:
RRSet will not be signed.

Recommended Action:
If this is memory related, use the command 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


01010221 : Pool %s now has available members

Location:
/var/log/ltm

Conditions:
A pool with no available members now has available members. The pool may have had no available members due to administrative action, monitors, connection limits, or other constraints on pool member selection.

Impact:
This indicates that traffic is now load-balanced to the available member as desired.

Recommended Action:
None.


01010225 : Failure to query dns-express db (%s)

Location:
/var/log/ltm

Conditions:
This log messages covers a variety of errors that indicate a query to the DNS Express database was not successful. The possible reasons include the database not being readable and malformed queries.

Impact:
Generally, a query in this situation will continue to be processed according to the DNS Profile configuration. An AXFR request to the BIG-IP will result in either a SERVFAIL or FORMERR response to the requesting client.

Recommended Action:
This message should be used in conjunction with other log messages to determine impact to the system.


01010231 : DNSSEC: Did not add RRSIGs to response RR set (owner: %s).

Location:
/var/log/ltm

Conditions:
Tmm has detected that it should have signed a dns response with a dnssec key but didn't add a resource record signature.

Impact:
The current dns response will be dropped.

Recommended Action:
The message indicates a problem signing a resource record using a dnssec key. Other log messages might indicate why a particular key failed to sign the resource record, and should be investigated to verify that the information associated with the dnssec keys is correct.


01010235 : Inet port find called for pg %d with invalid cmp state %x

Location:
It can happen when current TMM's CMP state is invalid or the target TMM is down.

Conditions:
This error message appears when a TMM runs port find for a target TMM that is not active based on current CMP state. A TMM in BIGIP is identified as {PG, PU}. PG refers to slot index and PU refers to TMM index on the slot. This error message complains the PG of the target TMM is down based on current CMP state.

Impact:
It might cause flow connections to fail.

Recommended Action:
No workaround. Reboot if the problem persists.


01010239 : LSN error: %s

Location:
LTM log

Conditions:
An LSN pool is configured, but the CGNAT module is not licensed and provisioned.

Impact:
The CGNAT configuration is ignored by TMM until the CGNAT module is licensed and provisioned. No other negative impacts.

Recommended Action:
License and provision the CGNAT module.


01010240 : Syncookie HW mode activated, server = %A:%d, HSB modId = %d

Location:
/var/log/ltm

Conditions:
This message indicates that the BIG-IP device has detected a syncookie DOS attack and activated hardware syncookie protection mode on the HSB.

Impact:
This is an information message regarding hardware syncookie protection state on the BIG-IP device. it does not indicate any operation error. Refer to https://support.f5.com/csp/article/K14813 for more information on detecting and mitigating DoS/DDoS attacks.

Recommended Action:
None.


01010241 : Syncookie HW mode exited, server = %A:%d, HSB modId = %d from %s

Location:
/var/log/ltm

Conditions:
When HSB exits hardware syncookie protection mode on the BIG-IP device. It indicates that the BIG-IP device detects that the syncookie DOS attack has stopped.

Impact:
This is an information message regrading hardware syncookie protection state on the BIG-IP device. It is not an error message. Refer to https://support.f5.com/csp/article/K14813 for more information on detecting and mitigating DoS/DDoS attacks.

Recommended Action:
None.


01010250 : Pool member %A:%u exceeded configured rate limit.

Location:
/var/log/ltm

Conditions:
If this message appears, the configured number of allowed new connections per second for pool member has been exceeded.

Impact:
New connections for pool member are created faster than allowed in configuration. The BIG-IP device prevented an excessive number of connection requests to this pool member. Connections still might have been established after a retry to the other pool member.
This might indicate that the pool member is a target for more connections than it was configured to handle. If all pool members report this problem at the same time, the virtual server might be experiencing a high-demand traffic event or be under Denial of Service (DoS) attack.

Recommended Action:
Rate limit can be changed as described in Manual: Setting Connection Limits (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-2-1/30.html).


01010251 : Virtual %s exceeded configured rate limit.

Location:
/var/log/ltm

Conditions:
If this message appears, the configured number of allowed new connections per second for virtual server has been exceeded.

Impact:
New connections for virtual server are created faster than allowed in configuration. Thus, the BIG-IP device prevented an excessive number of connection requests. This might indicate that virtual server is during high-demand traffic event or under Denial of Service (DoS) attack.

Recommended Action:
Rate limit can be changed as described in Manual: Setting Connection Limits (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-2-1/30.html).


01010259 : External Datagroup (%s) %s.

Location:
/var/log/tmm.x, where x indicates the tmm thread number.

Conditions:
All variants of the message are related to operations on externals datagroups (see ttps://devcentral.f5.com/articles/the101-irules-101-datagroups-amp-tables ). These operations are conducted by an administrator through a configuration interface (web GUI, tmsh CLI, or by script) and include datagroup creation, update, and deletion.

- "queued" and "queued for update": This is not an error. The message indicates that tmm started processing external datagroup file (for datagroup creation or update, respectively).

- "creation finished" and "update finished": This is not an error. The message indicates that tmm successfully finished processing external datagroup file (for datagroup creation or update, respectively).

- "deleted": This is not an error. The message indicates that processing of external datagroup file was cancelled, because datagroup was deleted.

- "failed": Processing of external datagroup file failed. Either tmm is out of memory or a TCL error occurred.

Impact:
Only a "failed" message indicates an error: An external datagroup was not created nor updated (depending on operation requested).

Recommended Action:
For a "failed" message: Check for excessive memory usage using 'ps aux --sort -rss | head'. Consider restarting the processes consuming too much memory. If there is no excessive memory usage, file a bug. Try re-issuing datagroup operation.


01010260 : Hardware Error(%s): %s %s

Location:
/var/log/tmm.n, where n is the specific TMM on the BIG-IP that detected the problem.

Conditions:
Occurs when the driver for the Cavium NITROX security co-processor detects a hardware failure.

Impact:
Hardware offloading of SSL traffic will stop and all SSL processing will be done in software. This may result in a performance degradation.

Recommended Action:
Shutdown (power off) the BIG-IP and then restart it. If the problem occurs again, please contact F5 Support for assistance.


01010273 : Access policy Configuration object: [%s] not found

Location:
/var/log/apm

Conditions:
This message will never appear in a good BIG-IP policy configuration environment. This can appear only if an access policy configuration in the BIG-IP system gets corrupted for some reason. The situation it is reporting, when it receives an access policy item modification or deletion (which should have an association with it parent "access policy" object), but could not find its parent "access policy" object.

Impact:
None.

Recommended Action:
Edit the BIG-IP access policy config and remove reported access policy item.


01010274 : Access Policy and Access Policy Item join failed: [%s] not found

Location:
/var/log/apm

Conditions:
This error might appear during a resolve relation between "access policy item" and "access policy". Each access policy has one or more access policy items. At the end of access policy configuration modification process, it is required to resolve all relationships between access policy items within access policy. During this process, if any relationship is broken, mostly due to configuration corruption, it reports this error.

Impact:
There is no direct impact on the system, as it ignores the missing relationship. However, the access policy might not work the way it supposed to, as the reported "access policy item" will not appear in the configuration.
This situation will appear only if the BIG-IP access policy configuration gets corrupted.

Recommended Action:
Edit the access policy and reload.


01010276 : FTPS warning: Security policy disabled for %A%%%u:%u due to explicit FTPS mode negotiation

Location:
/var/log/ltm

Conditions:
When we enter explicit FTPS mode, the ASM profile must be disabled; otherwise, it tries to evaluate encrypted data to make firewall decisions.

Impact:
The configured ASM profile cannot function.

Recommended Action:
Reconfiguration is required. Don't use FTPS with ASM. Refer to the following devcentral article: https://devcentral.f5.com/articles/ftps-offload-via-irules


01010290 : TCP: Memory pressure activated

Location:
/var/log/ltm

Conditions:
TMM has used more memory than the threshold specified in the sys db variable TM.TCPMemoryPressure.lowater (in percent).

Impact:
TCP memory pressure has been reached. TMM might drop payload data or entire packets until memory usage falls below the threshold.

Recommended Action:
Occasionally seeing this message is not necessarily an issue, but might indicate that the TMM needs more available memory. Restarting the TMM might be sufficient to reduce the TMM's memory usage, but the messages are likely to return if the TMM does not have enough memory. Methods to increase the memory available to the TMM include increasing the provisioning level of the LTM module, reducing the amount of traffic directed towards the BIG-IP system, and (on vCMP guests and VE) increasing the memory allocated to the BIG-IP system. TMM memory usage can be observed with the "tmstat" command.


01010291 : TCP: Memory pressure deactivated. Dropped %llu packets, %llu bytes

Location:
/var/log/ltm

Conditions:
TMM was using more memory than the threshold specified in the sys db variable TM.TCPMemoryPressure.lowater (in percent), and memory usage is now below the threshold.

Impact:
TCP memory pressure had been reached, and has now subsided. TMM dropped payload data and/or entire packets as specified in the message.

Recommended Action:
Occasionally seeing this message is not necessarily an issue, but might indicate that the TMM needs more available memory. Restarting the TMM might be sufficient to reduce the TMM's memory usage, but the messages are likely to return if the TMM does not have enough memory. Methods to increase the memory available to the TMM include increasing the provisioning level of the LTM module, reducing the amount of traffic directed towards the BIG-IP system, and upgrading the memory of the BIG-IP system. TMM memory usage can be observed with the "tmstat" command.


01010300 : BDoS: (TMM) Histogram (%p) %s for context %s (ref cnt %d).

Location:
/var/log/bdosd.log

Conditions:
BDoS (dynamic-signature) is enabled/disabled per context.

Impact:
None. This is a log message that displays histogram memory ref count state and is logged only when log.tmm.level is set to level Debug.

Recommended Action:
To disable logging this message, change log.tmm.level to a log level other than Debug.


01010301 : BDoS: (TMM) %s failure for context %s - %s (error %s).

Location:
/var/log/bdosd.log

Conditions:
TMM fails to create BDoS histogram memory for a specific context (device or virtual server) when dynamic-signature feature is enabled on that context. This might happen mainly due to OOM condition.

Impact:
This error message indicates that TMM is unable to enforce the BDoS dynamic-signature feature for the specific context for which the message is logged.

Recommended Action:
None.


01010302 : BDoS: (TMM) %s signature (%s) for context %s at idx %u (detection=%u mitigation=%u state=%s transient=%s retired=%s).

Location:
/var/log/bdosd.log

Conditions:
A new (AFM) BDoS dynamic signature is generated (or an existing signature is updated) by the AFM bdosd daemon during an attack, and the signature create/update message is sent to the tmm daemon for enforcement.

Impact:
None. This is an informational/debug message that is logged only if log.tmm.level is set to level Debug.

Recommended Action:
To disable logging this message, change log.tmm.level to a log level other than Debug.


01010303 : BDoS: (TMM) signature (%s) removed (at idx %u of signature table) from context %s.

Location:
/var/log/bdosd.log

Conditions:
A BDoS dynamic signature is being removed via a remove message received from the bdosd daemon.

Impact:
None. This informational/debug message is logged in TMM only if log.tmm.level is set to level Debug.

Recommended Action:
None.


01010305 : BDoS: (TMM) afm_provisioned=%s dos_provisioned=%s l4_bdos_licensed=%s bdos_feature_enabled=%s detection=%s

Location:
/var/log/bdosd.log

Conditions:
Debug log message that displays AFM/DHD module provision status, as well as l4bdos feature flag license state.

Impact:
None. This is an informational/debug message that is logged whenever if log.tmm.level is set to debug level.

Recommended Action:
None.


01010307 : Memory allocation failed: %s %s

Location:
/var/log/ltm

Conditions:
The message can appear during crypto operations if an allocation request fails to deliver the requested block size.

Impact:
This is an out-of-memory condition. The primary response is to drop the flow associated with the failed allocation request.

Recommended Action:
None.


01010308 : Access Policy update: %s End Txn Failed (%d)

Location:
/var/log/apm, GUI

Conditions:
This error is triggered due to some error in MCPD or in the communication with MCPD. The error represents something observed by a consumer and hence, the source of the error (either in the producer or framework) cannot be ascertained easily.

Impact:
Creation or update of a Per-Request Access policy or its components might not occur.

Recommended Action:
This might be a transient error and might succeed on retry. If this is due to problems in MCPD, restarting MCPD might be necessary.


01010309 : Access Policy(%s) update: Subroutine properties can be only assigned to Access policy of type subroutine

Location:
/var/log/ltm

Conditions:
A subroutine-properties object (tmsh list apm policy subroutine-properties) has been associated with an access-policy object (includes per-request policies and access policy macros) that is not of type subroutine. This is an invalid configuration.

Impact:
This is an invalid configuration. The policy might fail to execute as expected

Recommended Action:
Find the access-policy object and remove the subroutine-properties from it.


01010311 : Failed to configure VDI-enabled listener %s: %En

Location:
/var/log/ltm

Conditions:
For a virtual server on a specific VLAN with a VDI profile assigned, an attempt has been made to enable TCP connection redirections.

Impact:
An attempt to create or update a VDI-enabled virtual server will fail. The specifier in the format string will, in this case, give a particular error code to what has actually happened.

Recommended Action:
No known workaround. It is recommended to escalate to F5 if this error happens repeatedly.


01010313 : Profile %s create failed.

Location:
/var/log/ltm

Conditions:
A generic error in tmm profile update handler.

Impact:
The profile update operation might have not been completed successfully.

Recommended Action:
Check your profile update operation for a possible error.


01010314 : profile %s update: bad profile

Location:
/var/log/ltm

Conditions:
The tmm receives a profile update message, but the profile cannot be found.
The profile could have been already deleted or the create operation failed.

Impact:
The system might not function as expected.

Recommended Action:
Check that profile creation, updates, and deletions follow the expected sequence.


01010315 : Agent [%s] update: Invalid event validate

Location:
/var/log/ltm

Conditions:
The update event received by the TMM is not one of the recognized types. This can indicate a serious communication problem between the TMM and MCPD.

Impact:
Agent update was not processed.

Recommended Action:
None.


01010316 : Agent [%s] update: agent clone failed

Location:
/var/log/ltm

Conditions:
While processing an update to an agent, the TMM attempted to copy an existing agent object, but this cloning process failed.

Impact:
The agent was not successfully cloned, so the policy did not properly load into TMM. End-users might experience resets.

Recommended Action:
Updating the agent again might allow the agent to properly load.


01010317 : Agent [%s] update: agent store failed

Location:
/var/log/ltm

Conditions:
The TMM attempted to add the agent object to a collection, but failed. The failure could be due to memory pressure. It could also be due to finding a duplicate entry.

Impact:
The updated agent was not added to the collection, so the dataplane will not be able to find the updated agent. The old configuration might be used, or the dataplane might fail to find an instance of the agent object, resulting in resets.

Recommended Action:
None.


01010318 : Agent [%s] update: agent construct failed

Location:
/var/log/ltm

Conditions:
Agent construction failed. This could be due to memory pressure, or failure to retrieve fields from MCP.

Impact:
An update of agent failed to process. An old configuration might be used, or the dataplane might fail to find an instance of the object, resulting in resets.

Recommended Action:
None.


01010322 : pem protocol profile gx modify {%s}: invalid

Location:
/var/log/ltm

Conditions:
An attempt has been made to modify a non-existent Gx protocol profile.

Impact:
The Gx protocol profile modification operation will fail. There should be no impact to ongoing services.

Recommended Action:
Check for a valid Gx protocol profile prior to performing any operations on it.


01010323 : {%s, %s}: protocol message cannot be deleted, error %E

Location:
/var/log/ltm

Conditions:
An attempt has been made to modify a non-existent Gx protocol message within a valid Gx protocol profile.

Impact:
The Gx protocol message modification within a Gx protocol profile will fail. There should be no impact to ongoing services.

Recommended Action:
Check for a valid Gx protocol message in a Gx protocol profile prior to performing any operations on it.


01010324 : {%s, %s}: not found, cannot modify.

Location:
/var/log/ltm

Conditions:
An attempt has been made to modify a non-existent RADIUS or Gx protocol message within a valid protocol profile.

Impact:
The RADIUS or Gx protocol message modification within a protocol profile will fail. There should be no impact to ongoing services.

Recommended Action:
Check for a valid RADIUS or Gx protocol message in a protocol profile prior to performing any operations on it.


01010325 : pem protocol profile radius modify {%s}: invalid

Location:
/var/log/ltm

Conditions:
An attempt has been made to modify a non-existent RADIUS protocol profile.

Impact:
The RADIUS protocol profile modification will fail. There should be no impact to ongoing services.

Recommended Action:
Check for a valid RADIUS protocol profile prior to performing any operations on it.


01010326 : {%s, %s}: protocol message cannot be deleted, error %E

Location:
/var/log/ltm

Conditions:
An attempt was made to delete a RADIUS protocol message that has some deletion restrictions on it. One such restriction could be an invalid or unconfigured message.

Impact:
The RADIUS protocol message deletion will fail. There should be no impact to ongoing services.

Recommended Action:
Check for a valid RADIUS protocol message prior to performing any operations on it.


01010327 : {%s, %s}: not found, cannot modify.

Location:
/var/log/ltm

Conditions:
An attempt has been made to modify a non-existent RADIUS or Gx protocol message within a valid protocol profile.

Impact:
The RADIUS or Gx protocol message modification within a protocol profile will fail. There should be no impact to ongoing services.

Recommended Action:
Check for a valid RADIUS or Gx protocol message in a protocol profile prior to performing any operations on it.


01010328 : BDoS: (TMM) afm_provisioned=%s dos_provisioned=%s dns_bdos_licensed=%s detection=%s

Location:
/var/log/bdosd.log

Conditions:
Debug log message that displays AFM/DHD module provision status as well as dns_bdos feature flag license state.

Impact:
None. This is an informational/debug message that is logged whenever log.tmm.level is set to debug level.

Recommended Action:
To disable logging this message, change log.tmm.level to non-debug level.


01010329 : BDoS: (TMM) Signature %s: threshold_mode=%s detection=%u mitigation_curr=%llu

Location:
/var/log/bdosd.log

Conditions:
There is an ongoing DDoS attack.

Impact:
The debug log message shows the current threshold mode, detection and mitigation (rate limit) values for an existing AFM BDoS signature that is being used to mitigate a DDoS attack. This message is logged only if log.tmm.level is set to level Debug.

Recommended Action:
To disable the log message, change log.tmm.level to a log level other than Debug.


01010330 : Failed to register the Neuron App %s with the Neuron client

Location:
/val/log/ltm

Conditions:
A tmm reports that it can not register with the neurond daemon:

May 25 07:28:06 mewtwo err tmm2[14613]: 01010330:3: Failed to register the Neuron App neuron_client_tmm_bigproto with the Neuron client

The neurond is not running or enabled. Check the neurond logs and running status.

Impact:
The function in the application that tries to register with the Neuron daemon will not be available.

Recommended Action:
None.


01010331 : Neuron client %s failed with %s(%s)

Location:
/var/log/ltm

Conditions:
Neuron daemon reports the failure and the reason for the failure of an API call from the application that initiates the API call:

May 11 06:24:15 i10800-R22-S20 err tmm[25098]: 01010329:3: Neuron client neuron_client_tmm_epva_fix failed with client request submit(client connection is busy (has outstanding requests))

The neuron daemon cannot finish the API request from the client, and the Neuron SDK returns an error code that corresponds to the error message sent back to the client.

Impact:
The client functions that are specified in the API cannot complete. The application might retry or bail out, depending on the application implementation, which might affect the application functions that depend on Neuron.

Recommended Action:
There is no workaround without interrupting the operation. The neurond daemon might be restarted to see if the Neuron chip can recover.


01010332 : Neuron application %s registered

Location:
/var/log/ltm

Conditions:
Informational message showing that an application that requires Neuron functionality has successfully registered with the Neuron daemon:

May 11 06:24:15 i10800-R22-S20 notice tmm[25098]: 01010332:3: Neuron application bigproto registered

An application that requires Neuron functionality registered with the Neuron daemon during startup time.

Impact:
None.

Recommended Action:
None.


01020037 : The requested %s (%s) already exists

Location:
/var/log/ltm

Conditions:
A client is attempting to create a non-partitioned object that already exists in the database. The primary key for the object must be unique.

Impact:
The client's transaction will fail.

Recommended Action:
Change the value used for the object's primary key, and resubmit the transaction.


01020066 : The requested %s (%s) already exists in partition %s

Location:
/var/log/ltm

Also, UI interfaces when a transaction fails.

Conditions:
This error message occurs when attempting to create something that already exists. This can happen in a variety of ways.

(1) Simple user error. Attempt to create an object that shares the same name or identifier. For example, creating two pools with the name 'poolA'. A less obvious one is uniqueness constraints, for example ltm node's address must be unique across all partitions.

(2) Reconfigure an iApp. iApp reconfigure tends to perform delete followed by create. Ordering internally matters for logical dependencies, and can come into conflict with referential integrity constraints.

(3) If a transaction contains multiple actions over a single object. For example, if you deleted an HTTP monitor `m1` followed by creating an HTTPS monitor, naming it `m1`, then attempted to sync. Other ways of creating such transactions can be done by using tmsh transactions functionality or merge loading of configuration.

Impact:
This can cause a validation error, sync to fail, or iApp deployment to fail.

Recommended Action:
(1) If a transaction contains multiple actions over a single object, separate them into two transactions. For example, if you deleted an HTTP monitor `m1` followed by creating an HTTPS monitor, naming it `m1`, and then attempted to sync.

(2) If it is an iApp, please open a support ticket.


0102006e : IP Address %s is invalid with netmask %s, must not be the same as network address.

Location:
Wherever log local0 points when mcp unittests are being run.

Conditions:
Unit test is run.

Impact:
None.

Recommended Action:
None.


0102006f : The string does not contain only space separated integers between 0 and 4294967295

Location:
/var/log/ltm

Conditions:
Generated by the LocalLB.ProfileDiameterSession and LocalLB.ProfileDiameterRouter iControls.
The error will be logged if the user attempts to store a number greater than 4294967295 or less than 0.

Impact:
When the error occurs, the iControl will send an error message and will not store the values in mcp.

Recommended Action:
The workaround is to make sure all the values stored by these iControls fall within the range of 0-4294967295.


01060001 : Service detected %s for %s:%u monitor %s.

Location:
/var/log/ltm

Conditions:
Example:
Service detected UP for my_service:80 monitor my_monitor_name.

This message is logged for each pool member when a change is detected for its associated monitor status. Possible status might be: "UP", "DOWN", "ENABLED", "DISABLED".

Impact:
This message might not itself indicate an error, as it merely reports the detected status-change. For example, an "UP" status upon system-start is to be expected, as is a change to "DISABLED" or "ENABLED" resulting from user-initiated action (such as user action through the xui or tmsh).

However, an unexpected "DOWN" status not resulting from intentional user-initiated action might indicate an issue, such as a failed server resource or an improperly configured monitor.

Recommended Action:
This message might not itself indicate an error, but a notification of a pool member status change due to monitor results, or user-initiated action. If an unexpected "DOWN" status is reported, the user should verify the server resource availability and ensure correct monitor configuration.


01060002 : Node address detected %s for %s monitor %s.

Location:
/var/log/ltm

Conditions:
Example:
Node address detected UP for 10.10.0.1 monitor my_monitor_name.

This message is logged for each node when a change is detected for its associated monitor status. Possible status may be: "UP", "DOWN", "ENABLED", "DISABLED".

Impact:
This message might not itself indicate an error, as it merely reports the detected status-change. For example, an "UP" status upon system-start is to be expected, as is a change to "DISABLED" or "ENABLED" resulting from user-initiated action (such as user-action through the xui or tmsh).

However, an unexpected "DOWN" status not resulting from intentional user-initiated action might indicate an issue, such as a failed node or an improperly configured node monitor.

Recommended Action:
This message might not itself indicate an error, but a notification of a node status change due to monitor results, or user-initiated action. If an unexpected "DOWN" status is reported, the user should verify the node availability and ensure correct monitor configuration.


01060110 : Lost connection to mcpd with error %d, will reinit connection.

Location:
/var/log/ltm

Conditions:
Example:
Lost connection to mcpd with error <some-error>, will reinit connection.

This message is logged when 'bigd' fails to successfully read a message from 'mcpd'. The 'bigd' process will then shut down and restart to attempt re-connection to 'mcpd'.

The 'mcpd' process might have halted due to system error, or manual administrator intervention. Under normal system behavior, if the 'mcpd' process has crashed, it will automatically be restarted and the 'bigd' process will successfully re-connect. This error-message might indicate the loss of communication with the 'mcpd' process while it is restarting.

Impact:
The 'bigd' process exists to report to the 'mcpd' process resource health (resulting from probe-responses or lack thereof for monitored resources). This message indicates 'bigd' has lost connection to 'mcpd', and thus must re-establish that connection.

Recommended Action:
No user intervention is required, as 'bigd' will attempt to re-establish its connection with 'mcpd'. Confirm the 'mcpd' process is successfully running, and is not halted due to manual administrator intervention or load-failure of an improper configuration.


01060111 : Open SSL error - %s

Location:
/var/log/ltm

Conditions:
SSL/TLS warning or error in communications.

Impact:
The impact will be encountered by the daemon that is logging the error, usually bigd. If bigd is the daemon logging the error, it means that a monitor is failing the SSL/TLS connection in the way described in the log text. The monitor will mark the pool members down for all pools it is associated with.

Recommended Action:
Determine which monitor is generating the errors by isolating the pool members that are failing. For more information on determining which pool member is failing, see SOL13768: Identifying which pool members are failing an SSL/TLS handshake.

Once you have identified the affected https monitor, first see SOL12531: Troubleshooting health monitors.

Check the monitor's cipher list to ensure that the cipher list is compatible with the pool members that it is connecting to. Do not put TLSv1_0 in the cipher list. Test your cipher list by running 'openssl ciphers <cipherlist>' at the command line using the cipher list from the monitor. For more information, see SOL16526: Configuring the SSL cipher strength for a custom HTTPS health monitor.

If you have a custom monitor connecting to a server running an old version of openssl, read SOL17183: The HTTPS monitor may incorrectly mark pool members down due to SSL SessionTicket Extension.


01060136 : Received links up - monitoring starts.

Location:
/var/log/ltm

Conditions:
Example (v11.6.0, and earlier):
Received links up - monitoring starts.

Example (v11.6.1, and later):
(_set_db_variable): adaptive tmstat logging enabled: true

This message is logged in v11.6.0, and earlier, when the 'bigd' process receives a "links-up" message indicating that monitoring can proceed, at which point 'bigd' begins monitoring (sending probes and processing responses).

This is an indication of proper behavior. When 'bigd' starts, it waits for an initial "links-up" message to indicate gateways are configured. Otherwise, sending monitor-probes might cause false gateway failsafe failovers to occur, and generate false monitor failures. After receiving the "links-up" message, any gateway failsafe failovers or monitor failures are genuine.

Starting in v11.6.1, this message is removed. However, a similar message is inserted to note status-changes, as follows:

Example:
"(_set_db_variable): adaptive tmstat logging enabled: true"

Impact:
This message is not an error, but a notification that 'bigd' began its logging (sending probes and processing responses).

Recommended Action:
None.


01060145 : Pool %s member %s monitor status %s. [ %s ] [ %s ]

Location:
/var/log/ltm

Conditions:
Example:
Pool my_pool member my_member1 monitor status up. [ my_member1: UP, my_member2: UP %s ] [ was down ]

This message is logged when a status change is detected in a pool member. The message reports the parent pool name, the new pool member status, the status of all pool member peers, and the previous status for this pool member that had the status-change.

Possible pool member status includes: "unchecked", "checking", "forced up", "up", "down", "forced down", "irule down", "down", "down; waiting manual resume", "disabled", "checking".

Impact:
This message might not itself indicate an error, as it merely reports the detected status-change. For example, a pool member will typically transition through several status-changes upon system-start such as "unchecked"=>"checking"=>"up". Similarly, user-initiated actions (such as through the xui or tmsh) might forcibly set the status to "forced down" or "disabled".

However, an unexpected "down" status might indicate an issue, such as a failed server resource, or an improperly configured pool member or monitor.

Recommended Action:
This message might not itself indicate an error, but a notification of a pool member status change. If an unexpected "down" status is reported, the user should verify the server resource availability, and ensure a correct pool member and monitor configuration.


01060156 : Bigd PID %d, instance %d, fail to serialize 'bigd=>mcpd' message (exceed msg-length limit?): %s.

Location:
/var/log/ltm

Conditions:
The 'bigd' service has attempted to send a message to the 'mcpd' service that exceeds the maximum message size limit.

Impact:
This is a diagnostic message, and does not itself indicate an error. The user need not perform any action, and the system will continue monitor logging.

Recommended Action:
None.


01060157 : Receive string cannot be empty for reverse monitor '%s'

Location:
/var/log/ltm

Conditions:
Attempting to use a monitor on a node or pool member, where the monitor is a reverse monitor and the receive string is empty.

Impact:
The monitor instance will fail to run in bigd.

Recommended Action:
Enter a receive string or use a different monitor.


01060158 : Disable string must be empty for reverse monitor '%s'

Location:
/var/log/ltm

Conditions:
Attempting to use a monitor on a node or pool member, where the monitor is a reverse monitor and the disable string is non-empty.

Impact:
The monitor instance will fail to run in bigd.

Recommended Action:
Clear the disable string or use a different monitor.


01070007 : Received shutdown signal %d

Location:
/var/log/ltm

Conditions:
Mcpd logs this notice as a result of receiving a SIGTERM (15), SIGINT (2), or SIGHUP (1) signal.

SIGTERM is sent on behalf of `bigstart restart mcpd` when issued on the command line by the user.

Impact:
Mcpd will restart, which subsequently causes multiple daemons to restart as well.

Recommended Action:
Do not use `bigstart restart mcpd`.


01070043 : Monitor %s parent not found.

Location:
/var/log/ltm

Conditions:
Example:
Jan 26 14:10:21 localhost err mcpd[5090]: 01070043:3: Monitor /Common/foo parent not found.

This message reports a failure to create a new monitor because the referenced parent-monitor does not exist (from which the new monitor was to copy default-parameters). The following command generates this error:

tmsh create ltm monitor http foo defaults-from MyMonitorNoExist

...error in '/var/log/ltm':
Jan 26 14:10:21 localhost err mcpd[5090]: 01070043:3: Monitor /Common/foo parent not found.

In this case, the 'foo' monitor is not created because the parent 'MyMonitorNoExist' did not exist.

Impact:
No operation occurred (the create-monitor attempt fails, and the configuration is not modified).

Recommended Action:
When creating a new monitor that uses 'defaults-from', an existing monitor of the appropriate type should be specified.


0107004e : LTM configuration is not allowed when VCMP is provisioned. Virtual server %s conflicts with VCMP.

Location:
/var/log/ltm, tmsh, GUI

Conditions:
Creating or enabling virtual servers while VCMP is provisioned.

Impact:
Virtual server can't be used when VCMP is provisioned.

Recommended Action:
Delete all virtual servers when VCMP is provisioned.


01070069 : Subscription not found in mcpd for subscriber Id %s.

Location:
/var/log/ltm

Conditions:
The system process named in the message is attempting to unmark itself as a subscriber, but has specified a subscriber name that it had not previously used.

This message occurs during system shutdown or restart.

Impact:
No user impact. This message implies that there is a defect in TMOS, but a comparatively minor one. There is no risk of system instability or dropped traffic.

Recommended Action:
None.


01070147 : Snatpool %s must reference at least one translation address.

Location:
/var/log/ltm

Conditions:
Example:
Snatpool my_pool must reference at least one translation address.

A SNAT pool is configured, and set as active; but has no SNAT pool members.

Impact:
The configuration failed to load, and the SNAT pool is unavailable.

Recommended Action:
User should set the empty SNAT pool to inactive, or add pool members. Alternatively, user could configure SNAT without pools, such as for 'standard' (explicitly specifying the translation address) or 'automap' (allowing the system to auto-assign from the BIG-IP device's existing self-IP addresses), or 'intelligent' (SNAT mapping implemented within an iRule).

After configuration repair, the configuration can be reloaded and the SNAT pool should be available (no reboot is required).


01070151 : Rule [%s] error: %s

Location:
/var/log/ltm or GUI.

Conditions:
This is a general TCL parsing error message caused when validating iRules.
The TCL error itself is present in the log message and includes information about the offending code, which quickly allows resolution in most cases.

The message can be triggered whenever an iRule is updated:
- either using the GUI by clicking update;
- saving the edited iRule when using the tmsh commend (for example, edit ltm rule <x>)

Errors will appear in the GUI or the ltm log file and examples include:
Rule [<rule_name>] error: <rule_name>:1: error: [parse error: missing close-brace][{ set port [TCP::local_port] if { $p == 443) log local0.info]
Rule [<rule_name>] error: <rule_name>:1: error: [command is not valid in the current scope][set sp [class match -value [string tolower [IP::local_addr]] equals dg_test ]]
Rule [<rule_name>] error: <rule_name>:2: error: [unexpected extra argument "="][TCP::local_port = 443]
Rule [<rule_name>] error: <rule_name>:9: error: [missing a script after "else"][]
Rule [<rule_name>] error: <rule_name>:3: error: ["invalid argument local0"][log local0 "MATCH OK"]
Rule [<rule_name>] error: <rule_name>:8: error: [invalid keyword "{ log local0. "in CLIENT_ACCEPTED" if { $cond }" must be: priority timing][when CLIENT_ACCEPTED { { log local0. "in CLIENT_ACCEPTED" if { $cond }" ]

Impact:
Updating of the iRule will not be performed and corresponding logic changes will not be applied to any associated virtual servers.
The iRule code needs to be corrected prior to successful update.

Recommended Action:
Inspect the error message and locate the error in the iRule code.
Once located, correct the error. The correction depends on the contents of the error generated.

For simple syntax errors like 'missing brace' or 'unexpected extra argument', inspect the code around the designated error line indicated in the log message and ensure braces ('{') are paired, and commands used (for example, [TCP::local_port]) have the correct number of arguments.

For errors that involve use of the wrong commands, ensure that the commands are valid to use in the current setting (for example, PEM commands require PEM to be licensed).

Some errors might be caused due to incorrectly referenced configuration objects. A common case is referring to a Data Group that is not yet configured when the iRule is updated. In these cases, ensure that the dependent configuration objects exist and that the references in the iRules are using the correct names.


01070165 : "License file stat fails: %s."

Location:
/var/log/ltm

Conditions:
The file /config/bigip.license doesn't exist or there are errors accessing the file.

Impact:
The BIG-IP system is not licensed.

Recommended Action:
License the BIG-IP system or check the file /config/bigip.license.


01070259 : Requested member (%s) is untagged on another VLAN

Location:
/var/log/ltm

Conditions:
A VLAN is configured with an interface as an untagged member. When an additional vlan is configured with the same interface as an untagged member, the configuration will fail with this error message.

Impact:
VLAN configuration will fail.

Recommended Action:
You must correct your VLAN configuration. Either remove the interface from the previously configured VLAN, where it appears as an untagged member, or add it to the new VLAN as a tagged member.


01070261 : Can't create a home directory for username %s (%s)

Location:
LTM log.

Conditions:
The reason for the failure is described in the parenthesized portion of the message.

Impact:
The user is created, but the user cannot log in.

Recommended Action:
No general workaround. The error described in the message is required to determine this information.


01070265 : The %s (%s) cannot be deleted because it is in use by a %s (%s)

Location:
/var/log/ltm

Conditions:
Mcpd will log this when a client is attempting to delete a configuration that is currently being used by another configuration object.

Impact:
The transaction will fail and rollback; mcpd will be in the state it was in just prior to attempting the transaction.

Recommended Action:
Remove or reconfigure the object that is referencing the configuration object that you want to delete.


01070277 : The requested %s (%s) was not found

Location:
In tmsh or the GUI, as the response to a request to create or modify configuration.

Conditions:
The user referred to a configuration object that does not exist.

Impact:
The requested change failed validation and no change to the configuration occurred.

Recommended Action:
Correct the spelling of the object name or choose a different object.


0107028a : The source address (%s) for virtual server (%s) must have a prefix length.

Location:
/var/log/ltm

Conditions:
Example:
The source address (10.10.0.5) for virtual server (my_server) must have a prefix length.

This message is logged upon configuration load when a virtual server is missing its prefix length, which is required to identify the virtual server subnet.

The virtual server is configured in CIDR notation including the IP address and prefix length, such as 192.168.100.0/24. The prefix length (mentioned in the message) is the number of bits set in the network mask, such as a prefix length of 24 associated with a subnet mask of 255.255.255.0.

Impact:
The configuration for this virtual server failed to load (because its configuration is improper), and this virtual server is unavailable.

Recommended Action:
User should configure the virtual server with its IP address and prefix length (in CIDR notation, such as 192.168.100.0/24), and reload the configuration.


01070301 : Pool (%s) is referenced by one or more virtual servers

Location:
/var/log/ltm

Conditions:
This message is logged when a user-initiated attempt is made (such as through xui or tmsh) to delete a pool that is currently referenced by one or more virtual servers. Deleting a pool that is still referenced by a virtual server is not permitted, as it would result in a (dangling) foreign key reference from the virtual server to the now-deleted pool.

Note that this message is removed in v11.5.0 (and thus is reported only in v11.4.1 and earlier). In v11.5.0 and later, validation of foreign keys from a virtual server to a pool is performed differently, thereby removing this message from the codebase.

Impact:
No action is taken, and the pool is not deleted (the pool is unchanged). This message merely logs the rejection of the user-initiated attempt to delete a pool.

Recommended Action:
User should first remove the pool references by any virtual server, and then delete the pool. When the pool is not referenced by any virtual server, the pool delete operation will successfully complete and this error message will not be logged.


0107030c : Host persistence requires an HTTP profile to be associated with the virtual server

Location:
/var/log/ltm, GUI

Conditions:
A virtual server has been configured to use HTTP Host persistence. That virtual server has no HTTP profile attached to it.

Impact:
The configuration is inconsistent, and will fail to load.

Recommended Action:
Add an HTTP profile to the virtual server requiring HTTP Host persistence. Or choose another kind of persistence profile that doesn't require an HTTP profile on the virtual server.


01070315 : profile %s requires a key

Location:
/var/log/ltm

Conditions:
A 'key' is missing from the cert-key-chain object that is associated with a clientSSL profile. Or, 'key' is missing from the server SSL profile, when 'cert' is present.

Impact:
This results in mcpd validation failure of the specific clientSSL/serverSSL profile, resulting in failure of mcpd operation/transaction.

Recommended Action:
In order to fix the issue, user needs to add 'key' to cert-key-chain object in clientSSL profile, or to the serverSSL profile.


01070318 : The requested media %s for interface %s is invalid.

Location:
/var/log/ltm

Conditions:
The user attempts to set the media on an interface to an invalid type.

Impact:
The change does not take effect.

Recommended Action:
Do not attempt to set the interface media to an invalid value.
Use "tmsh list net interface X media-capabilities" command to see a list of accepted media values for interface X.


01070320 : Snatpool %s is still referenced by a virtual server.

Location:
/var/log/ltm

Conditions:
User-initiated action (such as through tmsh or xui) attempted to delete a SNAT pool that is still being referenced by a virtual server or SNAT.

Impact:
No action occurred, and the attempt to delete the SNAT pool failed (the SNAT pool is unaffected).

Recommended Action:
User should first remove the SNAT pool from being referenced by the virtual server or SNAT object. A subsequent attempt to delete the SNAT pool will then succeed.


0107032f : The vlan (%s) associated with the static route %s/%d must have a Self IP using the IPv%u protocol.

Location:
/var/log/ltm, GUI, console

Conditions:
The system is attempting to create a static route when none of the self-IP addresses for the static route are on the same interface and the addresses do not use the same IP protocol format (IPv4 or IPv6).

Impact:
The system cannot create a static route.

Recommended Action:
Create all self-IP addresses for the static route on the same interface and ensure that the addresses use the same IP protocol format.


01070340 : %s (%s) is referenced by one or more rules

Location:
/var/log/ltm

Conditions:
One common problem is, an object is to be deleted, but it is still referenced actively, because there are multiple references to one object.

Impact:
Because of this error, the user action will fail. For example, if there are multiple references to an object and user attempts to delete it, the system does not delete it.

Recommended Action:
User needs to search for the object indicated in the message across the iRules, and remove the object dependency before deleting the object.


01070341 : Virtual server %s references rule %s which does not exist.

Location:
/var/log/ltm

Conditions:
A configuration load or change contains a virtual server that references a rule that does not exist.

Impact:
The rule associated with the virtual server could not be found, and is not active.

Recommended Action:
User should confirm the rule exists when referenced by a virtual server. Confirm that the rule exists, and that the name referenced by the virtual server is spelled correctly.


01070354 : Self IP %s / %s: This network is defined on two vlans (%s and %s)

Location:
/var/log/ltm, console, and GUI.

Conditions:
The self IP being created is on a network that is in a different VLAN than the one specified during self IP creation.

Impact:
MCPD will prevent the self IP address from being created until the conflict is resolved.

Recommended Action:
Create the self IP in the current VLAN.


01070356 : %s feature not licensed

Location:
/var/log/ltm
The contents of /var/log/ltm may be viewed in the GUI under System > Logs > Local Traffic. These messages are of the form "<FEATURE_NAME> feature not licensed." The <FEATURE_NAME> list of items regularly increases with each release.

Conditions:
These messages occur whenever mcpd queries the license for a feature flag that is not in the license. This message typically occurs during configuration validation.

Impact:
There is no single consistent BIG-IP action, or easily counted set of actions, associated with these messages. In general, however, the feature named in the message does not function, and the BIG-IP system might not achieve the Active operational state.

Recommended Action:
Upgrade the license to support the requested features. Downgrade the BIGIP software to a version that does not require the unlicensed features, or modify the configuration to remove objects that depend on the unlicensed features. The probable cause for these messages is using a configuration file from a more feature-rich license, or the release of BIG-IP software with a less feature-rich license or software image.


01070392 : Self IP %s / %s: This IP shares a network with %s (%s / %s).

Location:
/var/log/ltm, console, and GUI.

Conditions:
The self IP being created conflicts with the admin address of the BIG-IP device.

Impact:
MCPD will prevent the self IP address from being created with the conflicting address.

Recommended Action:
Either create the self IP with a different address, or correct the conflicting admin address of the BIG-IP device.


01070394 : %s in rule (%s) requires an associated %s profile on the virtual server (%s)

Location:
/var/log/ltm

Conditions:
A configuration load contains a rule associated with a virtual server, but the required profile was not found on that virtual server. The intended profile might be present in the virtual server, but was misspelled in the rule, or the required profile was not associated with the virtual server.

Note that this message is used only on v11.6.1, and earlier.

Impact:
The configuration failed to load, and the rule is not in effect.

Recommended Action:
User should change the rule to reference a profile present on the virtual server. Confirm that the identified profile in the rule is properly spelled, and that the profile is associated with the virtual server. The configuration might then be reloaded (a reboot is not required).


01070404 : Add a new Publication for publisherID %s and filterType %p

Location:
/var/log/ltm

Conditions:
A system process has started up and connected to mcpd. This process is registering as a publisher, meaning that mcpd acts as a proxy for certain user commands that require obtaining data from this process. For example, when the user runs the command 'show sys connection', this will be forwarded to TMM instances, and their responses will be forwarded back to the user's shell.

Impact:
This message does not indicate a problem with the system.

Recommended Action:
None.


01070406 : Removed publication with publisher id %s

Location:
/var/log/ltm

Conditions:
A system process is removing itself as a publisher. See error catalog item 620989 for a description of the publishing mechanism.

Impact:
This message does not indicate a problem with the system. The most common case it would be seen is a shutdown or reboot of the system. If the publishing process is exiting unexpectedly, it will generate its own log messages.

Recommended Action:
None.


01070407 : Removed information for Publication %s and filterType %p

Location:
/var/log/ltm

Conditions:
A system process is removing itself as a publisher, but only for certain types of messages. It remains a publisher for other types of messages. See error catalog item 620989 for a description of the publishing mechanism.

Impact:
This message does not indicate a problem with the system.

Recommended Action:
None.


01070408 : Deleting abandoned subscriber connection for %s

Location:
/var/log/ltm

Conditions:
A system service has restarted and subscribed to mcpd objects without cleaning up after itself in its previous instantiation.

Impact:
This indicates a problem that is resolving itself. mcpd is not impacted, although whatever caused the other process to restart might be a concern. That failure would log its own error messages.

Recommended Action:
None.


01070410 : Removed subscription with subscriber id %s

Location:
/var/log/ltm

Conditions:
A system process is ending its subscription to mcpd objects. This is the mechanism by which this process is informed about updates to the configuration.

This is a clean unsubscription, so the system is likely shutting down or restarting.

Impact:
This message does not indicate an error.

Recommended Action:
None.


01070413 : Updated existing subscriber %s with new filter class %llx

Location:
/var/log/ltm

Conditions:
A system process is changing the set of configuration objects about which it is concerned. This is the mechanism by which this process is informed about updates to the configuration.

Impact:
This message does not indicate an error.

Recommended Action:
None.


01070417 : AUDIT - user %s - transaction #%u-%u - object %u - %s

Location:
/var/log/audit

Conditions:
Auditing changes made to configuration in mcpd.

Impact:
Not an error.

Recommended Action:
None.


01070418 : connection %p (user %s) was closed with active requests

Location:
/var/log/ltm

Conditions:
Two possible conditions:

* A system service is connected to mcpd and has started a transaction, but not written anything to it for five minutes, indicating that it likely is no longer using it.

* A connection was closed while mcpd had not yet finished responding to it.

Impact:
This message might indicate a minor TMOS bug, but one that is likely to quickly resolve with no impact.

Recommended Action:
None.


01070419 : Platform initialization phase triggered

Location:
/var/log/ltm

Conditions:
mcpd logs this message as a result of entering the first of four initialization phases.

Impact:
This is the expected behavior of a healthy mcpd on startup.

Recommended Action:
None.


01070421 : Base configuration initialization phase triggered.

Location:
/var/log/ltm

Conditions:
mcpd is starting up from configuration files, as opposed to being restored from a binary file. The binary file either did not exist prior to mcpd starting or it may have been corrupted.

Base configuration initialization phase is #2 of 4 total initialization phases.

Impact:
Restoring from configuration files on startup is part of normal operation, and as a result, mcpd should become fully operational (contingent upon successful completion).

Recommended Action:
None.


01070424 : Full configuration initialization phase triggered.

Location:
/var/log/ltm

Conditions:
mcpd is starting up from configuration files, as opposed to being restored from a binary file. The binary file might not have existed prior to mcpd starting, or it might have been corrupted.

Impact:
Restoring from configuration files on startup is part of normal operation; as a result, mcpd should become operational.

Recommended Action:
None.


01070427 : Initialization complete. The MCP is up and running

Location:
/var/log/ltm

Conditions:
mcpd successfully completed initialization, which means all configuration loaded and reached a running phase.

Impact:
mcpd function as designed

Recommended Action:
None.


01070465 : DB changed: %s, configsync needed

Location:
/var/log/ltm

Conditions:
If a BIG-IP device is in an HA pair, config sync autodetect is enabled, and a db variable is modified.

More specifically, if the following db variables are set:
  1. failover.isredundant value true
  2. configsync.autodetect value enabled

Impact:
No impact. This is information only.

Recommended Action:
Disable config sync autodetect or ignore.


01070466 : Received end of platform data

Location:
/var/log/ltm

Conditions:
Mcpd logs this message in response to receiving the end_platform_id request from chmand. This is a normal part of the boot process, and is the result of chmand publishing platform info to an initialized mcpd. This message can be seen every time mcpd starts up.

Impact:
Mcpd can now perform actions that require the platform object, such as install the VCMP n-stage validator. This is expected behavior.

Recommended Action:
None.


01070468 : %s

Location:
/var/log/ltm

Conditions:
A transaction to change the configuration successfully completes and the log.mcpd.level db variable is set to debug.

Impact:
None.

Recommended Action:
None.


01070596 : An unexpected failure has occurred, %s, exiting...

Location:
/var/log/ltm

Conditions:
mcpd has reached an unrecoverable error.

Impact:
mcpd will restart, along with most other system services. Traffic will be lost.

Recommended Action:
Often this will resolve itself after one restart. If not, removing the binary database (rm -vf /var/db/mcp*) is another common cause for some instances of this error.


01070604 : Cannot delete IP %s because it would leave a route unreachable.

Location:
/var/log/ltm

Conditions:
When removing a self-ip, and the address is the only way in which a static route can be reached, the deletion would strand the route.

Impact:
The condition prevents a static route from being removed.

Recommended Action:
Remove any static route that utilizes the self-ip, and try the deletion again.


01070608 : License is not operational (expired or digital signature does not match contents)

Location:
/var/log/ltm

Conditions:
*) This message is logged when the license was not reactivated before an upgrade, and the license's check service date is older than the release date of the install.

*) This message is logged when the license has been modified, or the digital signature does not match the contents.

Impact:
The BIG-IP system is not licensed.

Recommended Action:
If a support contract is current, reactivate the license. Reactivation can be performed from the GUI on a running boot location, or by using tmsh (tmsh install sys license).


01070622 : The monitor %s has a wildcard destination service and cannot be associated with a node that has a zero service

Location:
Associating a pool member with a zero port with a monitor that requires a port generates error message in question.

Conditions:
Pool member with zero port; associated monitor that requires a port (for example TCP or HTTP).

Impact:
Monitors that require a destination port cannot be associated with pool members where the port is unspecified or zero.

Recommended Action:
Assure that the pool member has a non-zero specified port.


01070638 : "Pool %s member %s:%u monitor status %s."

Location:
/var/log/ltm

Conditions:
Example:
Pool my_pool member 10.10.0.5:80 monitor status forced down.

This message is logged when a status change is detected for the pool member, resulting in the pool member being in a status other than 'up'. Possible status values are: 'unchecked', 'node down', 'down', 'forced down', 'up and awaiting man resume', 'iRule down', 'inband down', 'FQDN down'. Note that the 'up' status is not listed, because this message is not reported when the pool member status is 'up'.

The pool member status is dependent upon the virtual server configuration, and the configuration and health status results for associated monitors.

Impact:
This message might not itself indicate an error, because it merely reports the detected pool member status change. For example, user-initiated action (such as through the xui or tmsh) might explicitly change the pool member status (such as to 'forced down' for maintenance). However, an unexpected 'down' status might indicate a configuration or resource availability issue.

Note also that the parent pool status might be unchanged as a result of this pool member status change, as long as the threshold is not exceeded for the number of available pool members required for the parent pool to be available.

Recommended Action:
If an unexpected 'down' status is reported, verify the pool member configuration, the configuration of associated pool member monitors, and the resource availability to ensure pool member availability.


01070639 : Pool %s member %s:%u session status %s.

Location:
/var/log/ltm

Conditions:
Example:
Pool my_pool member my_member:80 session status forced disabled.

This message is logged when "session-status" is changed, such as from user action to "enable" or "disable". Possible status includes: 'enabled', 'node disabled', 'disabled', and 'forced disabled'.

Impact:
This message is a log-notification only when the pool member session status changes.

Recommended Action:
This is not an error, but a notification of a pool member status change that records the resulting status.


01070640 : Node %s address %s monitor status %s.

Location:
/var/log/ltm

Conditions:
Example:
Node my_node address 10.10.0.1 monitor status forced down.

This message is logged when a status change is detected for the node, resulting in the node being in a status other-than 'up'. Possible status values are: 'unchecked', 'node down', 'down', 'forced down', 'up and awaiting man resume', 'iRule down', 'inband down', 'FQDN down'. Note that the 'up' status is not listed, because this message is not reported when the node status is 'up'.

The node status is dependent upon node configuration and heath results for associated node monitors.

Impact:
This message might not itself indicate an error, as it merely reports the detected node status change. For example, user-initiated action (such as through the xui or tmsh) might explicitly change the node status (such as to 'forced down' for maintenance). However, an unexpected 'down' status might indicate a configuration or resource availability issue.

Recommended Action:
This message might not itself indicate an error, but a notification of a node status change due to monitor results, or user-initiated action. If an unexpected 'down' status is reported, verify the node configuration, the configuration of associated node monitors, and the resource availability to ensure node availability.


01070690 : Port mirroring is not supported on this platform.

Location:
/var/log/ltm

Conditions:
This occurs if you configure port mirroring on a platform that does not support port mirroring.

Impact:
You will not be able to configure port mirroring.

Recommended Action:
None.


0107070e : Software version not covered by service agreement. Reactivate license before continuing.

Location:
/var/log/ltm
The contents of /var/log/ltm can be viewed in the GUI under System->Logs->Local Traffic.

Conditions:
The BIG-IP software version used was released after the Service Check Date specified in the license.

Impact:
The BIG-IP system is not usable in this state. You must either upgrade the license, to one for the installed software version, or revert to a BIG-IP software version that the current license supports.

Recommended Action:
You must either upgrade the license, to one for the installed software version, or revert to a BIG-IP software version that the current license supports.


01070712 : "Caught configuration exception (%d), %s."

Location:
/var/log/ltm

Conditions:
MCPD logs this error in response various configuration issues that might arise while attempting to process a transaction. The nature of the issue could be caused by any number of runtime scenarios, for example, "can't get class information from schema repository", "invalid MAC address", "Can't get class definition while retrieving sub classes", etc.

Impact:
MCPD will stop processing the current transaction and roll back to the last valid state.

Recommended Action:
Depending on the message being logged, modify the configuration that caused the error, and then attempt to submit the transaction again.


01070727 : "Pool %s member %s:%u monitor status up."

Location:
/var/log/ltm

Conditions:
Example:
Pool my_pool member 10.10.0.5:80 monitor status up.

This message is logged when a status change is detected for the pool member, resulting in the pool member being marked 'up'. The pool member status is dependent upon virtual server configuration, and the configuration and health results from associated monitors.

Impact:
This message is not an error, but merely reports the detected 'up' pool member status. This message is expected upon system start, where properly configured pool members transition to an 'up' status.

Recommended Action:
None.


01070728 : Node %saddress %s monitor status up.

Location:
/var/log/ltm

Conditions:
Example:
Node my_node address 10.10.0.1 monitor status up.

This message is logged when a status change is detected for the node, resulting in the node being marked 'up'. The node status is dependent upon node configuration and health results for associated node monitors.

Impact:
This message is not an error, but merely reports the detected 'up' node status. This message is expected upon system start, where properly configured nodes transition to an 'up' status.

Recommended Action:
None.


01070730 : Configuration restored from binary image

Location:
/var/log/ltm

Conditions:
Mcpd loaded the configuration from a binary image format on disk.

Impact:
The binary image is considered to be saved in a valid state, so restoring from the binary means that the BIG-IP system does not run validation and business logic, as it typically would when processing configuration (/config/*.conf) files.

Recommended Action:
Loading from binary is typically a desirable behavior as it's faster than processing configuration files; however, if one wanted to run business logic and validation, you could remove the binary file and restart mcpd, for example,

rm -f /var/db/mcpdb.*
bigstart restart mcpd


01070734 : Configuration error: %s

Location:
/var/log/ltm

This error appears in the GUI, as a result of a configuration update.

Conditions:
This error is a validation exception, usually occurring when a user attempts to update the configuration.

The most common ways for user error include:

1) Invalid naming.
No keywords, empty names, special characters, etc.

2) Invalid value for an attribute.
Can be value ranges, NULL constraints, and other defined domains.

3) Dependency required.
Let X and Y be two different classes. When an X is configured, a related Y must be configured.

4) Invalid reference to another object.
Can be a permissions problem, a NULL constraint, or the object referenced doesn't exist.
Let X and Y be two different classes. X must configure an X.a. When X.a references Y, Y must exist and X must be allowed to refer to Y.

5) Logical constraints of attributes.
Let X be a class. When X.a is configured, X.b must not be configured.

Impact:
A transaction can fail upon encountering this exception.

Recommended Action:
Check the configuration update and correct the issue.


01070736 : Couldn't write to the user/role/partition file, %s (%d)

Location:
/var/log/ltm, and in tmsh

Conditions:
There is some error writing the user role partition file, which indicates a disk error. The error message includes errno from the failed operation, which might give more specific information about the cause.

Impact:
The transaction containing changes to the user role partition file is rolled back. If the error persists, changes to user roles and partition access will be impossible.

Recommended Action:
Examine the errno in the error message to determine more information about the root cause, and resolve that.


01070737 : Couldn't rename the user/role/partition file from %s to %s (%d)

Location:
/var/log/ltm, and in tmsh

Conditions:
There is an error that is renaming the user role partition file, which probably indicates a disk error. The error message includes errno from the failed operation, which might give more specific information about the cause.

Impact:
Renaming this file occurs for three reasons:

* Making a backup of the old file before writing a new version
* Moving a temporary file used for writing into the permanent location
* Restoring from backup when a transaction is rolled back

In the first two cases, an error will cause the rollback of the transaction. If the error persists, changes to user role partition access will be impossible.

In the third case, the transaction is already being rolled back due to some other error. An error here can leave the user role partition file in an inconsistent state, which might cause errors with logins or with user access levels.

The three cases can be distinguished by the filenames mentioned in the error message. The user role partition file is called something like /config/bigip/auth/userrolepartitions and the backup is called something like /config/bigip/auth/userrolepartitions.backup. The temporary file has a similar name appended with a unique string. Therefore, in the third case, the error message would be something like the following:

Couldn't rename the user/role/partition file from /config/bigip/auth/userrolepartitions.backup to /config/bigip/auth/userrolepartitions (28).

Recommended Action:
Examine the errno in the error message to determine more information about the root cause, and resolve that.

If the error is a failure to restore from backup when rolling back a transaction, manually rename the backup file as a user with advanced shell access: 'mv /config/bigip/auth/userrolepartitions.backup /config/bigip/auth/userrolepartitions'


01070807 : Monitor %s instance %s:%u has been %s.

Location:
/var/log/ltm

Conditions:
Examples:
Monitor my_http instance 10.10.0.2:80 has been enabled.
Monitor my_http instance 10.10.0.2:80 has been disabled.

This message is logged when the user changes the monitor instance status to either 'enabled' or 'disabled', such as through tmsh or the xui. A 'disabled' monitor sends no health-check probes, and thus does not contribute to an indication of the resource's health. Disabling a monitor does not otherwise impact availability of the monitored resource.

Impact:
This message is log-notification only when the monitor instance status is changed between 'enabled' and 'disabled'.

Recommended Action:
This is not an error, but a notification of monitor instance status change that records the resulting status.


01070822 : "Access Denied: %s"

Location:
/var/log/ltm, CLI, GUI

Conditions:
User attempts to read, modify, or delete a config that they do not have access to, per the partition access settings, or attempts to perform an action that is not allowed for the role. The error message describes more precisely what access was denied.

Impact:
User is prevented from doing things they are not authorized to do.

Recommended Action:
If the user needs access to config or actions, then the user must be given sufficient partition/role access.


01070823 : Read Access Denied: %s

Location:
/var/log/ltm, shown in tmsh

Conditions:
A user attempts to query objects or stats in a partition to which the user does not have read access, or attempts to query non-partitioned objects but does not have non-partitioned read access.

Impact:
User is not able to read the desired objects or stats.

Recommended Action:
If the user needs read access to the objects or stats, then the user must be given a role on the appropriate partition with read access.


01070827 : User login disallowed: %s

Location:
/var/log/ltm

Conditions:
Attempt to log in as a user with no partition access specified.

Impact:
Unable to log in as user with no partition access specified. Such a user has no access.

Recommended Action:
Specify partition-access for every user account that needs access to the BIG-IP device.


01070921 : Virtual Server '%s' on partition '%s' %s by user '%s'.

Location:
/var/log/ltm

Conditions:
A user (with sufficient permissions) has enabled or disabled a virtual server.

Impact:
The virtual server is either enabled or disabled as requested; the network service(s) provided by the virtual server were either made available or made unavailable.

Recommended Action:
This is a user requested action, not an issue with the product.


01070927 : Request failed, data provider (%s) disconnected from mcpd

Location:
/var/log/ltm

Conditions:
The system process named in the message is attempting to unmark itself as a publisher, but has specified a publisher name that it had not previously used. See error catalog item 620989 for a description of the publishing mechanism.

This message occurs during system shutdown or restart.

Impact:
No user impact. This message implies that there is a defect in TMOS, but a comparatively minor one. There is no risk of system instability or dropped traffic.

Recommended Action:
None.


01070931 : Clustering quorum reached

Location:
/var/log/ltm

Conditions:
Any chassis platform during normal start up.

Impact:
This message indicates that the 'quorum' stage of the chassis clustering algorithm has been reached.

Recommended Action:
None.


01070933 : License blob received from primary.

Location:
/var/log/ltm

Conditions:
On a cluster with more than one member.

Impact:
None.

Recommended Action:
None.


01070967 : The specified vlan, vlangroup or tunnel (%s) cannot be removed from its default route domain (%s).

Location:
/var/log/ltm

Conditions:
When trying to remove VLAN or VLAN-GROUP from default route-domain, without attaching to another route-domain.

Impact:
Validation error, no operation impact. Action will be prevented.

Recommended Action:
None.


01070978 : The vlan (%s) for the specified self IP (%s) must be one of the vlans in the associated route domain (%s). For example: 192.168.0.1%1234 for self IP in route-domain 1234.

Location:
/var/log/ltm, console, and GUI.

Conditions:
When the self IP VLAN is not one of the VLANs in the route-domain, where the route domain is extracted based on the self IP address format.

Impact:
MCPD will prevent the self IP address from being created with the designated VLAN.

Recommended Action:
Verify that the route domain, as specified in the self IP address has the right VLANs as its members.


01070979 : The specified vlan (%s) for route domain (%s) is in use by a self IP.

Location:
/var/log/ltm

Conditions:
When attempting to remove a VLAN that still has a SelfIp association.

Impact:
VLAN is prevented from removal until the SelfIp in question is moved or removed.

Recommended Action:
Move the SelfIp(s) associated with the VLAN to other VLANs.


01070995 : get_tmstat: tmstat_sample not ready. Statsd may not be running.

Location:
/var/log/ltm

Conditions:
This warning message can appear while attempting to query statistics from a segment, subscribing to the segment directory fails. Typically this will occur if the statsd is not ready. Other less likely cases include a problem with resources, such as no memory available.

Impact:
Query of segment will fail.

Recommended Action:
In a typical case, the query can be retried when the statsd is ready. Then it succeeds. In the case of a resource problem, the statsd will need to be restarted.


01071027 : Master key OpenSSL error: %s

Location:
/var/log/ltm

Conditions:
These logs indicate that there is a problem with the BIG-IP device's secure vault feature, device group mutual authentication, or OpenSSL processing of those features. They come in two types.

These logs indicate a problem with openssl processing itself, such as an out-of-memory condition.
Master key OpenSSL error: Unit Key Generation fails!
Master key OpenSSL error: Key decrypt update
Master key OpenSSL error: Key decrypt final
Master key OpenSSL error: Master decrypt update
Master key OpenSSL error: Master decrypt final
Master key OpenSSL error: RSA public encrypt error
Master key OpenSSL error: b64_decode BIO_read error
Master key OpenSSL error: Cannot find proper algorithm
Master key OpenSSL error: Cannot create new X509 certificate
Master key OpenSSL error: Setting certificate version to SSL v3"
Master key OpenSSL error: Cannot allocate a pub_key type
Master key OpenSSL error: Cannot create new ASN1 type.
Master key OpenSSL error: Key size mismatch with PKCS1 padding size
Master key OpenSSL error: Cannot convert signature to data stream
Master key OpenSSL error: Error signing certificate
Master key OpenSSL error: Loading unit key: Error converting data blob to key.
Master key OpenSSL error: AES256 Symmetric Unit Key Generation fails!

These logs pertain to a corrupt master key, unit key, device group certs/keys, or HA certs/keys failures.
Master key OpenSSL error: Cannot open key store
Master key OpenSSL error: Cannot open key store RSA
Master key OpenSSL error: Cannot load %s (/.unit[1,2].key, /unit[1,2].crt, /master.[1,2], /master, /.unitkey, /temp, /master.recovery, /var/www/unitkeys/unit.crt)
Master key OpenSSL error: Cannot read master key
Master key OpenSSL error: Key encrypt
Master key OpenSSL error: Master encrypt
Master key OpenSSL error: Cannot save master key for peer.
Master key OpenSSL error: Symmetric Unit Key encrypt
Master key OpenSSL error: Symmmetric Unit Key decrypt
Master key OpenSSL error: Cannot open unit certificate file.
Master key OpenSSL error: Cannot read unit certificate file.
Master key OpenSSL error: Cannot write unit cert
Master key OpenSSL error: (/.unit[1,2].key, /unit[1,2].crt, /master.[1,2], /master, /.unitkey, /temp, /master.recovery, /var/www/unitkeys/unit.crt)
Master key OpenSSL error: Peer Certificate file

Impact:
Loading or syncing configurations with encrypted attributes will fail.

Recommended Action:
Reset the device trust group or the HA group. Or, reload a backup UCS file as described in K9420.
https://support.f5.com/csp/#/article/K9420


01071029 : %s

Location:
/var/log/ltm

Conditions:
1. These log messages pertain to the unit key and possible issues it may encounter.
Unit key SHA1 function failed.
Unit key hash does not match! Possible key corruption or tampering. Retry ...
Unit key read failed! Retry ...
Unit key read failed! back off to platform phase...
SecureVault encountered issue with reading Unit key from SEEPROM. Try rebooting the system...
Removing corrupt key header.
Cannot open unit key store
Unit key write to hal failed.
Unit key write verify failed.
Cannot load unit key
No Unit Key Found
Failed to encrypt the unit key
Loading unit key: Error converting data blob to key.

2. These log messages relate to the unit keys encryption of the master key:
Save Master Key aborted -- cannot load unit key.
Failed to encrypt the master key
save_master_key(master): Not ready to save yet -- no master key
save_master_key(master): Not ready to save yet -- no unit key
Couldn't retrieve the old master key.
Master Key not present.
Failed to encrypt the Master key

3. These log messages relate to attempts to change the master key.
Invalid master key
Attempted to rekey with a blank master key
Save Master Key aborted -- cannot determine unit id!
Cannot determine failover unit ID

4. This message is a general error.
b64_decode BIO_read error

5. This log message relates to the custom password db variable for encrypted attributes.
Custom Key not present. Please set the security.custompassword db variable.

Impact:
Possible issues using the secure vault feature.

Recommended Action:
1 and 2. Attempt to reboot the system. If the problem is not resolved, contact F5 support.
3. Attempt to change the key with a valid key.
4. None.
5. Set the security.custompassword db variable.


0107102d : Cannot load master key file. Updating to a new master key.

Location:
/var/log/ltm

Conditions:
The master key file does not exist or has been corrupted.

Impact:
Previous configurations with encrypted attributes using the old master key will be unloadable.

Recommended Action:
Upload a backup ucs file.
https://support.f5.com/csp/#/article/K9420


01071031 : %s

Location:
/var/log/ltm

Conditions:
When one of the system auth db variables SystemAuth.DisableRootLogin or SystemAuth.DisableBash is changed to "false" (turning off the security feature) or when the db variable SystemAuth.PrimaryAdminUser is modified, a message is logged indicating that a security setting has changed and the user account that made the change:

Security setting systemauth.disablerootlogin has been disabled by user admin
Security setting systemauth.disablebash has been disabled by user admin
Security setting systemauth.primaryadminuser has been modified from admin to newadmin by user admin

Impact:
None.

Recommended Action:
None.


01071038 : %s

Location:
/var/log/ltm

Conditions:
1. The following log entries occur during changes to the master key or aspects of the changing process.
Loading keys from the file.
Unit key read from the hardware.
Attempting Master Key migration to new unit key.
Master Key updated by user <user>
Unit key hash on write: <hash value>
Reloading the RSA unit to support config roll forward.
Read the unit key file if exists.
Loading master key from database object!

2. The following log entries relate to loading the unit key from the hardware, if these are different, there is an issue with the hardware.
Unit key hash from key header: <hash value>
Unit key hash computed from read key: <hash value>

3. The following log entries indicate that the master key is missing or corrupted:
Unable to load master key from database. Configuration object was null.
Unable to load master key from database. Empty master key attribute.
Unable to load master key from database. Master key decode fails.
Secondaries couldn't load master key from the file.
Secondaries couldn't load master key from the database.

Impact:
1. No impact.
2. Attempt rebooting the BIG-IP.
3. Recreate the master key

Recommended Action:
None.


01071047 : Removing %d %s local objects from slot %d

Location:
/var/log/ltm

Conditions:
mcpd logs this message in response to removing configuration objects associated with a chassis slot. This can happen as the result of a cluster member being disabled or going down. Interfaces and trunk working members, for example, which are associated with the cluster member are then removed.

Impact:
This is expected behavior. The removed configuration objects will be unavailable for a given slot until the blade has been restored.

Recommended Action:
None.


01071070 : Failed to %s file %s with error %d

Location:
/var/log/ltm

Conditions:
Mcpd logs this message in response to two events:
1. Failing to change permissions to read-only for file BigDB.dat
2. Failing to open file BigDB.dat

Both issues will be accompanied by an errno number. The first corresponds to the return value of chmod. The second corresponds to an error produced while attempting to construct an ofstream.

Impact:
The impact of failing to change permissions to read-only is that BigDB.dat can still be written to. This may be inconsequential, but it could also lead to unexpected behavior.

If mcpd fails to open BigDB.dat, it will throw an exception and core.

Recommended Action:
Unknown at this time. The workaround depends on what errno is given with the failure.


01071138 : The access policy (%s) has an action/macrocall item (%s) that is referenced by any rule's next item for %d time(s). Exactly one reference is allowed.

Location:
/var/log/ltm or TMSH

Conditions:
Access policy has incorrect topology. This might happen during access policy creation/modification by TMSH commands or script, at access policy import, or at configuration loading/verification.

Impact:
Access policy with incorrect topology is not created/modified.

Recommended Action:
If the message appears during access policy creation/modification by TMSH script, it is necessary to check the script used and correct it to exclude the invalid "next item" clause in API rules.
If the message appears during access policy import or configuration loading, there is no simple workaround. It is not recommended to try to use a broken configuration.
Manual editing of configuration files or exported access policy archive might be necessary, but it must not be done without explicit support recommendations.


01071246 : "Unable to reload the dns cache\n"

Location:
/var/log/ltm

Conditions:
This message can appear when dnscached failed to reload configuration files. Most likely that happens during the BIG-IP device startup, when dnscached is not started yet, but the command to reload configuration already executed.

Impact:
dnscached might have an invalid configuration or is not configured.

Recommended Action:
When the BIG-IP device is fully started, you can restart dnscached to reload the configuration:
tmsh modify sys db dns.cache value disable
tmsh modify sys db dns.cache value enable

To verify current status of dnscached, please use command:
tmsh list sys db dns.cache


010712a5 : Ha_group %s unknown %s %s.

Location:
/var/log/ltm, tmsh

Conditions:
The administrator has attempted to add a non-existent pool, trunk, or cluster object to an ha-group.

Impact:
The ha-group configuration is not modified.

Recommended Action:
Specify an existing pool, trunk, or cluster object for the HA group.


01071321 : Vlan allowed mismatch found: hypervisor (%s:%s), guest (%s:%s) and (%s:%s).

Location:
/var/log/ltm on a VCMP guest

Conditions:
A VLAN in a VCMP guest matches either the name or tag of a VCMP-host published VLAN. This usually happens when a VCMP-published VLAN is modified in the VCMP guest.

Impact:
This log message will appear in /var/log/ltm to advise a VCMP guest administrator about the mismatch.

Recommended Action:
Ensure that your VLAN configuration is as you expect, and consider modifying your VLAN configuration on either your host or your guest to resolve this error. Support usually recommends making VLAN changes on the VCMP host, which are then published to the VCMP guest in this case.


01071392 : Background command '%s' failed. %s

Location:
/var/log/ltm

Conditions:
Many components use this to execute a command. If the command fails, this message is logged for the command.

Impact:
Many components use this to execute a command. Actual impact depends on the command.

Recommended Action:
Many components use this to execute a command. A workaround might not be needed, or depends on the command.

Debug information might be obtained by setting mcpd's log level to info.


010713b1 : Cannot delete IP (%s) because it is used by the system state-mirroring (%s) setting.

Location:
/var/log/ltm, console, and GUI.

Conditions:
When trying to delete a self IP, but self IP is referenced in mirroring settings.

Impact:
Prevent the self IP from being deleted, until the mirroring setting no longer references the self IP.

Recommended Action:
Remove the self IP from the mirroring setting before trying to delete the self IP again.


010713b8 : Propose change to system hostname (%s).

Location:
/var/log/ltm

Conditions:
This message is logged by mcpd when vCMP hypervisor proposed a hostname change.

Impact:
None.

Recommended Action:
None.


010713ba : Propose change to default gateway (%s).

Location:
/var/log/ltm

Conditions:
This log message occurs on a VCMP guest when the VCMP guest starts, and when a user on the VCMP hypervisor changes the management gateway of the VCMP guest.

Impact:
None.

Recommended Action:
None.


010713bc : Propose change to management IP address (%s/%s).

Location:
/var/log/ltm

Conditions:
This message is logged on a VCMP guest when either of the following occurs:
1) When the VCMP guest starts
2) When a user on the VCMP hypervisor changes the management address of the VCMP guest.

Impact:
None. This log message is informational.

Recommended Action:
N/A


010713c0 : System state ready for hypervisor mgmt settings: (%s)

Location:
/var/log/ltm

Conditions:
This message is displayed during normal start-up on a VCMP guest when the VCMP guest received a management address or hostname from the VCMP host.

Impact:
This log message informs the user whether or not the VCMP guest is ready to install the management network and hostname config proposed by the VCMP host

Recommended Action:
None.


010713c1 : Initial management network proposals triggered (%s)

Location:
/var/log/ltm

Conditions:
Mcpd is initializing the hypervisor admin network settings. This generally happens upon system startup, re-licensing, or when the system status goes from down to up.

Impact:
There is no expected immediate impact of this message. The message merely indicates that mcpd has begun performing an operation and that there are no expected side effects until that operation is complete.

Recommended Action:
None.


010713c2 : No new proposal values detected

Location:
/var/log/ltm

Conditions:
Mcpd processed a message to update the settings for the admin network parameters or cluster floating interface (address, gateway address, or hostname), however, the message contained no new or changed information.

Impact:
No changes will be made to the admin network parameters or cluster floating interface.

Recommended Action:
If a change to the admin network parameters or cluster floating interface was intended, verify that the correctly changed information has been provided through the chosen configuration method.


010713c3 : Hypervisor updating %s. Old value: (%s) New value: (%s).

Location:
/var/log/ltm

Conditions:
This message is displayed during normal start-up on a VCMP guest when the VCMP guest received a management address or hostname from the VCMP host.

Impact:
The VCMP guest might install the proposed configuration depending on its current configuration.

Recommended Action:
None.


010713f6 : CentMgmt objects must be in the '/Common' folder

Location:
/var/log/ltm

Conditions:
Prior to version 11.1.0, using the cm device command to add a device to the system outside of devmgmtd.

Impact:
None.

Recommended Action:
None.


01071412 : Cannot delete IP (%s) because it is used by the system config-sync setting.

Location:
/var/log/ltm, console, and GUI.

Conditions:
When trying to delete a self IP, but self IP is referenced in config sync settings.

Impact:
Prevent the self IP from being deleted, until the config sync settings no longer reference the self IP.

Recommended Action:
Remove the self IP from the config sync setting before trying to delete the self IP again.


0107142f : Can't connect to CMI peer %s, %s

Location:
/var/log/ltm reports "Can't connect to CMI peer %s, %s"

tmsh show cm sync-status shows the connection state

tmsh prompt will show whether devices are connected. States include 'connected' or 'disconnected'.

Conditions:
Internal Conditions:
- socket failures, for example, create, setting socket options, failure to connect or poll on file descriptor.
- TMM on the local side has not yet established a listener (or failed to bind the socket)

External Conditions:
- The other device isn't ready, for example, the TMM on the other side hasn't been initialized to receive connections.
- General network failures (e.g. switch failure, cable failure, power outage, etc.)

Impact:
This generally is not a BIG-IP system error; it indicates external network failures. The BIG-IP will attempt to reconnect to peers till there's a successful connection.

Recommended Action:
This error is usually seen as a result of external network problems, but can be a symptom of internal problems such as mcpd running out of memory, the kernel running out of file descriptors, or mcpd restarting. This error is usually seen as a result of external network problems, but can be a symptom of internal problems such as mcpd running out of memory, the kernel running out of file descriptors, or mcpd restarting.

To check file descriptors: sysctl fs.file-nr

If mcpd runs out of memory or restarts, it should be logged in /var/log/ltm.

The config-sync connection uses port 6699, which is then routed and tunneled through tmm which establishes an ssl connection on port 4353 to the peer.

To check if the config sync listener exists and whether there are peer connections over the config-sync connection:
    lsof -i | grep 6699

This should produce something like the following:
mcpd 6594 root 20u IPv6 1004016 TCP 10.20.0.1:6699 (LISTEN)
mcpd 6594 root 106u IPv6 1004433 TCP 10.20.0.1:6699->10.20.0.2:49485 (ESTABLISHED)
mcpd 6594 root 108u IPv6 1004454 TCP 10.20.0.1:40654->10.20.0.2:6699 (ESTABLISHED)

This indicates that the local BIG-IP has successfully created a listener, and is listening for peer connections, and that there are two connections for each peer device (one in each direction). This might help you determine which connection failed to connect.

To inspect the unencrypted CMI traffic on the BIG-IP:
    tcpdump -nn -l -i <config sync vlan>:h port 6699
To check file descriptors: sysctl fs.file-nr

If mcpd runs out of memory or restarts, it should be logged in /var/log/ltm.

The config-sync connection uses port 6699, which is then routed and tunneled through tmm which establishes an ssl connection on port 4353 to the peer.

To check if the config sync listener exists and whether there are peer connections over the config-sync connection:
    lsof -i | grep 6699

This should product something like the following:
mcpd 6594 root 20u IPv6 1004016 TCP 10.20.0.1:6699 (LISTEN)
mcpd 6594 root 106u IPv6 1004433 TCP 10.20.0.1:6699->10.20.0.2:49485 (ESTABLISHED)
mcpd 6594 root 108u IPv6 1004454 TCP 10.20.0.1:40654->10.20.0.2:6699 (ESTABLISHED)

This indicates that the local BIG-IP has successfully created a listener and is listening for peer connections and that there are two connections for each peer device (one in each direction). This may help you determine which connection failed to connect.

To inspect the unencrypted CMI traffic on the BIG-IP:
    tcpdump -nn -l -i <config sync vlan>:h port 6699


01071430 : Cannot create CMI listener socket on address %s, port %d, %s

Location:
This will show in /var/log/ltm, and the CMI section of the prompt status will stay Disconnected.

Conditions:
Unable to create and bind the TCP connection used for listening to incoming CMI connections. The message will include strerror(3) output describing the problem.

Impact:
CMI will remain disconnected.

Recommended Action:
If the error string contains 'Cannot assign requested address', then ensure that a route exists to the remote device's configsync-ip.


01071431 : Attempting to connect to CMI peer %s port %d

Location:
/var/log/ltm

Conditions:
mcpd is starting up and attempting to set up a CMI connection to another device in the trust domain.

Impact:
This is not an error message. Other later messages will indicate whether this succeeded or failed.

Recommended Action:
None.


01071432 : CMI peer connection established to %s port %d after %d retries

Location:
/var/log/ltm

Conditions:
This device has successfully created a CMI connection to another device in the trust domain. This happens on mcpd startup or after a previous disconnection.

Impact:
This is not an error message. Configuration synchronization is now possible with the named device.

Recommended Action:
None.


01071434 : No CMI peer devices configured

Location:
/var/log/ltm

Conditions:
A device is in a DSC trust domain with other devices, but no config sync addresses have been configured.

Impact:
The device will be unable to connect to peers to sync configuration.

Recommended Action:
The user might be able to configure the configsync-ip on the local device to resolve the issue. If multiple devices are in this state, it might require the user to reset the trust on all of the devices, configure the configsync-ip individually, and then re-add the devices to the trust domain.


01071435 : Disconnecting from CMI peer %s as a result of a reconfiguration

Location:
/var/log/ltm

Conditions:
The CMI configuration has changed, requiring mcpd to intentionally disconnect from the named device. If it makes sense for the configuration change, it will attempt to reconnect shortly.

Impact:
If this happens because you removed a device from trust, there is no impact. If you modified the CMI configuration but left the device in place, you will not be able to sync the configuration until the device has reconnected.

Recommended Action:
None.


01071436 : CMI listener established at %s port %d

Location:
/var/log/ltm

Conditions:
mcpd is initializing and successfully created a listener that can accept incoming CMI connections.

Impact:
This is not an error message. This part of the system is healthy. mcpd can now accept incoming CMI connections.

Recommended Action:
None.


0107143a : CMI reconnect timer: %s

Location:
This message appears in /var/log/ltm, but only when mcpd debug logging is enabled.

Conditions:
There are two possible versions of this message.

The following message occurs when the device loses its CMI connection to at least one other device, and is starting up a timer to try reconnecting every five seconds:
CMI reconnect timer: enabled because at least one device is disconnected

Once the condition is cleared, the following message occurs to indicate that the reconnect timer is canceled:
CMI reconnect timer: disabled because all peers are connecting or connected

Impact:
mcpd is unable to make a CMI connection to at least one other device. The prompt status will also show as Disconnected.

Recommended Action:
Investigate why the connection is failing. The other device might either be unreachable or having an error of its own. Run 'show cm sync-status' to see exactly which device is disconnected.


0107143b : CMI connection debug info: %s

Location:
/var/log/ltm

Conditions:
MCPD log level is set to 'debug'. Debugging message related to CMI inter-device configuration synchronization. Usually this message indicates a change in state, such as a device connecting or disconnecting.

Impact:
Generally low. If the system is in an error state, a higher priority message will be logged at the same time.

Recommended Action:
None.


0107143c : Connection to CMI peer %s has been removed

Location:
/var/log/ltm

Conditions:
The CMI connection to another device has disconnected, either due to a problem with the other device or with the link itself.

Impact:
Synchable configuration will not be sent to the device in question until the connectivity problem is resolved.

Recommended Action:
If this is unexpected, inspect the log on the other process to determine what may be going wrong.


01071451 : Received CMI hello from %s

Location:
/var/log/ltm

Conditions:
Another device has established a CMI connection to this device.

Impact:
This is not an error message. CMI configuration sync will now be possible between the two devices.

Recommended Action:
None.


0107146f : Self-device %s address cannot reference the non-existent Self IP (%s); Create it in the /Common folder first.

Location:
/var/log/ltm, tmsh

Conditions:
The administrator has attempted to define a configsync or mirror-ip address that is not a valid self-ip.

Impact:
The operation fails and the address is not set.

Recommended Action:
Create the self-ip prior to using it as a configsync or mirror-ip address.


01071470 : Disconnecting from CMI device %s, the device is not in a trust domain

Location:
/var/log/ltm

Conditions:
This error occurs when another device attempts to create a CMI connection (that is, the mcpd for the additional device is starting up), and the device name it announces is unrecognized. This issue can occur if the device was removed from CMI while it was offline. Alternately, this error can occur if another device attempts to create a CMI connection, and there is no self device. During normal operation, this error is impossible.

Impact:
The BIG-IP system refuses to accept the connection. Sync will not occur, usually the expected behavior, because this message occurs if CMI was deconfigured on one device but the other devices were not informed.

Recommended Action:
Log on to the device attempting to connect, and remove it from its trust domain. Log on to any other devices in the trust domain and remove the device object. If desired, re-add the device to the trust domain.


0107147f : Could not read certificate file (%s)

Location:
This error message is displayed on the user interface, such as XUI or TMSH.

Conditions:
If you have scripts (such as iRule, CLI, APL or App Template scripts) and want to sign them for read-only protection, as part of the signing process, and the provided certificate cannot be read by BIG-IP system, this error message is displayed.

Impact:
When this message appears, verify that the certificate is correct and available before applying the signature.

Recommended Action:
When this message appears, verify that the certificate is correct and available before applying the signature.


01071485 : %s (%s) content does not match the signature.

Location:
/var/log/ltm, CLI, GUI

Conditions:
The signature on an AplScript, AppTemplate, CliShellScript, or iRule object does not match its contents.

Impact:
Configuration changes including the mismatched signature/content will be rejected.

Recommended Action:
None.


01071488 : Remote transaction for device group %s to commit id %llu %llu %s %llu failed with error %s

Location:
/var/log/ltm

Conditions:
This message occurs when this device sends a Config Sync to another device, and validation fails remotely on that device. This message includes another log message that provides more information.

This message indicates a legitimate misconfiguration, and provides an action to take that is related to the synchronized objects.

One common example applies to a floating self IP. The self IP object is required to name a VLAN on which it listens. A VLAN of the same name must exist on the other device, as well.

Impact:
The remote device aborted the Config Sync transaction, and did not acquire any of its changes.

Recommended Action:
This message can include a more specific error, which you can reference in the error catalog for resolution.


0107149c : Virtual server %s has more than one clientssl/serverssl profile but none of them is default for SNI.

Location:
/var/log/ltm

Conditions:
The virtual server is configured to securely host (such as through HTTPS) multiple DNS hostnames, but none of the profiles are the default, and the virtual server configuration has unchecked the "Require Peer SNI Support", thereby permitting client connections not using SNI support.

This is an error because a default profile is required to identify the SSL certificate to be provided from the virtual server to the client when an incoming client connection requests an unrecognized hostname, or when the client does not support the Server Name Identification extension (SNI, RFC 4366) to the TLS protocol.

Impact:
The virtual server configuration fails to load, and the virtual server is unavailable.

Recommended Action:
User should configure the server to select a default SSL profile for SNI, for each of one Client SSL profile and one Server SLL profile, or enable the feature to, 'Require Peer SNI support'. The configuration should then load successfully (a reboot is not required).


010714a0 : Sync of device group %s to commit id %llu %llu %s %llu from device %s complete

Location:
/var/log/ltm

Conditions:
The mcpd log level is set to 'notice' or 'debug', a device is in a trust domain with at least one other peer, and the peer synced a device group.

Impact:
The local device has updated the last sync information of the peer for a particular device group.

Recommended Action:
Set the db variable log.mcpd.level to 'notice' or any other more restrictive level.


01071515 : Unclassified domain logging on %s requires log publisher to be set.

Location:
tmsh, GUI

Conditions:
When configuring Unclassified domain logging in a classification profile, without any log profile assigned to classification profile.

Impact:
Unclassified domain logging is not available through classification HSL.

Recommended Action:
Attach log profile to classification profile.


01071528 : Device group '%s' sync inconsistent, %s.

Location:
/var/log/ltm, tmsh

Conditions:
This can be reported via:
"tmsh show /cm sync-status"

A device is in a DSC device group and a configuration sync failed.

Impact:
The configuration is unable to propagate to the peer.

Recommended Action:
There should be additional information in the message to indicate why the sync failed. There may also be additional logs in /var/log/ltm.

See also: tmsh show /cm sync-status


01071539 : Mcpd is starting. The BIG-IP version is %s

Location:
/var/log/ltm

Conditions:
mcpd is starting. This happens as a normal result of restarting the daemon or simply first time boot.

Impact:
This is normal and expected behavior. Mcpd should begin to progress through initialization phases.

Recommended Action:
None.


0107157D : %s: %s

Location:
/var/log/ltm

Conditions:
Examples:
0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status passed

0107157D:5: mcpd: copy_file: EPSEC::In copy_file - src (/config/filestore/files_d/Common_d/epsec_package_d/:...iso) dst (/shared/apm/images/...iso)

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Creating new status with version X.X.X

0107157D:5: mcpd: copy_file: EPSEC in EspecFileObjMgr::copy_file - src (/config/filestore/...) dst (/shared/apm/images/...)

0107157D:5: mcpd: update_version: EPSEC::In update_version - Version (1.0.0-393.0) OESIS Version (3.6.9993.2)

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Removing obj name: epsec-1.0.0-446.0.iso, create time 1485282975

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Deleting object epsec-1.0.0-446.0.iso, create time 1485282975

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Remaining most recent obj name: epsec-1.0.0-446.0.iso, create time: 1485282975

0107157D:5: mcpd: update_version: EPSEC::Removing invalid package (epsec-1.0.0-446.0.iso) found during config load.

0107157D:5: mcpd: update_version: EPSEC::In update_version - Version (1.0.0-393.0) OESIS Version (3.6.9993.2)

0107157D:5: mcpd: copy_file: EPSEC in EspecFileObjMgr::copy_file - src (/config/filestore/...) dst (/shared/apm/images/...)

0107157D:5: mcpd: copy_file: Failed in file copy, creating destination directory errno=(ENOSPC) src=(/config/filestore/...) dst=(/shared/apm/images/...).

0107157D:5: mcpd: copy_file: EPSEC::In copy_file - created destination directory (/shared/apm/images)

0107157D:5: mcpd: copy_file: Failed in file copy errno=(ENOSPC) src=(/config/filestore/...) dst=(/shared/apm/images/...).

0107157D:5: mcpd: delete_file: Failed to delete file errno=(ENOENT) file=(/shared/apm/images/...).

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::creat_dir. Path (/shared/apm/images) exists and is not a directory

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::create_dir. stat error: errno(ENOENT) strerror(File Not Found) for dirpath(/config/filestore/...)

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::create_dir. Failed to create dir (/shared/apm/images) : errno(ENOSPC) strerror(No space left on device)

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Creating new status with version 1.0.0-393.0

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Updating status with new version 1.0.0-393.0

0107157D:5: mcpd: mark_objects_for_delete: EPSEC::EPSEC Software Status for this device (bigip.f5.com) is a built-in object and cannot be deleted!

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status start

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status done

Below are the conditions for each of the log messages-

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status passed
Condition - This message indicates the epsec installation was completed and the epsec software version was correctly loaded in MCP.

0107157D:5: mcpd: copy_file: EPSEC::In copy_file - src (/config/filestore/files_d/Common_d/epsec_package_d/:...iso) dst (/shared/apm/images/...iso)
Condition - This message indicates that during epsec package installation, the package is being copied from the config filestore to the standard location (/shared/apm/images) in the disk where all the epsec packages are stored.

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Creating new status with version 1.0.0-427.0
Condition - This message indicates that a new version of the epsec package has been updated after the latest package installation.

0107157D:5: mcpd: copy_file: EPSEC in EspecFileObjMgr::copy_file - src (/config/filestore/...) dst (/shared/apm/images/...)
Condition - This message indicates that during epsec package installation, the package is being copied from the config filestore to the standard location (/shared/apm/images) in the disk where all the epsec packages are stored.

0107157D:5: mcpd: update_version: EPSEC::In update_version - Version (1.0.0-393.0) OESIS Version (3.6.9993.2)
Condition - This message indicates the version and oesis-version of the new package which was installed.

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Removing obj name: epsec-1.0.0-446.0.iso, create time 1485282975
Condition - This message indicates that an epsec package is being deleted.

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Deleting object epsec-1.0.0-446.0.iso, create time 1485282975
Condition - This message indicates that old epsec packages are being deleted.

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Remaining most recent obj name: epsec-1.0.0-446.0.iso, create time: 1485282975
Condition - This message indicates the package which was most recently installed.

0107157D:5: mcpd: update_version: EPSEC::Removing invalid package (epsec-1.0.0-446.0.iso) found during config load.
Condition - This message indicates that on a config load an invalid epsec package was detected and it will be removed from the config. And invalid epsec package could be due to a package from a very old configuration or has invalid version information in it.

0107157D:5: mcpd: update_version: EPSEC::In update_version - Version (1.0.0-393.0) OESIS Version (3.6.9993.2)
Condition - This message indicates the version to which the epsec package is being upgraded to.

0107157D:5: mcpd: copy_file: EPSEC in EspecFileObjMgr::copy_file - src (/config/filestore/...) dst (/shared/apm/images/...)
Condition - This message is a debug log which prints and internal file copy operation.

0107157D:5: mcpd: copy_file: Failed in file copy, creating destination directory errno=(ENOSPC) src=(/config/filestore/...) dst=(/shared/apm/images/...).
Condition - This message indicates that the epsec package could not be copied into the destination directory. This can happen during installation or upload of a new package.

0107157D:5: mcpd: copy_file: EPSEC::In copy_file - created destination directory (/shared/apm/images)
Condition - This message is a debug log which prints the destination directory path.

0107157D:5: mcpd: copy_file: Failed in file copy errno=(ENOSPC) src=(/config/filestore/...) dst=(/shared/apm/images/...).
Condition - This message indicates that the epsec package could not be copied into the destination directory. This can happen during installation or upload of a new package.

0107157D:5: mcpd: delete_file: Failed to delete file errno=(ENOENT) file=(/shared/apm/images/...).
Condition - This message indicates that rollback of a previous file copy operation failed. This can happen if the transaction which is invoked for the epsec package installation fails.

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::creat_dir. Path (/shared/apm/images) exists and is not a directory
Condition - This message indicates that the path to which the epsec package is to be copied is not a directory.

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::create_dir. stat error: errno(ENOENT) strerror(File Not Found) for dirpath(/config/filestore/...)
Condition - This message is a debug log to indicate that the directory path is not present and needs to be created.

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::create_dir. Failed to create dir (/shared/apm/images) : errno(ENOSPC) strerror(No space left on device)
Condition - This message indicates that the directory could not be created during epsec package installation.

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Creating new status with version 1.0.0-393.0
Condition - This message is a debug log which indicates the version of the new epsec package being installed.

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Updating status with new version 1.0.0-393.0
Condition - This message is a debug log which indicates the version of the new epsec package being installed.

0107157D:5: mcpd: mark_objects_for_delete: EPSEC::EPSEC Software Status for this device (bigip.f5.com) is a built-in object and cannot be deleted!
Condition - This message indicates that an attempt was made to delete a system epsec package which cannot be deleted.

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status start
Condition - This message indicates that the epsec software version is being loaded from the installed epsec package.

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status done
Condition - This message indicates that the epsec software version was successfully loaded from the installed epsec package.

Impact:
Below are the Impacts for each of the log messages-

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status passed
Impact - This is just a notice with no impact on the system

0107157D:5: mcpd: copy_file: EPSEC::In copy_file - src (/config/filestore/files_d/Common_d/epsec_package_d/:...iso) dst (/shared/apm/images/...iso)
Impact - This is just a notice with no impact on the system

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Creating new status with version 1.0.0-427.0
Impact - This is just a notice with no impact on the system

0107157D:5: mcpd: copy_file: EPSEC in EspecFileObjMgr::copy_file - src (/config/filestore/...) dst (/shared/apm/images/...)
Impact - This is just a notice with no impact on the system

0107157D:5: mcpd: update_version: EPSEC::In update_version - Version (1.0.0-393.0) OESIS Version (3.6.9993.2)
Impact - This is just a notice with no impact on the system

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Removing obj name: epsec-1.0.0-446.0.iso, create time 1485282975
Impact - This is just a notice with no impact on the system

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Deleting object epsec-1.0.0-446.0.iso, create time 1485282975
Impact - This is just a notice with no impact on the system

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Remaining most recent obj name: epsec-1.0.0-446.0.iso, create time: 1485282975
Impact - This is just a notice with no impact on the system

0107157D:5: mcpd: update_version: EPSEC::Removing invalid package (epsec-1.0.0-446.0.iso) found during config load.
Impact - This is just a notice with no impact on the system

0107157D:5: mcpd: update_version: EPSEC::In update_version - Version (1.0.0-393.0) OESIS Version (3.6.9993.2)
Impact - This is just a notice with no impact on the system

0107157D:5: mcpd: copy_file: EPSEC in EspecFileObjMgr::copy_file - src (/config/filestore/...) dst (/shared/apm/images/...)
Impact - This is just a notice with no impact on the system.

0107157D:5: mcpd: copy_file: Failed in file copy, creating destination directory errno=(ENOSPC) src=(/config/filestore/...) dst=(/shared/apm/images/...).
Impact - This message indicates that the new epsec package will not be installed on the system as an internal file copy operation failed.

0107157D:5: mcpd: copy_file: EPSEC::In copy_file - created destination directory (/shared/apm/images)
Impact - This is just a notice with no impact on the system.

0107157D:5: mcpd: copy_file: Failed in file copy errno=(ENOSPC) src=(/config/filestore/...) dst=(/shared/apm/images/...).
Impact - This message indicates that the new epsec package will not be installed on the system as an internal file copy operation failed.

0107157D:5: mcpd: delete_file: Failed to delete file errno=(ENOENT) file=(/shared/apm/images/...).
Impact - This message indicates that the installation of epsec package failed and as part of the rollback the cleanup of the copied package failed. This will cause unnecessary disk space to be utilized by the package.

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::creat_dir. Path (/shared/apm/images) exists and is not a directory
Impact - This is just a notice with no impact on the system.

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::create_dir. stat error: errno(ENOENT) strerror(File Not Found) for dirpath(/config/filestore/...)
Impact - This message is a debug log to indicate that the directory path is not present and needs to be created. It will be subsequently created, so this has no functional impact on the administrative action.

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::create_dir. Failed to create dir (/shared/apm/images) : errno(ENOSPC) strerror(No space left on device)
Impact - This message indicates that the internal epsec package directory could not be created and so the installation of the epsec package will fail.

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Creating new status with version 1.0.0-393.0
Impact - This is just a notice with no impact on the system.

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Updating status with new version 1.0.0-393.0
Impact - This is just a notice with no impact on the system.

0107157D:5: mcpd: mark_objects_for_delete: EPSEC::EPSEC Software Status for this device (bigip.f5.com) is a built-in object and cannot be deleted!
Impact - This is just a notice with no impact on the system.

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status start
Impact - This is just a notice with no impact on the system.

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status done
Impact - This is just a notice with no impact on the system.

Recommended Action:
Below are the Workarounds for each of the log messages-

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status passed
Workaround - None.

0107157D:5: mcpd: copy_file: EPSEC::In copy_file - src (/config/filestore/files_d/Common_d/epsec_package_d/:...iso) dst (/shared/apm/images/...iso)
Workaround - None.

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Creating new status with version 1.0.0-427.0
Workaround - None.

0107157D:5: mcpd: copy_file: EPSEC in EspecFileObjMgr::copy_file - src (/config/filestore/...) dst (/shared/apm/images/...)
Workaround - None.

0107157D:5: mcpd: update_version: EPSEC::In update_version - Version (1.0.0-393.0) OESIS Version (3.6.9993.2)
Workaround - None.

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Removing obj name: epsec-1.0.0-446.0.iso, create time 1485282975
Workaround - None.

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Deleting object epsec-1.0.0-446.0.iso, create time 1485282975
Workaround - None.

0107157D:5: mcpd: delete_obsolete_objects: EPSEC::Remaining most recent obj name: epsec-1.0.0-446.0.iso, create time: 1485282975
Workaround - None.

0107157D:5: mcpd: update_version: EPSEC::Removing invalid package (epsec-1.0.0-446.0.iso) found during config load.
Workaround - None.

0107157D:5: mcpd: update_version: EPSEC::In update_version - Version (1.0.0-393.0) OESIS Version (3.6.9993.2)
Workaround - None.

0107157D:5: mcpd: copy_file: EPSEC in EspecFileObjMgr::copy_file - src (/config/filestore/...) dst (/shared/apm/images/...)
Workaround - None..

0107157D:5: mcpd: copy_file: Failed in file copy, creating destination directory errno=(ENOSPC) src=(/config/filestore/...) dst=(/shared/apm/images/...).
Workaround - One possible cause of this error could be lack of disk space and so one can delete existing epsec package or other files from the disk and attempt installation of the epsec package again. In other cases, there is no recommended workaround.

0107157D:5: mcpd: copy_file: EPSEC::In copy_file - created destination directory (/shared/apm/images)
Workaround - None.

0107157D:5: mcpd: copy_file: Failed in file copy errno=(ENOSPC) src=(/config/filestore/...) dst=(/shared/apm/images/...).
Workaround - One possible cause of this error could be lack of disk space and so one can delete existing epsec package or other files from the disk and attempt installation of the epsec package again. In other cases, there is no recommended workaround.


0107157D:5: mcpd: delete_file: Failed to delete file errno=(ENOENT) file=(/shared/apm/images/...).
Workaround - Not known.

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::creat_dir. Path (/shared/apm/images) exists and is not a directory
Workaround - None.

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::create_dir. stat error: errno(ENOENT) strerror(File Not Found) for dirpath(/config/filestore/...)
Workaround - None.

0107157D:5: mcpd: create_dir: EpsecFileObjectMgr::create_dir. Failed to create dir (/shared/apm/images) : errno(ENOSPC) strerror(No space left on device)
Workaround - One can try to manually create the specified directory path and then attempt the installation operation again.

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Creating new status with version 1.0.0-393.0
Workaround - None.

0107157D:5: mcpd: create_or_update_status_obj: EPSEC::Updating status with new version 1.0.0-393.0
Workaround - None.

0107157D:5: mcpd: mark_objects_for_delete: EPSEC::EPSEC Software Status for this device (bigip.f5.com) is a built-in object and cannot be deleted!
Workaround - None.

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status start
Workaround - None.

0107157D:5: mcpd: init_system_epsec_software_status: EPSEC:: loading of Epsec software status done
Workaround - None.


01071587 : Commit ID message ignored, %s

Location:
/var/log/ltm

Conditions:
This message occurs when a device receives a commit ID update (that is, a config change) from a peer, but the commit ID is missing the originator field.

Impact:
No known negative impact.

Recommended Action:
To examine the commit IDs from a peer, you can run tmsh run /cm sniff-updates.


010715bc : "The application service (%s) has strict updates enabled, the object (%s) must be updated using an application management interface."

Location:
GUI, CLI

Conditions:
An application service has strict updates enabled, and you are trying to manage associated objects outside of the application management interface.

Impact:
Any changes that you make directly to objects associated with the application service will be lost.

Recommended Action:
Update the objects through the iApp menu in the BIG-IP Configuration utility or through the tmsh sys appplication service. An alternative is to access the application service through the iApp menu, view the advanced properties, and disable strict updates for the service so that you can manage associated objects directly. However, if you use the iApp to make changes later, the changes that you made directly will be lost.


0107167d : Data publisher not found or not implemented when processing request %s.

Location:
/var/log/ltm

Conditions:
Possible causes of this error include:
- Statsd daemon might not be running yet.
- Mcpd received a bad request.
- A stats publisher is not available to handle the request.

Impact:
Impact can potentially include:
- No stats available.
- Certain requests are not be processed by Mcpd.

Recommended Action:
(1) Ensure that statsd daemon is running. `bigstart status statsd merged`
(2) Ensure that the publishing daemon is running. For example, if the error is logged when you run `tmsh show net arp`, determine whether the TMM is up by running `bigstart status tmm`.

If any of the daemons are down, run `bigstart start <daemon>`.

If all daemons are running, then neither of the two cited daemons is the cause. Instead, the cause might be an internal issue related to a malformed request, in which case you should file a support ticket.


01071681 : SNMP_TRAP: Virtual %s has become available

Location:
/var/log/ltm

Conditions:
This message is logged when the virtual server becomes "available", transitioning from some other status. Note that this indicates the virtual server is now "status-green", transitioning from some other status such as "unchecked-blue" or "unavailable-red".

Impact:
This message is log-notification only when the virtual server status is changed to be available (status "green"). This is not an error, as this virtual server is established as correctly configured to receive new client connections.

Recommended Action:
This is not an error, but a notification of a virtual server status change that has now become available.


01071682 : SNMP_TRAP: Virtual %s has become unavailable

Location:
/var/log/ltm

Conditions:
Example:
SNMP_TRAP: Virtual my_server has become unavailable

This message is logged when the virtual server becomes "unavailable", transitioning from some other status. Note that this indicates the virtual server is now "status-red", transitioning from some other status such as "available-green" or "unchecked-blue".

Impact:
This message is log-notification only when the virtual server status is changed to be unavailable (status "red"). Because the virtual server is unavailable, no new client connections will be established to this virtual server.

Recommended Action:
This is a notification of a virtual server status change for a virtual server has now become unavailable. The unavailable-status (i.e., "red") might be an indication of an error, such as when the required number of pool members are unavailable due to configuration error or one-or-more pool member failures.


0107168c : Incremental sync complete: This system is updating the configuration on device group %s device %s from commit id { %llu %llu %s } to commit id { %llu %llu %s }.

Location:
/var/log/ltm

Conditions:
A device in a DSC device group is able to successfully construct an incremental sync message requested by a peer.

Impact:
This is information about a successful operation.

Recommended Action:
None.


0107168e : Unable to do incremental sync, reverting to full load for device group %s device %s from commit id { %llu %llu %s } to commit id { %llu %llu %s }.

Location:
/var/log/ltm

Conditions:
The device is in a DSC device group with incremental sync enabled.

If a peer device requests an incremental sync, and the local device is unable to reconstruct the series of incremental syncs out of the sync cache from the commit_id specified by the peer, it will revert to a full sync.

This usually occurs because the cache is full and prior commit_id transactions have been dropped to make space.

The cache can be inspected by an Administrator via:
tmsh show cm device-group <device group name> incremental-config-sync-cache

The size of the cache can be set/checked per device group:
tmsh list cm device-group <device group name> incremental-config-sync-size-max

Impact:
Syncing may take a longer to complete. If automatic syncing is enabled, and many changes are made to configuration in the device group, this could cause mcpd to become unresponsive and in extreme cases run out of memory and core.

Recommended Action:
If a user is seeing this message, it's recommended to increase the size of the incremental sync cache and/or reduce the size and frequency of config changes.


010716b3 : A draft policy (%s) can not be applied to a ACL rule.

Location:
/var/log/ltm

Conditions:
An unpublished L7 policy is being assigned to an AFM ACL rule.

Impact:
Configuration validation, no impact.

Recommended Action:
Publish the L7 policy before assigning it to the AFM ACL rule.


010716b4 : Policy %s cannot be assigned to %s, because %s.

Location:
/var/log/ltm

Conditions:
An L7 policy is not compatible with a destination object, for example, when a non-classification policy is being assigned to an AFM ACL rule.

Impact:
Preventive configuration validation, no impact.

Recommended Action:
Attach only compatible L7 policies to a destination object.


010716e3 : Policy '%s'; an action occurs before conditions in another rule. For best-match, all actions must happen later than all conditions.

Location:
/var/log/ltm

Conditions:
A Best-Match CPM policy has an action in one or more of its rules that is not guaranteed to follow a condition in one or more rules. (The rules containing the action and condition may be different.)

Impact:
The policy will not load.

Recommended Action:
Change the Best-Match policy so that the actions occur in events that are compatible with the conditions. Actions must always occur after conditions.

If action events are not guaranteed to follow conditions, then a programatic solution is available via iRules. The situation where the action's event is encountered before the condition event can be handled in an arbitrary way by the iRule.


0107172d : Policy '%s' can't be applied to virtual server '%s' because it has no rules

Location:
The error message is visible in the web user interface, TMSH/CLI console, and the LTM log (/var/log/ltm).

Conditions:
The error message is triggered by the attempt of a user driven action to create or modify an LTM policy without specifying policy rules.

Impact:
Directing the user to create or modify an LTM policy within the required validation conditions, in this case by specifying policy rules for the LTM policy.

Recommended Action:
The user action should follow the correct steps while creating or modifying an LTM policy, by adding at least a validation rule to the LTM policy.


01071764 : HA order list in traffic group (%s) cleared because there is no self failover device group.

Location:
/var/log/ltm

Conditions:
When a device is no longer a member of a sync-failover group, any ha-order list specified for any traffic group is automatically cleared.

Impact:
None. Expected behavior because of a configuration change.

Recommended Action:
None.


010717b3 : Setting DHCP request-option to none can result in management-ip misconfiguration and loss of management connectivity.

Location:
/var/log/ltm

Conditions:
- Using DHCP to configure management-ip, management-route, DNS, hostname, etc. in a BIG-IP.
- Setting DHCP request-option to none using "tmsh modify sys management-dhcp sys-mgmt-dhcp-config request-options none".

Impact:
As request-options specify the management options that a dhclient running on BIG-IP device requests from the dhcp server in the network, setting request-options to none could result in a BIG-IP device not receiving any configuration (mgmt-ip, mgmt route, dns etc) crucial for management connectivity.

Recommended Action:
DHCP servers can be configured with "authoritative" setting, in which case, it would always provide dhclient with a fixed set of configuration, even if it receives an empty request-options list from dhclient.


010717b6 : %s can only be used in one LSN pool or security nat source translation object. The PCP Server %s (%s) is in use by lsn pool %s.

Location:
GUI, CLI

Conditions:
If PCP Server is already in use by one of the LSN Pools for FW NAT Source translation objects and the user is configuring the same PCP server on another LSN Pool or FW NAT source translation object, user will see this MCP validation error.

Impact:
Creation/Modificaton of the LSN Pool or FW NAT Source translation object would fail unless the user modifies the PCP server field.

Recommended Action:
None.


010717dc : VXLAN tunnel remote address can be configured only as any(0.0.0.0) with flooding types none and multipoint.

Location:
GUI, /var/log/ltm

Conditions:
When configuring a non-multicast VXLAN tunnel in which the tunnel remote-address is set to non-zero address.

Impact:
MCP validation blocks this improper configuration for non-multicast VXLAN tunnels and displays this error message.

Recommended Action:
For non-multicast VXLAN tunnels, the user has to set the tunnel remote-address to 'any' (0.0.0.0).


0107183b : Cannot disable LDNS cache when a Wide IP has persistence enabled.

Location:
/var/log/ltm

Conditions:
During a GTM configuration load or while processing a configuration modification, MCPD received a message to set the LDNS cache to disabled but there exists at least one wideip that has persistence enabled.

Impact:
The LDNS cache is required for wideip persistence, therefore MCPD will set the LDNS cache to enabled.

Recommended Action:
The LDNS cache must be enabled for wideip persistence to function; therefore, it is advised that either wideip persistence must be disabled or the LDNS cache must remain enabled.

The following tmsh command will disable persistence for all wideips of the specified record type:
tmsh modify gtm wideip <wideip_record_type> all persistence disabled


01071860 : Cannot enable feed list %s. Maximum number of enabled feed list allowed is %d.

Location:
log/UI/TMSH, GUI

Conditions:
When trying to enable more than 8 urldb feedlist entries for custom url categorization.

Impact:
Only the first 8 feedlist entries will work.

Recommended Action:
Remove one or more feedlist entries from 8 already enabled feedlist entries, if a new one is needed.


01071863 : OCSP cert-validator (%s): DNS resolver and proxy server pool can not be both empty.

Location:
/var/log/ltm, tmsh console, iControl, GUI

Conditions:
The user is trying to create an OCSP cert-validator, but assigning neither a DNS resolver nor a proxy server pool to the OCSP validator.

Impact:
None.

Recommended Action:
Specify either a DNS resolver or a proxy server pool for the OCSP cert-validator.


01071864 : OCSP cert-validator (%s): The certificate (%s) can not be used by an OCSP cert-validator as a %s, because it is currently using some cert-validator (%s) to monitor its status.

Location:
/var/log/ltm

Conditions:
The error message is not being used.

Impact:
None.

Recommended Action:
None.


01071865 : Unable to find an HTTP-based OCSP responder URL that is configured in the OCSP cert-validator (%s) or in the AIA (Authority Information Access) extension of the certificate (%s).

Location:
/var/log/ltm, tmsh console, iControl, GUI

Conditions:
An OCSP validator is assigned to a certificate, but no OCSP responder URL is found in either the OCSP validator's configuration or the certificate's AIA (Authority Information Access) extension.

Impact:
None.

Recommended Action:
Either configure the OCSP responder URL for the OCSP validator, or use a certificate that contains the AIA extension that specifies the OCSP responder's URL.


01071866 : OCSP cert-validator (%s): Please specify a HTTP-based absolute URL for the OCSP responder.

Location:
/var/log/ltm, tmsh console, iControl, GUI

Conditions:
The user is trying to configure an invalid URL address (not starting with http://) as the responder URL of an OCSP cert-validator.

Impact:
None.

Recommended Action:
Configure an OCSP responder URL to the OCSP cert-validator that starts with "http://".


01071867 : OCSP cert-validator (%s): Both key and certificate should be specified for signing the OCSP request.

Location:
/var/log/ltm, tmsh console, iControl, GUI

Conditions:
The user is trying to configure only the signer key (without a signer certificate) or only the signer certificate (without a signer key) to an OCSP cert-validator. Signer key and certificate should come as a pair.

Impact:
None.

Recommended Action:
Either specify both key and certificate, or specify none of them.


01071868 : OCSP cert-validator (%s): Only prime256v1 named curve is supported for signer key.

Location:
/var/log/ltm, tmsh console, iControl, GUI

Conditions:
The signer key of the OCSP validator is an EC (elliptic curve) key with an unsupported curve type (the only supported curve is prime256v1).

Impact:
None.

Recommended Action:
If the signer key is an EC (elliptic curve) key, make sure that its curve type is prime256v1.


01071869 : OCSP cert-validator (%s): Security type %s is not supported for signer key.

Location:
/var/log/ltm, tmsh console, iControl, GUI

Conditions:
The user is trying to configure a signer key to an OCSP validator, but the key type of the signer key is not supported.

Impact:
None.

Recommended Action:
The security type of the key can be obtained by "tmsh list sys crypto key". Currently fips and nethsm types are not supported.


0107186a : OCSP cert-validator (%s): Signer key (%s) and signer certificate (%s) do not match.

Location:
/var/log/ltm, tmsh console, iControl, GUI

Conditions:
The signer key and signer certificate that the user is configuring for the OCSP cert-validator don't match.

Impact:
None.

Recommended Action:
Make sure that the key and certificate match each other. If not, try to get a correct key/certificate pair.


010718e1 : Only the standard-balanced-fpga firmware type is permitted in vCMP mode.

Location:
tmsh, GUI, iControl, /var/log/ltm

Conditions:
Provisioning VCMP or changing the FPGA.

Impact:
User is forced to only use standard-balanced-fpga when using VCMP.

Recommended Action:
Make sure the FPGA is set to standard-balanced-fpga when using VCMP.


010718e3 : Certificate (%s) has enabled OCSP at cert-validation-option but is not associated with any OCSP cert-validator.

Location:
/var/log/ltm, tmsh console, iControl, GUI

Conditions:
The user is trying to enable OCSP monitoring for a certificate that has no OCSP validator assigned.

Impact:
None.

Recommended Action:
Assign an OCSP validator to the certificate first, and then enable the OCSP monitoring for the certificate.


010718e4 : OCSP cert-validator (%s): can not use both DNS resolver and proxy server pool. Please ensure that only one of them is configured.

Location:
/var/log/ltm, tmsh console, iControl, GUI

Conditions:
The user is trying to create an OCSP cert-validator, but assigning both of DNS resolver and proxy server pool to the OCSP validator.

Impact:
None.

Recommended Action:
Remove either the DNS resolver or proxy server pool from the OCSP cert-validator.


01071909 : Log publisher '%s' used by the Anti-Fraud profile '%s' must have a single destination of type '%s'.

Location:
TMSH, GUI

Conditions:
Trying to delete a publisher used by Anti-Fraud, or trying to set a publisher with wrong destination type.

Impact:
Configuration will fail.

Recommended Action:
Detach publisher from Anti-Fraud profile prior publisher removal. Set a publisher with the correct destination type.


0107190a : Field '%s' cannot be empty in the Anti-Fraud profile '%s'.

Location:
/var/log/ltm, GUI, and console

Conditions:
An empty field was specified while configuring an Anti-Fraud profile.

Impact:
Configuration will not be applied.

Recommended Action:
Specify a non-empty field.


01071911 : %s in rule (%s) are not allowed under %s event on the %s (%s).

Location:
/var/log/ltm, GUI

Conditions:
This is an error that is issued when MCPD is validating iRule proc with the current configuration and detecting an incompatibility.

This scenario is most likely involves the user creating a library of nested reusable iRule procs that are meant to be called from multiple event based iRules and other procs, and then combining one or more iRules with these procs by associating them with the virtual server in order to achieve the desired behavior. One or more of of the rules invoking functionality in the procs does so in under the wrong event.

For example, an iRule proc might attempt to return an application specific combination of HTTP headers, including the host header:

# user creates virtual
ltm virtual vs_http {
   destination any:80
   profiles {
     http {}
     tcp {}
   }
   ...
}
   

# user creates rule in ltm rule /Common/rl_app_http
proc get_app_host_headers { } {
 return "[HTTP::header app_1]-[HTTP::host]"
}
proc get_app_headers { } {
 return "[call get_app_host_headers]-[HTTP::host]"
}

this code may then be called from an iRule event in
# in ltm rule /Common/rl_http_req
when HTTP_RESPONSE {
 set app_h [call rl_app_http::get_app_host_headers]
}


# Error is issued by validation code upon saving since HTTP::host is not valid under HTTP_RESPONSE

Impact:
Saving the modified configuration will not be possible.
The virtual server configuration or iRules need to be corrected before saving the configuration will be possible.

Recommended Action:
Users need to ensure that the correct combination of iRule commands and events is associated with the virtual server by performing one of the steps:
1. Associate the right profile(s) with the virtual server.
2. Use only applicable commands in iRule procs.
3. Ensure that the combination of events in iRules and commands is still valid when modifying virtual server configuration.


01071912 : %s in rule (%s) requires an associated %s profile on the %s (%s).

Location:
/var/log/ltm

Conditions:
A an iRule script was added to a virtual that referred to a configuration object (like pool, snat pool, transport-congig, etc). When this iRule script was added to a virtual or transport-config, the validation logic identified that the referred object would not be present unless the named profile existed on the virtual or transport-config.

Impact:
There should be no impact. The validation logic checks the configuration to insure the script will run properly.

Recommended Action:
Remove the reference to the named object and add the script to the virtual or transport-config.


01071913 : %s in rule (%s) under %s event at %s (%s) does not satisfy cmd/event/profile requirement.

Location:
/var/log/ltm and GUI

Conditions:
This is an error that is issued when MCPD is validating iRule proc with the current configuration and detecting an incompatibility.

This scenario is most likely involving the user creating a library of reusable iRule procs that are meant to be called from multiple event based iRules, and then combining one or more iRules with these procs by associating them with the virtual server in order to achieve the desired behavior. The user then decides to remove a profile deemed unnecessary from the virtual.

However, the combination of virtual server, the iRule event that leads to calling the proc and the commands executed in the iRule proc itself, might lead to incompatible combination.

For example, an iRule proc might attempt to return an application specific combination of HTTP headers:

# user creates virtual
ltm virtual vs_http {
   destination any:80
   profiles {
     http {}
     tcp {}
   }
   ...
}
   

# user creates rule in ltm rule /Common/rl_app_http
proc get_app_headers { } {
 return "[HTTP::header app_1]-[HTTP::header app_2]"
}

this code may then be called from an iRule event in
# in ltm rule /Common/rl_http_req
when HTTP_REQUEST {
 set app_h [call rl_app_http::get_app_headers]
}


# user then decides to remove http profile from the virtual server
... (tmos)# mod ltm virtual vs_http profiles delete { http } <ENTER>

# Error is issued by validation code

Impact:
Saving the modified configuration will not be possible.
The virtual server configuration or iRules need to be corrected before saving the
configuration will be possible.

Recommended Action:
Users need to ensure that the correct combination of iRule commands and events is associated with the virtual server by performing one of the steps below:
1. Associate the right profile(s) with the virtual server
2. Use only applicable commands in iRule procs
3. Ensure the combination of events in iRules and commands is still valid when modifying
   virtual server configuration


01071918 : CMI device (%s) has a different version (%s) from this device (%s).

Location:
/var/log/ltm

Conditions:
Another device attempts to make a CMI connection to this device, but reports that it has a different version of TMOS than this device.

This message will show up during the process of upgrading a CMI trust domain from one version of TMOS to a later one.

Impact:
CMI sync between devices of different versions is not supported.

Recommended Action:
This message usually will show up during the process of upgrading a CMI trust domain from one version of TMOS to a later one. Once all devices are upgraded to the new TMOS version, they will be able to connect to each other.


010719a8 : URL parameters can be %s only when %s is enabled in the Anti-Fraud profile '%s'.

Location:
mcpd, tmsh console, GUI

Conditions:
Parameter's flag is dependent on URL flag. (in order to enable Parameter's flag 'A', URL's flag 'B' must be enabled).

Impact:
Parameter's flag won't be set.

Recommended Action:
Enable the dependent flags.


010719ac : Anti-Fraud parameter '%s' is invalid. Parameter cannot be %s while it is %s in the Anti-Fraud profile '%s' (Anti-Fraud URL: '%s').

Location:
mcpd, tmsh console, GUI

Conditions:
A mobilesafe parameter is marked as encrypted, and the user want's to mark it as enforced (entangled).
OR
A mobilesafe parameter is marked as enforced, and the user want's to mark it as encrypted.

Impact:
Parameter remains with original flag enabled.

Recommended Action:
Enable either "encrypted" or "enforced", but not both.


010719b7 : URL whitelist words can be selected only from malware blacklist words in the Anti-Fraud profile '%s'.

Location:
mcpd, tmsh console, GUI

Conditions:
Setting a whitelist word that isn't configured in blacklist words (of the same profile).

Impact:
The mcp transaction aborted. Malware object is not changed.

Recommended Action:
Add whitelist words only if they are configured in blacklist words (of the same profile).


010719c9 : Unicast address warning (FAILOVER MAY NOT WORK): %s should be a mgmt (blade) address or non-floating self IP.

Location:
/var/log/ltm

Conditions:
The address does not seem to be valid with the information present in the local box, but may still be valid based on the configuration of the network.

Impact:
Verify the unicast address to make sure there is not a configuration error.

Recommended Action:
None.


010719d6 : The location '%s' cannot have empty path between leading '/' and file extension or trailing '/', and also cannot contain only '/' and '.' in the Anti-Fraud profile '%s'.

Location:
mcpd, tmsh console, GUI

Conditions:
Setting invalid location (empty or contains only '/' and '.' characters).

Impact:
The mcp transaction aborted. Changes will not take effect.

Recommended Action:
Set valid locations only (non-empty, containing alphanumeric characters).


010719e7 : Virtual Address %s general status changed from %s to %s.

Location:
/var/log/ltm

Conditions:
Example:
Virtual Address my_server general status changed from YELLOW to GREEN.

This message is logged when a general status change is detected for the virtual address. Possible general statuses for a virtual address include: 'GREEN', 'YELLOW', 'RED', 'BLUE', 'GRAY'.

The general status for a virtual address typically depends on one-or-more pool members, and the associated configuration of the virtual address itself. For example, a pool of four members might be associated with a virtual address, and require a minimum of two pool members to be available for the virtual address to be marked up (that is, "GREEN"). Thus, the conditions for a change in the general status of the virtual address include a combination of the virtual address configuration, plus the health of the contributing pool members.

Impact:
This message might not indicate an error, because it merely reports the detected general status change. For example, upon system start, it is expected that the general status might change from "BLUE" (unchecked) to "GREEN" (available). Similarly, user-action (such as through xui or tmsh) might explicitly change the general status, such as to "GRAY" when forcing the virtual address to be unavailable during maintenance.

Recommended Action:
This message might not indicate an error, but a notification of a virtual address general status change, due to monitor results or user-initiated action. If an unexpected "RED" status is reported, the user should verify the virtual address configuration, and the availability of the contributing pool members.


010719e8 : Virtual Address %s monitor status changed from %s to %s.

Location:
/var/log/ltm

Conditions:
Example:
Virtual Address my_name monitor status changed from CHECKING to UP.

This message is logged when a status change is detected for a virtual address. Possible statuses include: "UNCHECKED", "CHECKING", "INBAND", "FORCED_UP", "UP", "UP_MAX", "DOWN_MIN", "ADDR_DOWN", "DOWN", "FORCED_DOWN", "MAINT", "IRULE_DOWN", "INBAND_DOWN", "DOWN_WAIT_MAN_RES".

Impact:
This message might not itself indicate an error, as it merely reports the detected status change. For example, upon system start it is expected that the status might change from "UNCHECKED" to "CHECKING" to "UP". Similarly, user action (such as through the xui or tmsh) might explicitly change the status, for example, to "FORCED_DOWN".

However, an unexpected "DOWN" status not resulting from intentional user-initiated action might indicate an issue, such as a failed resource or an improperly configured virtual address.

Recommended Action:
This message might not itself indicate an error, but a notification of a virtual address status change, due to monitor results or user-initiated action. If an unexpected "DOWN" status is reported, the user should verify that the virtual address is available and ensure correct monitor configuration.


010719ea : GTM changed state from %s to %s.

Location:
/var/log/ltm

Conditions:
Example:
notice reported: notice mcpd[7345]: 010719ea:5: GTM changed state from UP to DOWN.

This message is not an error by itself, only a notice.
It only means that the GTM module went from UP to DOWN or vice versa.
If the message shows up repeatedly in the logs, this could mean that something else is wrong with the system and the user should look for additional clues as to why this is happening.

Impact:
"GTM changed state from UP to DOWN" means that the gtmd daemon went offline, while offline GTM functionalities will not be available.
"GTM changed state from DOWN to UP" means that the gtmd daemon went online, while online GTM functionalities are available.

Recommended Action:
If GTM is DOWN, the user can bring the daemon back online with the command "bigstart start gtmd", "bigstart stop gtmd" to take it offline. If that does not work, the user should investigate further as to why the daemon is going offline or refusing to come online.


010719fd : No IPv%s self IP exists on VLAN (%s) for static route (%s)

Location:
/var/log/ltm

Conditions:
The last IPv4 or IPv6 self IP was deleted from a VLAN, which will leave a static route without an IP on the egress VLAN.

Impact:
The self IP cannot be deleted until the static route is deleted or its nexthop is changed to use a different VLAN.

Recommended Action:
Before deleting the last IPv4 or IPv6 self IP from a VLAN, delete static routes for that protocol that use the VLAN.


01071a01 : Anti-Fraud parameter '%s' is invalid. URL parameters can appear only in POST request when URL Application Type is Mobile in the Anti-Fraud profile '%s' (Anti-Fraud URL: '%s').

Location:
mcpd, tmsh console, GUI

Conditions:
Trying to set a Mobilesafe parameter to GET method.

Impact:
The transaction aborted. No change to parameter.

Recommended Action:
Either disable mobilesafe encryption, or declare mobilesafe parameter for POST method only.


01071a14 : device_trust_group: Requesting device data from device %s.

Location:
/var/log/ltm

Conditions:
When the local device requests device-specific data from the remote device. This usually happens when the remote device has changed something in its device data, and the local device needs to sync this information.

Impact:
None.

Recommended Action:
None.


01071a15 : device_trust_group: Sending device data to device %s.

Location:
/var/log/ltm

Conditions:
Information that a device is sending its device-specific trust data to the remote device that requested it.

Impact:
None.

Recommended Action:
None.


01071a37 : Anti-Fraud %s '%s' was created as %s and this setting cannot be changed.

Location:
/var/log/ltm

Conditions:
Attempting to change the type of an Anti-Fraud URL or parameter from explicit to wildcard and vice-versa.

Impact:
Configuration will not load.

Recommended Action:
Do not change the type of an Anti-Fraud URL or parameter. Delete item and recreate it with the desired type instead.


01071a38 : Wildcard %ss must have unique priorities in the Anti-Fraud profile '%s'.

Location:
/var/log/ltm

Conditions:
Attempting to assign identical priorities to wildcard URLs or parameters in an Anti-Fraud profile.

Impact:
Configuration will not load.

Recommended Action:
Verify priorities are unique among wildcard URLs or parameters in an Anti-Fraud profile.


01071a39 : Cannot %s of explicit %s in the Anti-Fraud profile '%s'.

Location:
/var/log/ltm

Conditions:
Attempting to edit priority of explicit URL or parameter in an Anti-Fraud profile.

Impact:
Configuration will not load.

Recommended Action:
Do not edit priority of an explicit URL or parameter.


01071a6e : Incompatible options - traffic group %s cannot have both auto-failback-enabled and the failover-method set to ha-score

Location:
/var/log/ltm, console

Conditions:
When a user tries to set both parameters for a traffic-group.

Impact:
The command will not be executed.

Recommended Action:
None.


01071a85 : Anti-Fraud URL '%s' is invalid. Wildcard URL cannot have %s enabled in the Anti-Fraud profile '%s'.

Location:
mcpd, tmsh console, GUI

Conditions:
Trying to set mutual exclusive flags (that is, wildcard + mobilesafe encryption).

Impact:
The mcp transaction aborted. No change will be made to URL object.

Recommended Action:
Do not try to set mutual exclusive flags.


01071a95 : Admin IP (%s/%s): Gateway (%s) for management route (%s) is not in a connected network.

Location:
/var/log/ltm

Conditions:
When the user creates a management-ip that is not on the same subnet as the management-route, an error message is added to /var/log/ltm.
This validation error message is to help the user to prevent leaving a stray management gateway configured.

Impact:
None.

Recommended Action:
Delete the stray management-route and add a new one that matches the management-ip.


01071a9a : The '%s' for interface %s has been adjusted to '%s'.

Location:
/var/log/ltm

Conditions:
The bundle status and bundle speed attributes of each interface are detected when the system boots up, based on the type of physical ports.
For ports that support the bundle feature, the two attributes have to be updated to reflect the run time values.
A notice is logged into the /var/log/ltm to notify the user of this update.

Impact:
None.

Recommended Action:
None.


01071aa6 : %s bad actor cannot be enabled if per-source detection/limit pps is less than 1% of the DoS vector (%s) %s setting for %s.

Location:
/var/log/ltm

Conditions:
The per-source detection/limit pps is less than 1 percent of the corresponding value of the DoS vector. The Dos vector is specified by the configuration value of the rate threshold/rate limit in the DoS vector.

Impact:
Security DoS DNS/SIP/NETWORK/Device attack vector bad actor cannot be enabled.

Recommended Action:
Change the configuration settings of the DoS attack vector for either per-source detection/limit pps or rate threshold/rate limit.


01071aa7 : %s bad actor per-source detection/limit pps cannot be greater than the Dos vector (%s) %s setting for %s.

Location:
/var/log/ltm

Conditions:
The per-source detection/limit pps is greater than the corresponding value of the DoS vector. The DoS vector is specified by the configuration value of the rate threshold/rate limit in the DoS vector.

Impact:
The security DoS DNS/SIP/NETWORK/Device attack vector bad actor cannot be enabled.

Recommended Action:
Change the configuration settings of attack vector for either the per-source detection/limit pps or the rate threshold/rate limit.


01071acc : Cannot enable maintenance mode when device is forced offline.

Location:
/var/log/ltm, GUI, console

Conditions:
When the device is in forced offline mode; setting it to maintenance mode will not be allowed until the device is back online.

Impact:
None. Validation for a bad config operation.

Recommended Action:
None.


01071acd : The requested device (%s) was not found in self failover device group (%s).

Location:
/var/log/ltm, GUI, console

Conditions:
When a device is not a member of the failover group and a command is executed to specify a traffic group HA order, including the non-member device.

Impact:
The respective HA order command will be rejected with the validation error displayed in the respective UI.

Recommended Action:
Do not include devices that are not member of the failover group when specifying a traffic group HA order; or include the device non-member in the failover group before executing the HA order command.


01071ad3 : The requested provision module (%s) is not compatible with already provisioned module (%s).

Location:
GUI, console

Conditions:
(1) User tries to provision URLDB module, but SWG module is already configured.
(2) User tries to provision SWG module, but URLDB module is already configured.

Impact:
None.

Recommended Action:
Either provision SWG or URLDB module, depending on the use case, but not both.


01071ad4 : LSN pool %s shares the same name as security nat source translation object. LSN iRules that take in 'pool name' as an argument would default to LSN objects

Location:
GUI, CLI

Conditions:
Name of the object has to be unique across LSN Pools and Source translation object, and if the user is attempting to configure a LSN Pool or Source translation Object with name that is already in use by another LSN Pool or Source translation object, this mcpd validation error is thrown to the user via GUI or TMSH.

Impact:
Creation of the LSN pool or FW NAT source translation object would fail unless user uses a different name.

Recommended Action:
None


01071ad9 : Security NAT Source Translation object %s shares the same name as LSN pool. LSN iRules that take in 'pool name' as an argument would default to LSN objects.

Location:
GUI, CLI

Conditions:
This is a warning message shown to the user if the user is attempting to configure the FW Nat source translation object with a name that is already in use by another LSN Pool.

Impact:
User would see this warning, but the configuration will go through fine. So No impact.

Recommended Action:
None


01071af3 : Anti-Fraud parameter '%s' is invalid. URL parameters cannot be entangled for Mobile while no parameter is encrypted for Mobile in the Anti-Fraud profile '%s' (Anti-Fraud URL: '%s').

Location:
mcpd, tmsh console, and GUI

Conditions:
Trying to enable Mobilesafe parameter's both encrypt and enforce (entangle) options.

Impact:
Mobilesafe Parameter can have encrypt or enforce options enabled, but not both.

Recommended Action:
None.


01071af8 : The firewall rule UUID cannot be modified by user once it's created.

Location:
/var/log/ltm

Conditions:
A user has tried to modify the policy rule UUID value.

Impact:
The operation to modify the policy rule fails.

Recommended Action:
Modify the policy rule without changing the UUID value.


01071af8 : The firewall rule UUID (%s) already exists in other rules.

Location:
/var/log/ltm

Conditions:
A firewall rule is attempting to use the same UUID that exists in another firewall policy.

Impact:
You cannot create the policy.

Recommended Action:
Try to create the policy with a different rule UUID.


01071af9 : The specified firewall rule UUID (%s) is diffrent from exists rule UUID.

Location:
/var/log/ltm

Conditions:
A different rule UUID has been applied to the same rule.

Impact:
Modifying the rule or re-creating the rule operation fails.

Recommended Action:
Allow the system to choose the rule UUID instead of specifying a different UUID for the same rule.


01071aff : AOM webui is not available in this release.

Location:
/var/log/ltm

Conditions:
When the user tries the following tmsh commands:
- modify sys aom webui enabled
- modify sys aom webui disabled

Impact:
The AOM web services are not supported in this release of BIG-IP software. Typing the tmsh command doesn't do anything.

Recommended Action:
None.


01071b00 : AOM vkvm is not available in this release.

Location:
/var/log/ltm

Conditions:
When the user tries the use one of the following the tmsh commands:
- modify sys vkvm enabled
- modify sys vkvm disabled

Impact:
This tmsh command does not do anything. The AOM Virtual Keyboard, Video and Mouse redirection is not supported in this release of BIG-IP software.

Recommended Action:
None.


01071b27 : Scope name cannot be empty for OAuth Authorization agent %s.

Location:
/var/log/apm, TMSH

Conditions:
The scope name is empty in the OAuth Authorization agent.

Impact:
Object save will fail.

Recommended Action:
Specify a scope name in the OAuth Authorization agent.


01071b28 : Scope name (%s) associated with OAuth Authorization agent (%s) is not defined under OAuth scope. If this error appears during import access profile, then the scope-name in the scope already exists on this BIG-IP as part of another scope object. You may want to edit the existing scope and retry importing access profile.

Location:
/var/log/apm, TMSH

Conditions:
If the scope referenced in the OAuth Authorization agent is not created under OAuth Scope, this error will be seen

Impact:
Object save will fail.

Recommended Action:
Create the scope under OAuth Scope first, and then it can be referenced in the OAuth Authorization agent.


01071b29 : %s entry refers to invalid OAuth Authorization agent %s, entry %d.

Location:
/var/log/apm, TMSH

Conditions:
This occurs when the OAuth Authorization Agent Scope or Claim entry refers to an invalid OAuth Authorization agent and its entry.

Impact:
Object won't be saved.

Recommended Action:
Specify the correct OAuth Authorization agent and its entry while creating or modifying an OAuth Authorization agent Scope or Claim entry.


01071b2c : The client app (%s) that is associated with the %s (%s) does not exist.

Location:
/var/log/apm, TMSH

Conditions:
This appears when a client app is referenced in an OAuth profile, and that OAuth client app does not exist.
It also appears when a JWT access token claim is associated with a client app, and the reference client app does not exist.

Impact:
Object save will fail.

Recommended Action:
Make sure that the client app is valid, or create one if necessary. And then, the client app can be referenced in the OAuth Profile, or while associating a JWT access token claim with the client app.


01071b3b : Notice: Purging initiated for OAuth DB Instance (%s). Time taken for DB purging depends on the amount of data; BIG-IP performance may be affected during this time. Only expired tokens will be removed.

Location:
/var/log/ltm, GUI, CLI

Conditions:
An administrator initiates an immediate DB purge of expired tokens (via the Purge Now button).

Impact:
BIG-IP system performance might be affected during this time.

Recommended Action:
None.


01071bad : The certificate (%s) can not simultaneously use a cert-validator (%s) and be configured as the %s of a cert-validator (%s).

Location:
/var/log/ltm, console, iControl, GUI

Conditions:
A conflicting configuration occurred, based on the configuration order:

Order 1: The certificate already has a cert-validator configured, but the user is trying to configure this certificate as some cert-validator's trusted responder or signer certificate.

Order 2 (the other way around): The certificate is already a trusted responder or signer certificate of some cert-validator, but the user is trying to assign a cert-validator to it.

Impact:
None.

Recommended Action:
None.


01071bcd : Security NAT Source Translation object (%s) cannot use both Self IP and DSLITE tunnel for PCP configuration.

Location:
GUI, CLI

Conditions:
If user is attempting to configure both the DSLITE and Self IP parameters in the PCP configuration in FW NAT source translation object, this error messages is shown to the user.

Impact:
Creation/Modification of the FW NAT source translation object would fail unless removes either of the Self IP or DS Lite tunnel PCP configuration.

Recommended Action:
None


01071bd1 : Inbound CMI connection from IP (%s) denied because it came from VLAN (%s), not from expected VLAN (%s).

Location:
/var/log/ltm

Conditions:
This should not happen under any circumstances.

Impact:
Mcpd has detected that sync traffic is being sent over a VLAN that is not the correct one. Therefore, if any traffic is sent, it is unexpectedly unencrypted. For security purposes, sync is disabled.

Recommended Action:
There is no workaround.


01071bd6 : %s (%s): Cannot enable Device-ID without enabling Bot Signatures and the 'Search Engine' Bot Signature Category.

Location:
/var/log/ltm, console

Conditions:
Using tmsh to create or modify a dos profile with application enabled, and enabling the device-id field without enabling the Search Engine Bot Signature Category.

Impact:
Creation or modification of the dos profile will fail.

Recommended Action:
Create the dos profile using two separate steps. For example:
create security dos profile dos1 application add { dos { bot-signatures { check enabled } } }
modify security dos profile dos1 application modify { dos { tps-based { device-captcha-challenge enabled } } }


01071bd8 : The tag-mode for requested member %s has to be 'none' on platforms that do not support QinQ.

Location:
/var/log/ltm

Conditions:
If the user attempts to configure the tag-mode of a VLAN member to some other value, but 'none' on platforms that do not support QinQ, the MCP validation rejects the configuration, and an error message is logged in the /var/log/ltm.

Impact:
The configuration issued via tmsh command is rejected as invalid.

Recommended Action:
If the user has to configure QinQ functionality, the use must switch to using a platform that supports QinQ.


01071be4 : port-fwd-mode value of interface (%s) is not compatible with vlan (%s) member interface (%s).

Location:
/var/log/ltm

Conditions:
This message is caused by an invalid configuration. When adding a member to a VLAN, the member's forwarding mode must be the same as other members in the vlan. For example, the port-fwd-mode value of the interface must be the same value as other interfaces in the same VLAN.

Impact:
Unable to add the member.

Recommended Action:
Inspect the relevant object configuration in VLAN, trunk, and interface. Do not add an incompatible member with different port-fwd-mode value to the same VLAN.


01071be5 : Member interface (%s) of trunk (%s) not found.

Location:
/var/log/ltm

Conditions:
Caused by an invalid configuration when a trunk consists of a interface, but the interface does not exist. This is very unlikely to happen.

Impact:
The interface will not be added.

Recommended Action:
Inspect the relevant object configuration in the trunk and interface. Delete the trunk object and re-create it.


01071be6 : port-fwd-mode value of interface (%s) is not compatible with trunk (%s) member interface (%s).

Location:
/var/log/ltm

Conditions:
This is caused by an invalid configuration. All interfaces in the same trunk must have the port-fwd-mode property set to the same value.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration in trunk and interface. Only add interfaces with the same port-fwd-mode value to the same trunk.


01071bed : The URL (%s) belongs to Custom Category (%s) has invalid type as regex-match and not supported yet.

Location:
/var/log/ltm

Conditions:
When the custom category url type is mentioned as regex type, you would see this message in /var/log/ltm. This regex type is not exposed in TMUI or GUI. This is only possible through programmatic internal access.

Impact:
You will not see this message in console or GUI, because regex type is not exposed.

Recommended Action:
None.


01071bee : SSLv2 is no longer supported and has been removed. The 'sslv2' keyword in the cipher string has been ignored.

Location:
/var/log/ltm

Conditions:
This message appears if an ssl profile is parsed that has the sslv2 enabled. This is a warning that appears in the logs.

Impact:
The high level impact is that you are using an ssl profile that previously tried to enable sslv2. We have disabled sslv2 and this is warning them that we are ignoring the fact that they tried to enable sslv2. SSLv2 has numerous vulnerabilities and enabling it can even open up vulnerabilities in more secure versions of SSL or TLS.

Recommended Action:
Remove the "sslv2" string from the cipher list.


01071bf0 : Vlan %s c-tag %s is out of range.

Location:
/var/log/ltm

Conditions:
MCP validation code rejects the tmsh configuration for a vlan tag that is grater than 4094 or less than 1. An error is logged in /var/log/ltm.

Impact:
The configuration issued via tmsh command is rejected as invalid.

Recommended Action:
Reissue the tmsh command with a VLAN tag, which is less than or equal to 4094, and equal to or greater than 1.


01071bf1 : Vlan %s tag %d is out of range.

Location:
/var/log/ltm

Conditions:
When the user attempts via tmsh to configure a VLAN tag which is greater than 4094, the MCP validation code rejects the configuration and an error message is logged at /var/log/ltm.

Impact:
The configuration issued via a tmsh command is rejected as invalid.

Recommended Action:
Reissue the tmsh command with a VLAN tag, which is less than or equal to 4096.


01071bf6 : Cannot change FIPS name on busy guest: %s.

Location:
/var/log/ltm

Conditions:
The user tries to change the "fips-name" property of a vCMP guest configuration while the guest is running.

Impact:
The system does not allow the change operation because the guest might be actively using the FIPS partition referred to by the "fips-name" property. As a result, the configuration remains unmodified.

Recommended Action:
Before changing the "fips-name" property of the guest, disable the guest and wait until it stops running.


01071bf7 : Invalid URL format %s in CA-bundle manager %s. Check help page.

Location:
/var/log/ltm

Conditions:
The proxy server configuration on the CA-bundle manager object is restricted to use HTTP proxy.

Impact:
None.

Recommended Action:
The proxy server should be prefixed with HTTP or none.


01071bf8 : Bundle manager %s cannot use a certificate file object %s that depends on itself. This would cause a cyclic dependency.

Location:
/var/log/ltm

Conditions:
CA-bundle manager can be configured with other CA-bundles as sources. In this case, the newly created CA-bundle manager is trying to manage a CA-bundle file that eventually depends on itself. For example, CA-bundle manager A depends on a CA-bundle B managed by CA-bundle manager B, and B is in turn dependent on CA-bundle A.

Impact:
None.

Recommended Action:
Check the dependency relationship between the newly created CA-bundle manager and its included or excluded CA-bundle sources.


01071bf9 : CA-bundle management trace: CA-bundle %s depends on %s.

Location:
/var/log/ltm

Conditions:
CA-bundle manager can be configured with other CA-bundles as sources. In this case, the newly created CA-bundle manager is trying to manage a CA-bundle file, which eventually depends on itself. For example, CA-bundle manager A depends on a CA-bundle B, managed by CA-bundle manager B, and B is in turn dependent on CA-bundle A.

Impact:
None.

Recommended Action:
Check the dependency relationship between the newly created CA-bundle manager and its included or excluded CA-bundle sources.


01071bfa : CA-bundle manager %s does not exist.

Location:
/var/log/ltm

Conditions:
A database join operation refers to a CA-bundle manager that does not exist.

Impact:
None.

Recommended Action:
None.


01071bfb : The default CA-bundle manager %s cannot be deleted.

Location:
/var/log/ltm

Conditions:
The default CA-bundle manager called ca-bundle is being deleted.

Impact:
None.

Recommended Action:
The default CA-bundle manager called ca-bundle cannot be deleted.


01071bfc : The default CA-bundle manager %s cannot be changed.

Location:
/var/log/ltm

Conditions:
An attempt is being made to modify the default CA-bundle manager named ca-bundle.

Impact:
The default CA-bundle manager nameed ca-bundle cannot be modified.

Recommended Action:
None.


01071bfd : The default CA-bundle manager %s cannot change the exclude-url or exclude-bundle sets.

Location:
/var/log/ltm

Conditions:
The default CA-bundle manager called ca-bundle is being modified, regarding the exclude CA-bundles.

Impact:
None.

Recommended Action:
The default CA-bundle manager called ca-bundle cannot be modified.


01071bfe : The port number must be removed from %s, and set separately.

Location:
/var/log/ltm

Conditions:
The URL downloads in the CA-bundle manager configuration might use a proxy. The proxy server and port number are set separately.

Impact:
None.

Recommended Action:
The proxy server and port number are set separately using different attributes.


01071bfe : %s: %s can't be deleted because %s.

Location:
/var/log/ltm, GUI, tmsh

Conditions:
When a configuration object is not allowed to be deleted in the certain situation (described in the message), the error message will be triggered.

If this happens, the related configuration will not be updated.

Impact:
The related configuration will not be updated.

Recommended Action:
The fix that the reason described in the message as to why it cannot be deleted.


01071bff : The trusted CA-bundle must be provided in CA-bundle manager %s in order to download from URLs.

Location:
/var/log/ltm

Conditions:
The CA-bundle manager has an include or exclude URL source, but the trusted CA-bundle is not provided for downloading from the URL source.

Impact:
None.

Recommended Action:
When a CA-bundle manager refers to URL resource as a source, it must also provide the trusted CA-bundle.


01071c00 : The requested certificate file object %s for %s was not found.

Location:
/var/log/ltm

Conditions:
The certificate file object referred by the CA-bundle manager is not yet set up in the configuration database.

Impact:
Fail to set up the CA-bundle manager.

Recommended Action:
Create the proper certificate file object before referring to the object in the CA-bundle manager.


01071c01 : Object %s cannot be used in both include and exclude sets in CA-bundle manager %s.

Location:
/var/log/ltm

Conditions:
The same CA-bundle source, either from local file system or remote URL, is used as both include-source and exclude-source when users configure a CA-bundle manager.

Impact:
None.

Recommended Action:
Users must not use the same CA-bundle source as both include and exclude sources.


01071c02 : CA-bundle URL %s in CA-bundle manager %s only supports HTTPS.

Location:
/var/log/ltm

Conditions:
Users may try to use a CA-bundle manager to compose a new CA-bundle by downloading remote CA-bundle through HTTP or other protocols, such as SFTP.

Impact:
CA-bundle download methods other than HTTPS are disallowed.

Recommended Action:
Use a HTTPS URL.


01071c03 : F5 CA-bundle %s cannot be dynamically managed.

Location:
/var/log/ltm

Conditions:
User may try to create a CA-bundle manager that will manage the update operations of the CA-bundle f5-ca-bundle.crt.

Impact:
The special CA-bundle f5-ca-bundle.crt cannot be managed by the CA-bundle manager due to security reasons. It has to be updated manually, or by F5 official releases.

Recommended Action:
It is a required feature, not to be fixed.


01071c04 : Cannot find device group (%s).

Location:
/var/log/ltm

Conditions:
No device group is configured: needed for policy sync feature.

Impact:
Policy sync validation fails.

Recommended Action:
Create a device group and use it for policy sync.


01071c05 : Cannot find Policy Sync object definition file (%s).

Location:
/var/log/ltm

Conditions:
Cannot find data file(s) needed for the policy sync feature.

Impact:
Policy sync validation fails.

Recommended Action:
Configure data files to use for policy sync.


01071c06 : Cannot find Policy Sync object list file (%s).

Location:
/var/log/ltm

Conditions:
Cannot find the Policy Sync object list file.

Impact:
Policy sync validation fails.

Recommended Action:
Configure the Policy Sync object list file.


01071c07 : Cannot find Policy Sync data file (%s).

Location:
/var/log/ltm

Conditions:
Cannot find the Policy Sync data file.

Impact:
Policy sync validation fails.

Recommended Action:
Configure the Policy sync data file.


01071c08 : Cannot determine whether agent type %s is appropriate for access policy (%s) of type %s because it is not attached to apm profile access using access-policy property.

Location:
/var/log/ltm

Conditions:
Cannot determine whether agent type is appropriate for access policy because it is not attached to apm profile access using access-policy property.

Impact:
Access policy validation failure.

Recommended Action:
Attach access policy to access profile.


01071c0d : Default attribute consuming service (%s) must be present in the list 'attribute-consuming-services' of apm saml aaa (%s)

Location:
/var/log/ltm, tmsh, GUI

Conditions:
Misconfiguration.
An admin attempts to configure a default attribute consuming service in apm aaa saml object.
Selected 'default' attribute consuming service must be present in the list 'attribute-consuming-services' associated with apm aaa saml object. Error indicated that selected default value is not present in the list.

Impact:
This is mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
A 'default' attribute consuming service must be first configured in 'attribute-consuming-services' associated with apm aaa saml object. After that, the service can be selected as 'default'.


01071c0e : Attribute consuming service session variable and object cannot be configured at the same time in agent (%s)

Location:
/var/log/ltm, tmsh

Conditions:
Administrator attempts to change configuration on 'apm policy agent aaa-saml' object,
and set both properties 'attribute-consuming-service' and 'attr-consuming-service-session-var'.
This is not valid configuration.

Impact:
This is mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
Configure either 'attribute-consuming-service' or 'attr-consuming-service-session-var' property of 'apm policy agent aaa-saml' object.


01071c0f : Attribute consuming service variable (%s) in agent (%s) is not in session variable format

Location:
/var/log/ltm, tmsh

Conditions:
Administrator attempts to change configuration on 'apm policy agent aaa-saml' object,
and set property 'attr-consuming-service-session-var'. The provided value is not in valid format "%{session.var}".

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
The 'attr-consuming-service-session-var' must refer to a valid session variable, for example, "%{session.var}".


01071c10 : 'attribute-name' must be configured for attribute (%s) in attribute-consuming-service (%s)

Location:
/var/log/ltm, tmsh, GUI

Conditions:
An administrator attempts to configure 'apm saml attribute-consuming-service' object.
The object permits specifying list of attributes. Each attribute must have a unique 'attribute-name' property.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
Provide 'attribute-name' value for specified attribute.


01071c11 : All attribute names must be unique within attribute-consuming-service (%s). Provided attribute name (%s) is not unique

Location:
/var/log/ltm, tmsh, GUI

Conditions:
An administrator attempts to configure 'apm saml attribute-consuming-service' object.
The object permits specifying list of attributes. Each attribute must have a unique 'attribute-name' property.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
Provide a *unique* 'attribute-name' value for specified attribute.


01071c12 : attribute-consuming-service (%s) must specify at least one attribute

Location:
/var/log/ltm, tmsh, GUI

Conditions:
An administrator attempts to configure 'apm saml attribute-consuming-service' object.
The object permits specifying list of attributes. At least one attribute must be configured for every object.

Impact:
This is mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
Configure an attribute for specified attribute-consuming-service object.


01071c13 : attribute-consuming-service-index (%d) in aaa saml server (%s) conflicts with index of existing service (%s). Please provide unique index.

Location:
/var/log/ltm, tmsh

Conditions:
An administrator attempts to configure apm aaa saml object to modify a list of attribute consuming services. The explicitly provided index for attribute consuming service is not unique for said aaa saml object.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
Do not specify index when configuring a list of attribute consuming services in aaa saml object.
Index will be auto generated when not explicitly specified.
If index must be specified manually, provide a unique value for the index. Value must be unique per aaa saml object.


01071c14 : 'service-name' value must be configured in attribute-consuming-service (%s)

Location:
/var/log/ltm, tmsh, GUI

Conditions:
An administrator attempts to configure 'apm saml attribute-consuming-service' object.
The object requires non-empty value for property 'service-name', which was not provided resulting in error.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
Provide a value for 'service-name' property of attribute-consuming-service object.


01071c15 : aaa saml server must be configured before attribute consuming service can be specified

Location:
/var/log/ltm, tmsh, VPE UI

Conditions:
An administrator attempts to change configuration on 'apm policy agent aaa-saml' object,
and set property 'attribute-consuming-service', but aaa saml service has not been specified for this agent.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
Specify aaa saml server property for 'apm policy agent aaa-saml', and then provide value for 'attribute-consuming-service'.


01071c16 : SAML agent (%s) specifies attribute consuming service (%s) that is not configured in aaa saml server (%s)

Location:
/var/log/ltm, tmsh, VPE UI

Conditions:
An administrator attempts to change configuration on 'apm policy agent aaa-saml' object,
and set property 'attribute-consuming-service'.

However, the chosen 'attribute-consuming-service' object is not present in the list of services associated with specified aaa saml server.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
Add requested service in the list 'attribute-consuming-services' of aaa saml server.


01071c18 : Attribute consuming service (%s) cannot be removed from aaa saml server (%s) because service is set as default

Location:
/var/log/ltm, tmsh, GUI

Conditions:
Misconfiguration.
An admin attempts to delete a service from the list of 'attribute-consuming-services' associated with apm aaa saml object that is also configured as 'default' attribute consuming service for that apm aaa saml object. Error indicated that this configuration is not valid.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
The service must be removed as 'default' attribute consuming service for the apm aaa saml object first and then deleted from the list of 'attribute consuming services' associated with the apm aaa saml object.


01071c19 : The requested username source (%s) is not a valid session variable.

Location:
/var/log/ltm, tmsh, VPE UI

Conditions:
Admin can define multiple session variables for username source. If one of these session variables is not valid, this error occurs.

Impact:
Admin can't configure username source field. It is considered to be an mcp configuration error.

Recommended Action:
None.


01071c1a : The requested password source (%s) is not a valid session variable.

Location:
/var/log/ltm, tmsh, VPE UI

Conditions:
Admin can define multiple session variables for password source. If one of these session variables is not valid, this error will be thrown.

Impact:
Admin can't configure password source field. It is considered to be an mcp configuration error.

Recommended Action:
None.


01071c1b : Virtuals Servers in the same listener group can have different profiles. Modifying the profiles in the listener will not update the profiles in the Virtual Servers. To update the profiles in Virtual servers, modify the Virtual Servers individually.

Location:
Console, TMSH

Conditions:
Attempt to modify spm or subscriber management profile for a PEM listener.

Impact:
Modification of spm and subscriber management profile for the PEM listener is blocked.

Recommended Action:
User has to directly modify the virtual servers in the listener group, as suggested in the error message.


01071c1c : You cannot delete the nodejs version (%s).

Location:
/var/log/ltm

Conditions:
There is an attempt to delete the known nodejs versions maintained by MCPD. This action is not exposed via tmsh or the GUI; it is the result of a 'backdoor' attempt.

Impact:
None. The attempt tp change the node version is blocked.

Recommended Action:
None.


01071c1d : You cannot modify the nodejs version (%s).

Location:
/var/log/ltm

Conditions:
An attempt is made to modify the known nodejs versions maintained by MCPD. Since this action is not exposed via tmsh or the GUI, it is the result of a 'backdoor' attempt.

Impact:
None.

Recommended Action:
None.


01071c1e : Cannot perform Protocol inspection update: %s

Location:
/var/log/ltm

Conditions:
The Protocol Inspection module failed (load/install/delete) with the Update package.

Impact:
The Protocol Inspection update package action is not performed.

Recommended Action:
None.


01071c1f : Protocol Inspection compliance inspection %s requires valid value: %s

Location:
/var/log/ltm

Conditions:
attempt to set invalid compliance inspection value

The user runs the following tmsh command with an invalid compliance inspection value:
"modify security protocol-inspection profile <profile name> { services modify { <service name> { compliance modify { <compliance inspection name> { value <value> } }}}}"

Impact:
None.

Recommended Action:
Do not set an invalid compliance inspection value (for example, if the type of the compliance inspection value is integer and you to set some string value).


01071c20 : Too many Protocol Inspection profiles. Up to %d supported.

Location:
/var/log/ltm

Conditions:
The limit of the number of allowed Protocol Inspection profiles has been reached.

Impact:
No more Protocol Inspection profiles can be added.

Recommended Action:
Delete unused / obsolete / not needed Protocol Inspection Profiles.


01071c22 : Modifying predefined Protocol Inspection profiles are not allowed.

Location:
/var/log/ltm

Conditions:
An attempt has been made to modify an "protocol_inspection" predefined profile. An example is the use of any tmsh command which starts with "modify protocol-inspection profile <predefined profile name> ... ".

Impact:
None.

Recommended Action:
Do not modify following "protocol_inspection" predefined profiles: "protocol_inspection", "protocol_inspection_dns",and "protocol_inspection_http"


01071c23 : Creating predefined Protocol Inspection profiles are not allowed.

Location:
/var/log/ltm

Conditions:
An attempt has been made to create a "protocol_inspection" predefined profile from tmsh.

Impact:
Creating a "protocol_inspection" profile with the name of a predefined profile from tmsh is disallowed. Predefined profiles have names such as "protocol_inspection", "protocol_inspection_dns", and "protocol_inspection_http".

Recommended Action:
Do not create a profile that has the same name as a predefined profile.


01071c24 : Deleting predefined Protocol Inspection inspections are not allowed.

Location:
/var/log/ltm

Conditions:
An attempt has been made to delete a "protocol_inspection" predefined inspection.

Impact:
None.

Recommended Action:
Do not delete "protocol_inspection" predefined inspections.


01071c25 : Modifying predefined Protocol Inspection inspections are not allowed.

Location:
/var/log/ltm

Conditions:
An attempt has been made to modify "protocol_inspection" predefined inspections.

Impact:
None.

Recommended Action:
Do not modify predefined inspections. A user can modify user-defined signatures only.


01071c27 : Protocol Inspection internal error: %s.

Location:
/var/log/ltm

Conditions:
This is an internal error.

Impact:
The "protocol_inspection" module does not work properly.

Recommended Action:
None.


01071c28 : Invalid Protocol Inspection snort signature: %s.

Location:
/var/log/ltm

Conditions:
The user has run one of the following tmsh commands with an incorrect snort signature:
"create security protocol-inspection signature <sig name> { sig "<snort signature>" ... }"
"modify security protocol-inspection signature <sig name> { sig "<snort signature>" ... }"

Impact:
None.

Recommended Action:
Create correct signatures in valid snort format.


01071c2a : Creating/Modifying Protocol Inspection compliance enums are not allowed.

Location:
/var/log/ltm

Conditions:
An attempt has been made to create or modify "protocol_inspection" compliance enums.

Impact:
Creating or modifying "protocol_inspection" compliance enums is disallowed.

Recommended Action:
Do not create or modify "protocol_inspection" compliance enums.


01071c2b : Deleting Protocol Inspection services are not allowed.

Location:
/var/log/ltm

Conditions:
An attempt has been made to delete a "protocol_inspection" service.

Impact:
Deleting a "protocol_inspection" service is disallowed.

Recommended Action:
Do not delete a "protocol_inspection" service.


01071c2c : Creating/Modifying Protocol Inspection services are not allowed.

Location:
/var/log/ltm

Conditions:
An attempt has been made to create or modify a "protocol_inspection" service.

Impact:
Creating or modifying a "protocol_inspection" service is disallowed.

Recommended Action:
Do not create or modify a "protocol_inspection" service.


01071c2d : The VLAN (%s) tag is %u. The port-fwd-mode value of %s (%s) must be set to (%s).

Location:
/var/log/ltm

Conditions:
This is caused by an invalid configuration; a VLAN with the tag 'any.' The VLAN member must have the port-fwd-mode set to 'l2wire.'

Impact:
None.

Recommended Action:
Inspect the relevant object configuration in VLAN, trunk, and interface. You can add an interface with port-fwd-mode set to 'l2wire' to a VLAN with a tag 'any.' You can also add a trunk with interface members with a port-fwd-mode set to 'l2wire' to a VLAN with the tag 'any.'


01071c2e : The VLAN (%s) can have at most %u member because member (%s) port-fwd-mode value is (%s).

Location:
/var/log/ltm

Conditions:
A VLAN to which you assign an interface or trunk with the port-fwd-mode property set to 'l2wire' can have a maximum of one member.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration for the VLAN, trunk, and interface. Don't add more than one member to the VLAN if a VLAN member (interface) has the port-fwd-mode property set to 'l2wire'.


01071c2f : The requested VLANGROUP (%s) can have at most %u member(s) because VLAN members have virtual-wire members.

Location:
/var/log/ltm

Conditions:
The configuration is invalid. A VLAN group containing VLANs with visual-wire members can have at most 2 VLANs.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration in the VLAN group, VLAN, trunk, and interface. Don't add more than 2 VLANs to a VLAN group if a VLAN has virtual wire members.


01071c30 : Vlan (%s) is not compatible with member vlan in VLANGROUP (%s).

Location:
/var/log/ltm

Conditions:
The configuration is invalid. The VLANs in a VLAN group must contain interfaces for which the value of the forwarding mode property is the same.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration in VLAN group, VLAN, trunk, and interface. Modify VLANs in the same VLAN group so that all interfaces have the same value for the forwarding mode property.


01071c31 : The VLANGROUP (%s) mode and the VLAN (%s) member (%s) port-fwd-mode are not compatible.

Location:
/var/log/ltm

Conditions:
The configuration is invalid. The mode of the VLAN group is not set to 'virtual wire', even though the VLAN member being added to the VLAN group consists of interfaces with the forwarding mode property set to 'virtual wire'.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration in VLAN group, VLAN, trunk, and interface. Change the mode of the VLAN group to 'virtual wire' when adding a VLAN that contains an interface with the forwarding mode property set to 'virtual wire'.


01071c32 : The VLANs must have the same tag in VLANGROUP (%s) when they have l2wire member.

Location:
/var/log/ltm

Conditions:
The configuration is invalid. The VLAN group contains VLANs that include a trunk or an interface with the forwarding mode property set to 'virtual wire', but the tags for the VLANs do not match.

Impact:
None.

Recommended Action:
Modify or re-create the VLANs with the same tag before adding the VLANs to the same VLAN group.


01071c32 : The VLANs must have the same tag in VLANGROUP (%s) when they have virtual-wire member.

Location:
/var/log/ltm

Conditions:
The message is caused by an invalid configuration. When vlan-group consists of vlans, which consist of trunks or interfaces with port-fwd-mode set to 'virtual-wire', the vlans must have the same tag.

Impact:
None.

Recommended Action:
Modify or re-create the vlans with the same tag, before adding them to the same vlan-group.


01071c33 : The VLAN (%s) tag (%u) cannot be modified %s '4096'.

Location:
/var/log/ltm

Conditions:
You cannot change the VLAN tag of an existing VLAN from the special tag 4096 to a numeric tag, or from a numeric tag to the special tag 4096.

Impact:
None.

Recommended Action:
Delete the VLAN and re-create the VLAN with the new tag.


01071c34 : The requested member (%s) is already configured as a member of VLAN (%s) with tag (%d). A member can belong to only one VLAN for a given tag.

Location:
/var/log/ltm

Conditions:
The configuration is invalid. The system attempted to assign the same 'virtual wire' interface, either tagged or untagged, to more than one VLAN.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration in VLAN group, VLAN, trunk, and interface. Do not attempt to add the same 'virtual wire' interface to more than one VLAN.


01071c34 : The requested member (%s) is already configured as a member of VLAN (%s) with tag (%u). A member can belong to only one VLAN for a given tag.

Location:
/var/log/ltm

Conditions:
This message is caused by an invalid configuration. A 'virtual-wire' interface can be a member of at most one VLAN. It cannot be a member of another VLAN, no matter it is tagged or untagged.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration in vlan, trunk, and interface. Don't add a 'virtual-wire' interface to more than one VLAN.


01071c35 : The VLAN (%s) has %s interface while the VLAN (%s) has %s interface. Interfaces of VLANs that are in the same 'virtual-wire' VLANGROUP (%s) must have the same taggedness.

Location:
/var/log/ltm

Conditions:
The VLANs that are members of the VLAN group do not have the same VLAN tag.

Impact:
The VLAN configuration is invalid.

Recommended Action:
Inspect the relevant object configuration in the VLAN group, VLAN, trunk, and interface. Change the configuration to ensure matching tags for the VLANs in the VLAN group.


01071c36 : The SelfIP (%s) cannot associate with %s (%s) with (%s) interface.

Location:
/var/log/ltm

Conditions:
The system has an invalid configuration. The self IP address can only be associated with a VLAN or VLAN group that has either a Layer 3 interface or no interface. The self IP address cannot be associated with a VLAN or VLAN group that has an interface with its forwarding mode set to Passive or Virtual Wire.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration in the VLAN group, VLAN, and self IP address. Do not associate self IP address with a VLAN or VLAN group with a Passive or Virtual Wire interface.


01071c37 : %s: %s is not supported on this platform (%s).

Location:
/var/log/ltm

Conditions:
The configuration is invalid based on platform attributes. There are values in the field of this object that are not supported on certain platforms.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration that causes the error.


01071c38 : Rule Profiler object %s requires log publisher to be specified.

Location:
/var/log/ltm

Conditions:
The system is attempting to create an iRule profiler (tracer) without a log publisher and attempting to remove a log publisher from an iRule profiler (tracer).

Impact:
The iRule profiler (tracer) configuration cannot be created or modified.
Tracing iRules will not be possible.

Recommended Action:
Repeat the configuration operation, specifying a valid log publisher.


01071c38 : Modify of ephemeral %s (%s) is not permitted.

Location:
/var/log/ltm

Conditions:
User-initiated action (such as through 'tmsh') attempted to modify an ephemeral node, which is not allowed. Ephemeral nodes are created as a result of a DNS resolve operation, which creates an ephemeral node that maintains the configuration established through its parent FQDN template.

Impact:
No action occurred, and the configuration is unchanged. No further user action is necessary.

Recommended Action:
Instead of trying to modify a specific ephemeral node, the user may modify the FQDN template that is used to create ephemeral nodes, at which point the configuration changes will propagate to all existing and future ephemeral nodes that are created from that FQDN template.


01071c3a : Route MTU for (%s) below minimum %u.

Location:
/var/log/ltm

Conditions:
When creating a static route with an MTU below the minimum value of 68.

Impact:
An exception aborts the creation of static route.

Recommended Action:
Correct the MTU value to be above 68.


01071c52 : Routing object (%s) cannot have both items: %s.

Location:
TMSH

Conditions:
This will occur if there is an attempt to have a routing object reference two objects that cannot be referenced at the same time.

Impact:
The user will not be able to have the object being configured reference both of the objects which are not allowed to be referenced at the same time. The user must choose either one or neither of the objects to reference.

Recommended Action:
Reference either one or neither of the objects attempting to be referenced.


01071c55 : Invalid as-path (%s): %s.

Location:
TMSH

Conditions:
This will occur if there is an attempt to create an invalid AS-Path object.

Impact:
The user will not be able to create the AS-Path object as configured.

Recommended Action:
Create the AS-Path object with valid values.


01071c56 : Invalid as-path entry (%s) for as-path (%s): %s.

Location:
TMSH

Conditions:
This will occur if there is an attempt to create an invalid AS-Path entry object.

Impact:
The user will not be able to create the AS-Path entry object as configured.

Recommended Action:
Create the AS-Path entry object with valid values.


01071c58 : Virtual server %s is in ALG mode. Must not use static source translation, as used by attached profile %s.

Location:
gui, cli (tmsh), /var/log/ltm

Conditions:
You have attempted to configure a virtual server in MRF mode with Application Level Gateway enabled on the router profile and a security nat policy with static source translation.

Impact:
Configuration will not load until it is corrected.

Recommended Action:
None.


01071c5c : Cannot disable AJAX encryption for URL '%s' while parameter '%s' has AJAX mapping enabled in the Anti-Fraud profile '%s'.

Location:
/var/log/ltm, GUI

Conditions:
Improper FPS URL configuration.

Impact:
Configuration will not load.

Recommended Action:
Disable parameter AJAX mapping before disabling AJAX encryption.


01071c5d : Anti-Fraud parameter '%s' is invalid. AJAX mapping '%s' for parameter cannot start or end with a '.' in the Anti-Fraud profile '%s' (Anti-Fraud URL: '%s').

Location:
tmsh, GUI

Conditions:
Trying to set invalid JSON path.

Impact:
Configuration will fail.

Recommended Action:
Set a valid JSON path.


01071c5e : AJAX mapping for parameter '%s' requires POST method and either 1. AJAX encryption and either value substitution or Real-Time Encryption or parameter encryption enabled 2. Full and Enhanced AJAX Data Manipulation Check enabled in the Anti-Fraud profile '%s'.

Location:
/var/log/ltm, GUI

Conditions:
Improper FPS profile configuration.

Impact:
Configuration will not load.

Recommended Action:
Either enable AJAX encryption or parameter value substitution.


01071c60 : DynaD private key generation failed ('%s').

Location:
/var/log/ltm

Conditions:
Out-of-memory or internal OpenSSL failure.

Impact:
Encrypted DynaD instrumentation may fail to execute.

Recommended Action:
Consider restarting mcpd.


01071c61 : DynaD public key generation failed ('%s').

Location:
/var/log/ltm

Conditions:
Out-of-memory or OpenSSL error, invalid private key, and a bad public key (/var/lib/dynad/tmm.dynad.pub).

Impact:
Encrypted DynaD instrumentation may fail to execute

Recommended Action:
Multiple options (1) consider reloading the configuration, (2) deleting "sys dynad key" element from BIG-IP_base.conf, reload configuration, and (3) consider re-installing the software image.


01071c62 : DynaD failed to decrypt private key. Re-generating.

Location:
/var/log/ltm

Conditions:
This may occur if there is (1) a bad dynad key value (BIG-IP_base.conf:sys dynad key), or (2) a master-key mis-match.

Impact:
May be unable to execute encrypted DynaD instrumentation.

Recommended Action:
(1) Delete a key from BIG-IP_base.conf; reload configuration. (2) Restore the old master-key (https://support.f5.com/csp/article/K9420).


01071c63 : DynaD development mode requires an F5 development license.

Location:
/var/log/ltm

Conditions:
An attempt was made to enable dynad development-mode without a development license.

Impact:
dynad development-mode will remain disabled.

Recommended Action:
Obtain a development license.


01071c64 : DynaD signature verification failed ('%s').

Location:
/var/log/ltm

Conditions:
This message can occur due to:
a) Bad signature (invalid or does not match /var/lib/dynad/tmm.pub.key value)
b) Memory failure
c) System error (failure to read file)

Impact:
DynaD instrumentation signature could not be verified and will not be executed.

Recommended Action:
Contact support.


01071c65 : DynaD cannot activate unsigned instrumentation.

Location:
/var/log/ltm, console

Conditions:
DynaD instrumentation signature could not be verified (warning).

Impact:
DynaD instrumentation will not be activated. Full error details will be logged to /var/log/ltm.

Recommended Action:
Refer to recommended action for error found in /var/log/ltm. Consider contacting support.


01071c66 : The VLAN (%s) member (%s) must be tagged when the tag is '4096'.

Location:
/var/log/ltm

Conditions:
The configuration is invalid. When a VLAN has the special tag 4096, the VLAN member can only be configured as a tagged interface.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration in the VLAN. Specify the VLAN interface as tagged when the VLAN tag is 4096.


01071c67 : The PEM rating group id needs to be greater than Zero. Rating group %s cannot use rating group id %d because it is invalid.

Location:
GUI, TMSH, /var/log/ltm

Conditions:
Occurs if the Rating group id field is set to Zero

Impact:
Configuration will be aborted, if rating group id field is set to zero while configuration.

Recommended Action:
Provide a valid rating group id (greater than 0).


01071c68 : Profile %s's SSL client certificate constrained delegation CA key is missing.

Location:
GUI, tmsh shell, iControl shell

Conditions:
When client certificate constrained delegation is enabled on one server-ssl profile, with client certificate constrained delegation CA key not configured.

Impact:
The client certificate constrained delegation cannot be enabled on this server-ssl until the user configures client certificate constrained delegation CA key.

Recommended Action:
None.


01071c69 : Profile %s's SSL client certificate constrained delegation CA cert is missing.

Location:
GUI, tmsh shell, iControl shell

Conditions:
When client certificate constrained delegation is enabled on one server-ssl profile, with client certificate constrained delegation CA certificate not configured.

Impact:
The client certificate constrained delegation cannot be enabled on this server-ssl until the user configures client certificate constrained delegation CA certificate.

Recommended Action:
None.


01071c6a : Profile %s's SSL client certificate constrained delegation peer-cert-mode is invalid.

Location:
GUI, tmsh shell, iControl shell

Conditions:
When client certificate constrained delegation is enabled on one client-ssl profile, and peer certificate mode not "request" or "require".

Impact:
The client certificate constrained delegation cannot be enabled on this client-ssl profile until the user configures peer certificate mode to "request" or "require".

Recommended Action:
None.


01071c6b : Profile %s supports only RSA key and certificate for SSL client certificate constrained delegation.

Location:
GUI, tmsh shell, iControl shell

Conditions:
When client certificate constrained delegation is enabled on one server-ssl profile, with client certificate constrained delegation CA key/certificate not RSA based.

Impact:
The client certificate constrained delegation cannot be enabled on this server-ssl until the user configures client certificate constrained delegation CA key/certificate with RSA type.

Recommended Action:
None.


01071c6c : Profile %s's SSL client certificate constrained delegation key is missing.

Location:
GUI, CLI, iControl

Conditions:
Client certificate constrained delegation is configured on one Server SSL profile and an RSA key and certificate are not configured.

Impact:
The client certificate constrained delegation cannot be enabled on this Server SSL profile.

Recommended Action:
Configure one RSA key and certificate.


01071c6d : Profile %s's SSL client certificate constrained delegation CA key and certificate do not match

Location:
/var/log/ltm

Conditions:
When configuring a server SSL profile for 'client certificate constrained delegation (C3D)', the configured CA key does not match the configured CA certificate.

Impact:
This is a new log message for C3D.

Recommended Action:
None.


01071c6e : PKCS11d (re)initialized. Re-connecting to network-HSM PKCS11d.

Location:
/var/log/ltm

Conditions:
The PKCS11d daemon is restarting.

Impact:
The message is benign and used to log the PKCS11d restart, so there is no impact.

Recommended Action:
None.


01071c72 : Policy '%s', rule '%s'; %s SSL server profile %s not found.

Location:
/var/log/ltm, tmsh, GUI

Conditions:
Condition occurs when a server SSL profile is specified but a matching profile is not found in the BIG-IP system. Check spelling. The command to find the list of known SSL server profiles is:
    tmsh list ltm profile server-ssl

Impact:
The create/change operation fails.

Recommended Action:
Try again specifying a known SSL server profile. A list of the known SSL server profiles can be found using the following tmsh command:
    tmsh list ltm profile server-ssl


01071c73 : F5 Service Connector %s validation error: %s.

Location:
/var/log/ltm

Conditions:
An F5 Service Connector validation error has occurred and is caused by any of these conditions:
- The name is already used.
- An SSL Server profile is missing or doesn't exist.
- A DNS resolver is missing or doesn't exist.
- An object cannot be deleted because it is referenced by an F5 MFA Configuration object.

Impact:
The system does not apply the configuration changes.

Recommended Action:
Depending on system conditions, you can take any of these actions:
- Use another name.
- Use an existing SSL Server profile.
- Use an existing DNS resolver.
- Delete a corresponding F5 MFA Configuration object first.


01071c74 : F5 MFA Configuration %s validation error: %s.

Location:
/var/log/ltm

Conditions:
An F5 MFA Configuration validation error has occurred and is caused by any of these conditions:
- The name is already used.
- Am F5 Service Connector is missing or doesn't exist.
- An allowed device type isn't specified.
- The SMS template doesn't contain the session variable %{session.f5_mfa.device_registration.registration_url}
- The object cannot be deleted because it is referenced by an F5 MFA User Verification agent or by F5 MFA Device Registration.

Impact:
The system does not apply the configuration changes.

Recommended Action:
Depending on system conditions, you can take any of these actions:
- Use another name.
- Use an existing F5 Service Connector name.
- Specify at least one allowed device type.
- Add the session variable %{session.f5_mfa.device_registration.registration_url} to the SMS template.
- Delete the corresponding agent or agents first.


01071c75 : F5 MFA User Verification Agent %s validation error: %s.

Location:
/var/log/ltm

Conditions:
An F5 MFA User Verification validation error has occurred and is caused by any of these conditions:
- The name is already used.
- A customization group is missing or has an incorrect type.

Impact:
The system does not apply the configuration changes.

Recommended Action:
Depending on system conditions, you can take any of these actions:
- Use another name.
- Use the name of an existing customization group of type aaa-f5-mfa-user-verification.


01071c76 : F5 MFA Device Registration Agent %s validation error: %s.

Location:
/var/log/ltm

Conditions:
An F5 MFA Device Registration Agent validation error has occurred and is caused by any of these conditions:
- The name is already used.
- A customization group is missing or has an incorrect type.

Impact:
The system does not apply the configuration changes.

Recommended Action:
Depending on system conditions, you can take any of these actions:
- Use another name.
- Use the name of an existing customization group of type aaa-f5-mfa-device-registration.


01071c77 : Issuer is required for JWT config (%s).

Location:
/var/log/apm, GUI, CLI

Conditions:
The issuer is not configured for JWT configObject.

Impact:
A save operation on an object or a configuration load operation fails.

Recommended Action:
Configure an issuer in JWT configObject.


01071c78 : Invalid %s (%s) in JWT config (%s). The value %s.

Location:
/var/log/apm, GUI, CLI

Conditions:
There is an invalid URI for issuer or JWKS URI attribute in JWT Config

Impact:
A save operation on an object or a configuration load operation fails.

Recommended Action:
Configure a valid URI.


01071c79 : Self-issued token is not allowed (%s) for JWT config (%s).

Location:
/var/log/apm, GUI, CLI

Conditions:
The issuer is configured to use a self-issued value ("https://self-issued.me") in a JWT configuration.

Impact:
A save operation on an object or a configuration load operation fails.

Recommended Action:
Use a valid issuer in the JWT Configuration.


01071c7a : In JWT config (%s), same signing algorithm is present in both allowed signing algorithms and blocked signing algorithms. This is not allowed.

Location:
/var/log/apm, GUI, CLI

Conditions:
The same signing algorithm is configured in both the allowed signing algorithms and the blocked signing algorithms in a JWT configuration.

Impact:
The save operation on an object or a configuration load operation fails.

Recommended Action:
Remove the same signing algorithm from the allowed signing algorithms or the blocked signing algorithms configuration in the JWT config.


01071c7b : OAuth Provider (%s) references OAuth JWT Config (%s) that does not exist.

Location:
This error will be logged in /var/log/apm. It will appear in TMSH/TMUI

Conditions:
JWT config in OAuth Provider is invalid/ does not exist.

Impact:
Object save/Configuration load will fail.

Recommended Action:
Use a valid JWT config in OAuth Provider.


01071c7c : When key-type is '%s', '%s' must be present for jwk-config (%s).

Location:
/var/log/apm, tmsh

Conditions:
Required fields are not present, or wrong key type specified.

Impact:
Configuration load will fail. Object save will fail.

Recommended Action:
Correct the invalid configuration.


01071c7d : The JWK config (%s) with key-type '%s' cannot contain an empty '%s'.

Location:
/var/log/apm,TMSH,GUI

Conditions:
Required fields are not present.

Impact:
Object save and Configuration Load will fail.

Recommended Action:
Fill in required fields.


01071c7e : The field (%s) is not relevant to key-type '%s' and thus cannot be present for jwk-config (%s).

Location:
/var/log/ltm, TMSH

Conditions:
Fields relevant to other key types are present.

Impact:
Configuration load and object save will fail.

Recommended Action:
Remove irrelevant fields.


01071c7f : Certificate key file must be referenced when passphrase is present for jwk-config (%s).

Location:
TMSH, GUI

Conditions:
While creating/modifying a JWK object, this error message will appear if a passphrase is specified but a certificate key is not.

Impact:
This JWK object creation/modification will not succeed.

Recommended Action:
Specify a certificate key reference.


01071c80 : JWT access token lifetime (%u) for %s (%s) must be in range of (%u-%u).

Location:
/var/log/ltm, GUI, TMSH console

Conditions:
The error occurs when the admin sets the JWT access token lifetime out of its valid range. Both the OAuth profile and the Client App configuration have a JWT access token lifetime setting.

Impact:
The out of range lifetime value will be rejected.

Recommended Action:
The admin should set the JWT access token lifetime within its valid range indicated by the error message.


01071c81 : JWT refresh token lifetime (%u) for %s (%s) must be in range of (%u-%u).

Location:
/var/log/ltm, GUI, TMSH console

Conditions:
The error happens when the admin sets the JWT refresh token lifetime out of its valid range. Both the OAuth profile and the Client App configuration have a JWT refresh token lifetime setting.

Impact:
The out of range value will be rejected.

Recommended Action:
The admin should set the JWT refresh token lifetime within its valid range indicated by the error message.


01071c82 : OpenID Connect Configuration Endpoint URL (%s) for %s (%s) must end with (%s).

Location:
/var/log/ltm, GUI, TMSH console

Conditions:
Per RFC specification, some URLs used in OpenID Connect must end with certain pattern, such as, the well-known endpoint must end with "/.well-known/openid-configuration". This error occurs if this kind of requirement is not met.

Impact:
The URL entered by the admin will not be accepted.

Recommended Action:
The admin should correct the URL per requirement.


01071c83 : (%s) (%s) load failed due to %s

Location:
/var/log/ltm, CLI

Conditions:
1) Mismatch between x5tsha1 in certificate and the value specified in object.
2) Mismatch between x5tsha256 in certificate and the value specified in object.
3) Mismatch between modulus in certificate and the value specified in object.
4) Mismatch between public exponent in certificate and the value specified in object.
5) Mismatch between x coordinate in certificate and the value specified in object.
6) Mismatch between y coordinate in certificate and the value specified in object.
7) Mismatch between curve in certificate and the value specified in object.
8) RSA load failed for specified certificate.
9) Elliptic curve load failed for specified certificate.
10) Elliptic Curve Point load failed for specified certificate.
11) Elliptic Curve group failed for specified certificate.
12) Elliptic Curve Group NID not supported.
13) Extraction of EC key coordinates failed.
14) Failed to allocate BIO for specified certificate.
15) Failed to write BIO for specified certificate.
16) Failed to get BIO memory pointer for specified certificate.
17) Certificate begin marker not found in certificate.
18) Certificate end marker not found in certificate.
19) Certificate file path does not exist.
20) OpenSSL API failed for certificate.
21) Certificate public key load failed.
22) Certificate key file path does not exist.

Impact:
The JWK configuration is not saved.

Recommended Action:
Change the incorrect values based on the error message and save the object.


01071c85 : (%s) key-type (%u) does not match certificate (%s) type (%u).

Location:
/var/log/ltm

Conditions:
While creating or modifying OAuth JWK Config, the prerequisite condition is the specification of certificate object and mismatched key-type value. Condition 1: The specified key-type is rsa , and providing a certificate of non-rsa type. OR Condition 2: The specified key-type is elliptic-curve, and providing a certificate of non-elliptic-curve type.

Impact:
The creation or modification of the OAuth JWK Config object would fail.

Recommended Action:
Provide the certificate of type matching the specified key-type value. If the provided certificate is of type rsa, specify key-type as rsa. Or if the provided certificate is of type elliptic-curve, specify key-type as elliptic-curve.


01071c86 : The %s must be provided in base64url encoded format for jwk-config (%s).

Location:
/var/log/ltm, GUI, TMSH console

Conditions:
If this occurs, some field in the JWK configuration, such as the shared-secret, the modulus, or the public-exponent, etc., is not properly encoded in BASE64URL format.

Impact:
It might indicate that the configuration is corrupted or manually entered incorrectly.

Recommended Action:
Enter the indicated field correctly. In case of data corruption, delete the JWK configuration, and recreate it from scratch, if necessary.


01071c87 : The claim name (%s) of claim (%s) cannot contain spaces.

Location:
/var/log/apm, TMSH, GUI

Conditions:
While creating or modifying an OAuth Claim object. This occurs when the claim name contains spaces.

Impact:
Object cannot be saved.

Recommended Action:
Choose a claim name without spaces while creating or modifying OAuth claim.


01071c88 : The word (%s) is a reserved word and cannot be used as claim name for the claim (%s).

Location:
/var/log/apm, TMSH

Conditions:
The word that is used as a claim name for OAuth Claim is a reserved word and must not be used.

Impact:
Object creation or modification will fail.

Recommended Action:
Use a different word as a claim name for OAuth Claim.


01071c89 : The %s claim name (%s) is already in use by agent %s for this entry.

Location:
/var/log/apm, TMSH

Conditions:
When the same claim is configured again for a particular entry in the OAuth Authorization agent.

Impact:
Object save will fail.

Recommended Action:
A claim can be configured only once for a particular entry in the OAuth Authorization agent.


01071c8a : The %s claim (%s) that is associated with the %s (%s) does not exist. If this error appears during import access profile, then the claim-name in the claim already exists on this BIG-IP as part of another claim object. You may want to edit the existing claim and retry importing access profile.

Location:
/var/log/apm, TMSH

Conditions:
The JWT access token claim that is specified either in the OAuth Client App or in the OAuth Profile is not created under OAuth Claim.

Impact:
Object save will fail.

Recommended Action:
Create the claim under OAuth claim before referencing in the OAuth Client App or OAuth Profile.


01071c8b : The %s claim name cannot be empty for OAuth Authorization agent %s.

Location:
/var/log/apm, TMSH, GUI

Conditions:
This error will occur when the oauth authorization agent contains a claim entry with empty claim name during creating or modification.

Impact:
The object will not be saved.

Recommended Action:
Create the oauth authz agent correctly by specifying claim name for the claim entry.


01071c8c : %s claim name (%s) associated with OAuth Authorization agent (%s) is not defined under OAuth claim. If this error appears during import access profile, then the claim-name in the claim already exists on this BIG-IP as part of another claim object. You may want to edit the existing claim and retry importing access profile.

Location:
/var/log/apm, TMSH

Conditions:
If the claim referenced in the OAuth Authorization agent is not created under OAuth Claim, this error will be seen.

Impact:
Object save will fail.

Recommended Action:
Create the claim under OAuth Claim first, and then it can be referenced in the OAuth Authorization agent.


01071c8d : %s cannot be empty because %s for %s (%s).

Location:
/var/log/ltm, GUI, TMSH console

Conditions:
The error happens when some field is required by the OAuth profile configuration and it is empty. For example, the Issuer field is required when JWT support is enabled, or the DB Instance field is required when opaque token support is enabled.

Impact:
Admin not able the enable JWT support or opaque token support if those required fields are missing.

Recommended Action:
Fill in those required fields as indicated in the error message.


01071c8e : %s in %s (%s) is not an allowed URL: %s

Location:
/var/log/ltm, GUI, TMSH console

Conditions:
The error happens when the admin enters a mal-formatted URL for a field that requires a URL, such as the Issuer in an OAuth profile.

Impact:
None.

Recommended Action:
The admin should fix his URL to be a properly formatted URL.


01071c8f : The %s (%s) associated to %s (%s) is not a valid %s.

Location:
/var/log/ltm

Conditions:
Either the OAuth profile name or the JWK config name under Additional JWK for JWKS URI setting is invalid.

Impact:
Change the key use setting in the JWK configuration in the OAuth profile to signing.

Recommended Action:
Make sure that the JWK configuration under Additional JWK for JWKS URI setting in the OAuth profile exists in the JWK configuration list.


01071c90 : JWT config %s to be associated with JWK config (allowed keys) %s does not exist.

Location:
/var/log/apm, GUI, CLI

Conditions:
Allowed keys are configured for an invalid JWT config.

Impact:
The save operation on an object or a configuration load operation fails.

Recommended Action:
Configure allowed keys for a valid JWT config and save the object.


01071c91 : In JWT config %s, allowed keys '%s' do not exist. Use a valid JWK config for allowed keys.

Location:
/var/log/apm, GUI, CLI

Conditions:
An invalid JWK configuration is used for allowed keys in a JWT config.

Impact:
The save operation on an object or a configuration load operation fails.

Recommended Action:
Use a valid JWK configuration for allowed keys and save the object.


01071c92 : In JWT config (%s), the same JWK config (%s) is present in both allowed keys and blocked keys. This is not allowed.

Location:
/var/log/apm, GUI, CLI

Conditions:
The same JWK configuration is present in both allowed keys and blocked keys in JWT Config.

Impact:
The save operation on an object or a configuration load operation fails.

Recommended Action:
Remove the duplicate JWK configuration from allowed keys or blocked keys in JWT Config and save the object.


01071c93 : JWT config %s to be associated with JWK config (blocked keys) %s does not exist.

Location:
/var/log/ltm, CLI

Conditions:
Blocked keys are associated with an invalid JWT Config.

Impact:
The save operation on an object or a configuration load operation fails.

Recommended Action:
Configure blocked keys for a valid JWT Config and save the object.


01071c94 : In JWT config (%s), blocked keys '%s' do not exist. Use a valid JWK config for blocked keys

Location:
/var/log/apm, GUI, CLI

Conditions:
An invalid JWK config is used for blocked keys in JWT Config.

Impact:
The save operation on an object or a configuration load operation fails.

Recommended Action:
Use a valid JWK Config to configure blocked keys in JWT Config and save the object.


01071c95 : JWT Provider List %s to be associated with OAuth Provider %s does not exist.

Location:
/var/log/apm, GUI, CLI

Conditions:
There is an OAuth provider configuration for an invalid JWT provider List.

Impact:
The save operation on an object or a configuration load operation fails.

Recommended Action:
Try to configure OAuth Provider in a valid JWT Provider List only and then save the configuration.


01071c96 : In JWT Provider List %s, OAuth Provider %s does not exist. Use a valid OAuth Provider for providers attribute.

Location:
/var/log/apm, GUI, CLI

Conditions:
An invalid OAuth Provider is configured for the providers attribute in JWT Provider List.

Impact:
The save operation on an object or a configuration load operation fails.

Recommended Action:
Use a valid OAuth Provider for the providers attribute in JWT Provider List and save the object.


01071c97 : Error generating JWT encryption key using secret.

Location:
/var/log/ltm, GUI, TMSH console

Conditions:
This error occurs when an openssl function (not F5 software), PKCS5_PBKDF2_HMAC_SHA1, failed.

Impact:
The admin should never see this error. If it really happens, it is possible that the OS environment/file system might be corrupted.

Recommended Action:
Suggest the admin to try again. If the same error occurs, restart the BIG-IP system. If the same error still occurs, reinstall the software image.


01071c98 : The JWK config (%s) associated to %s (%s) can contain public key types only (such as, rsa, elliptic-curve).

Location:
/var/log/ltm

Conditions:
Under OAuth profile settings, rotation-key(tmui) or additional-jwk-for-jwks-uri(tmsh) includes a JWK config pointing to non public-key type and/or algorithm. Using JWK config with 'octet' key-type will lead to this configuration error.

Impact:
Configuration changes leading to this error will remain ineffective.

Recommended Action:
For rotation-key(tmui) or additional-jwk-for-jwks-uri(tmsh) use JWK config containing public key-type or algorithm. This includes RSA, Elliptic-Curve key types/algorithms.


01071c99 : The OAuth profile (%s) does not allow JWK config (%s) with duplicate key-id (%s) of type (%s).

Location:
/var/log/ltm

Conditions:
OAuth profile allows configuring the JWK config, and additional JWK for JWKS URI config for JWKS URI. If the entries configured in these entries contains a JWK setting with the same key-id and algorithm type, this error will be shown.

Impact:
Configuration changes leading to this error will remain ineffective.

Recommended Action:
* Disassociate all JWK settings containing a duplicate key-id mentioned in the error that is attached to one of JWK or additional JWK setting on OAuth profile.
* Modify the key-id of the JWK config mentioned in the error message leading to this error.


01071c9a : The JWK config (%s) containing algorithm (%s) does not match key type (%s).

Location:
/var/log/ltm

Conditions:
The signing algorithm in a given JWK config doesn't match the selected key-type.

Impact:
Configuration changes leading to this error will remain ineffective.

Recommended Action:
* For key-type rsa, valid algorithm types can be RS256, RS384 or RS512
* For key-type octet, valid algorithm types can be HS256, HS384 or HS512
* For key-type elliptic-curve, valid algorithm types can be ES256, ES384


01071c9b : The JWK config (%s) associated to %s (%s) contains an invalid signing algorithm.

Location:
/var/log/ltm

Conditions:
The JWK config assigned to the OAuth profile includes invalid signing algorithm (none).

Impact:
Configuration changes leading to this error will remain ineffective.

Recommended Action:
A JWK config containing a 'none' signing algorithm is not allowed to be assigned to OAuth profile. Change JWK config signing algorithm to RS, HS, or ES type signing algorithms to get past this error.


01071c9c : The JWK config (%s) associated to %s (%s) can only be used for signing.

Location:
/var/log/ltm

Conditions:
The JWK config in the OAuth profile contains key use setting set to encryption. At this time, only signing is supported for key usage.

Impact:
Configuration changes leading to this error will remain ineffective.

Recommended Action:
Change key use setting in the JWK config in the OAuth profile to signing.


01071c9d : The JWK config (%s) associated to %s (%s) requires certificate key configuration.

Location:
/var/log/ltm

Conditions:
A JWK config can be created without specifying a certificate-key value. However, a JWK config without certificate-key cannot be used by a OAuth profile for token signing. A JWK config used by OAuth AS must contain certificate-key value.

Impact:
Configuration changes leading to this error will remain ineffective.

Recommended Action:
Fix the JWK config to contain a certificate-key value, and then associate the created JWK config to the OAuth profile for JWT signing.


01071c9e : The encryption secret is needed to generate an encryption key for OAuth profile (%s).

Location:
/var/log/ltm, GUI, TMSH console

Conditions:
When the admin enables the JWT support for the first time in an OAuth profile, and does not provide an encryption secret, this error occurs.

Impact:
The JWT support will not be enabled. If it is the creation of an OAuth profile, the profile will not be created.

Recommended Action:
The admin should give an non-empty encryption secret.


01071c9f : Allowed signing algorithms list cannot be empty in JWT config (%s) for Issuer (%s).

Location:
/var/log/apm, TMSH, GUI

Conditions:
Allowed signing algorithms list has been left empty.

Impact:
Object save and Configuration load will fail.

Recommended Action:
Move one algorithm at least to allowed signing algorithms.


01071ca0 : When the %s flag is enabled, OAuth Provider (%s) must have %s JWT config attached for the JWT provider list (%s)

Location:
/var/log/ltm, GUI, CLI

Conditions:
The JWT config is not attached to a provider (manual or auto depending on flag) before being added to the JWT provider list.

Impact:
The command to add the provider to the JWT Provider List fails.

Recommended Action:
Attach the JWT config to a provider (either manually or by auto-discovery) before adding it to the JWT provider list.


01071ca1 : The JWK config (%s) associated to %s (%s) was auto-generated and is meant for Client/Resource Server purposes only.

Location:
/var/log/apm, TMSH

Conditions:
If an auto-discovered key is being referenced by an OAuth profile, this error will be seen.

Impact:
Object save will fail.

Recommended Action:
This key can be used only by Client/RS configuration.


01071ca2 : When jwt-token is enabled, a JWK config must be assigned as the JWT Primary Key for OAuth Profile (%s).

Location:
/var/log/apm, TMSH, GUI

Conditions:
If the attribute primary-key is not filled while creating/modifying an OAuth Profile, and JWT token flag is enabled.

Impact:
Will not let you save without this value.

Recommended Action:
Assign a JWK to primary key.


01071ca3 : Error loading cert-chain (%s) associated to JWK config (%s)%s

Location:
/var/log/ltm

Conditions:
A certificate chain setting in the JWK config contains an invalid entry or the certificate chain contents are invalid.

Impact:
Configuration changes leading to this error will remain ineffective.

Recommended Action:
Make sure that the certificate chain associated in the JWK-config exists in the BIG-IP certificate store. Check Traffic Certificate management under 'System -> Certificate Management' in the GUI to make sure. If the certificate chain does exist, make sure that the certificate-chain contents are valid.


01071ca4 : Invalid certificate order within cert-chain (%s) associated to JWK config (%s).

Location:
/var/log/ltm

Conditions:
In a given JWK config, if a cert-chain input is specified, the chain should contain the certificate of the issuer of the cert provided in the cert input. If cert-chain is a bundle, that is, it contains multiple certificates, then every subsequent certificate should be the issuer of the previous certificate.
If the certificate bundle contains multiple certificates, but the issuer is not in order, it will lead to this error.

Impact:
Configuration changes leading to this error will remain ineffective.

Recommended Action:
Fix the order of certificate(s) in the cert-chain input file so that the 'cert' input certificate issuer is present in the cert-chain file, and each next certificate contains the issuer of the previously issued certificate.

Here is an example of a valid cert/cert-chain config:

cert input contains:
  CN = as-cert.com
  issuer = intermediate-level3-cert.com

cert-chain input contains:
  1st CN = intermediate-level3-cert.com
  1st issuer = intermediate-level2-cert.com
  ---------------------------
  2nd CN = intermediate-level2-cert.com
  2nd issuer = intermediate-level1-cert.com
  ---------------------------
  1st CN = intermediate-level1-cert.com
  3rd issuer = root-cert.com
  ---------------------------


01071ca5 : The JWK config (%s) associated to OAuth %s (%s) failed trust verification with trusted CA bundle (%s).

Location:
/var/log/ltm

Conditions:
This is a common error for OAuth profile or OAuth provider page.

The JWK config, associated with a OAuth profile or provider, contains a certificate, certificate-chain, and trusted-ca bundle assigned to the OAuth profile or provider that failed a trust verification check. A trust verification check means that the certificate issuer is included within certificate-chain and that the issuer for certificate-chain is included in the trusted-ca bundle.

Impact:
Configuration changes leading to this error will remain ineffective.

Recommended Action:
* If a JWK config contains only a certificate, make sure to include the certificate issuer in the trusted-ca bundle.
* If a JWK config includes a certificate-chain, make sure that the certificate issuer is included in the certificate-chain. If there are multiple certificates in the certificate-chain, the issuer for all of the certificates must exist within the certificate-chain, except the last certificate. A certificate issuer for the last certificate-chain must be part of trusted-ca bundle.


01071ca6 : Only '%s' token validation mode is allowed for OAuth %s agent '%s'.

Location:
/var/log/ltm, tmsh

Conditions:
Misconfiguration.
Admin attempts to configure token-validation-mode for Oauth Client Agent as something other than 'External' in tmsh. The error indicates that this configuration is not valid.

Impact:
This is mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
Allowed token-validation-mode ('External') must be configured for Oauth client agent.


01071ca7 : JSON web token '%s' already exists in Provider List '%s'. The change you are trying to make is not allowed because it would result in a provider list that contains more than one instance of the same JSON web token.

Location:
/var/log/ltm, tmsh, GUI

Conditions:
Misconfiguration.
Admin attempts to add a Provider to a Provider list when the Provider has JWT config associatedm and the Provider list already has the same JWT config associated through some other Provider in the list. All the JWT configs associated with a Provider list must be unique.

Impact:
This is mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
When attempting to add a Provider to a Provider list, check that the operation will not result in a Provider list with more than one instance of the same JWT config.


01071ca8 : JSON web key '%s' already exists in Provider List '%s'. The change you are trying to make is not allowed because it would result in a provider list that contains more than one instance of the same JSON web key.

Location:
/var/log/ltm, tmsh, GUI

Conditions:
Misconfiguration.
Admin attempts to add a Provider to a Provider list when the Provider has JWK config(s) associated and the Provider list already has the same JWK config(s) associated through some other Provider in the list. All the JWK configs associated with a Provider list must be unique.

Impact:
This is mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
When attempting to add a Provider to a Provider list, check that the operation will not result in a Provider list with more than one instance of the same JWK config.


01071ca9 : OAuth parent profile's jwt-refresh-token-enc-secret attribute cannot be modified.

Location:
/var/log/apm, TMSH

Conditions:
If OAuth profile's jwt-refresh-token-enc-secret is modified from TMSH.

Impact:
A validation exception is seen.

Recommended Action:
Do not specify jwt-refresh-token-enc-secret for parent profile.


01071caa : The encryption key for OAuth profile (%s) cannot be specified directly. Use encryption secret to generate a new encryption key and make sure that jwt-token is enabled.

Location:
/var/log/apm, TMSH

Conditions:
If jwt-refresh-token-enc-key is specified directly.

Impact:
Object save will fail.

Recommended Action:
Do not specify jwt-refresh-token-enc-key. Instead use jwt-refresh-token-enc-secret to generate key.


01071cab : The JWK config (%s) associated to %s (%s) requires key ID configuration.

Location:
/var/log/ltm, GUI, TMSH console

Conditions:
The JWK does not have an ID configured. This JWK can be used in a client but not in an AS. Associating the JWK with an OAuth profile is intended to use it in an AS.

Impact:
The admin cannot associate this JWK to the OAuth profile without changing the JWK configuration.

Recommended Action:
The admin can give the JWK an ID, or use another JWK that already has an ID.


01071cac : When more than one JWK config of key-type '%s' is present in a JWT config, all the keys of that key-type must have key-id or cert-thumbprint-sha1 or cert-thumbprint-sha256 present.

Location:
/var/log/ltm, tmsh, GUI

Conditions:
Misconfiguration.
An admin attempts to add a JWK config to a JWT config, resulting in the JWT config having more than one JWK config of the same key-type, and not all the JWK configs of that key-type have key-id, cert-thumbprint-sha1, or cert-thumbprint-sha256 present.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
When more than one JWK config of the same key-type is associated with a JWT config, all these JWK configs must have key-id, cert-thumbprint-sha1, or cert-thumbprint-sha256 present.


01071cad : All the JWK configs in a JWT config must have unique key-id for each key-type. The key-id '%s' for key-type '%s' is already present in JWT config '%s'.

Location:
/var/log/ltm, tmsh, GUI

Conditions:
Misconfiguration.
Admin attempts to add a JWK config to a JWT config, and the JWK config has pair (key-id, key-type) that is already present in the JWT config through some other JWK config. The pair (key-id, key-type) must be unique within a JWT config.

Impact:
This is mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
When attempting to add a JWK config to a JWT config, check that the operation will not result in a JWT config with more than one instance of the same pair (key-id, key-type).


01071cae : %s (%s) for OAuth profile (%s) should be unique across other OAuth Authorization Server endpoints.

Location:
TMSH

Conditions:
When the oauth endpoints are configured to be the same, this warning will be seen.

Impact:
The object is saved, however the OAuth AS functionality will be affected.

Recommended Action:
Configure different values for Authorization server endpoints.


01071caf : The issuer cannot be modified for autodiscovered JWT config '%s'.

Location:
/var/log/ltm, tmsh

Conditions:
Modification error.
Admin attempts to modify issuer attribute of an auto-discovered JWT config in tmsh. This operation is not allowed.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
None.


01071cb0 : Cannot enable Real-Time Encryption when a custom encryption function is specified in the Anti-Fraud URL '%s'.

Location:
/var/log/ltm, GUI

Conditions:
Improper FPS profile configuration.

Impact:
Configuration will not load.

Recommended Action:
Either disable a custom encryption function or enable Real-Time Encryption.


01071cb0 : For autodiscovered JWT config '%s', you can move algorithms between the allowed and blocked lists only.

Location:
/var/log/ltm, tmsh

Conditions:
Misconfiguration.
Admin attempts to modify the allowed-algorithms or blocked-algorithms of an auto-discovered JWT config, by either adding a new algorithm that was not previously present in either of the two lists, or by removing an algorithm from either of the two lists without adding that algorithm to the other list.
For auto-discovered JWT config, the algorithms can be moved between allowed and blocked lists only.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
For auto-discovered JWT config, the algorithms can be moved between allowed and blocked lists only.


01071cb1 : JWK config '%s' is autodiscovered, JWT config '%s' is not. An autodiscovered JWK config can be added to an autodiscovered JWT config only.

Location:
/var/log/ltm, tmsh

Conditions:
Misconfiguration.
Admin attempts to add an auto-discovered JWK config to a manual JWT config. An auto-discovered JWK config can be associated with an auto-discovered JWT config only.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
This operation is not allowed. Auto-discovered JWK config cannot be added to manual JWT config.


01071cb2 : For autodiscovered JWT config '%s', you can move autodiscovered keys between the allowed and blocked lists only.

Location:
/var/log/ltm, tmsh

Conditions:
Misconfiguration.
Admin attempts to modify the allowed-keys or blocked-keys of an auto-discovered JWT config, by either adding a new key that was not previously present in either of the two lists, or by removing a key from either of the two lists without adding that key to the other list.
For auto-discovered JWT config, the keys can be moved between allowed and blocked lists only.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
For auto-discovered JWT config, the keys can be moved between allowed and blocked lists only.


01071cb3 : Autodiscovered JWK config '%s' cannot be modified.

Location:
/var/log/ltm, tmsh

Conditions:
Modification error.
Admin attempts to modify an attribute of an auto-discovered JWK config in tmsh. This operation is not allowed.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
None.


01071cb4 : Autodiscovered JWT config cannot be modified for OAuth Provider '%s'.

Location:
/var/log/ltm, tmsh

Conditions:
Modification error.
Admin attempts to modify auto-jwt-config-name of a Provider in tmsh. This operation is not allowed.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
None.


01071cb5 : Autodiscovered JWT config '%s' is associated with OAuth Provider '%s'. It cannot be added to Provider '%s'.

Location:
/var/log/ltm, tmsh

Conditions:
Misconfiguration.
Admin attempts to add an auto-discovered JWT config to a Provider, and the JWT config is already associated with another Provider. An auto-discovered JWT config is bound to one Provider and cannot be added to another Provider.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
Auto-discovered JWT config needs to be discovered on TMUI to be associated with a Provider.


01071cb6 : Support for at least Opaque or JWT token should be enabled for OAuth profile (%s).

Location:
/var/log/ltm, tmsh, GUI

Conditions:
This occurs when support for both an opaque and jwt token is disabled.

Impact:
Object save will fail.

Recommended Action:
Enable support for at least an opaque token or jwt token.


01071cb7 : The auto-generated attribute for %s '%s' cannot be modified.

Location:
/var/log/ltm, tmsh

Conditions:
Modification error.
Admin attempts to modify the 'auto-generated' attribute of a JWT config or a JWK config in tmsh. This operation is not allowed.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
None.


01071cb8 : The auto-generated attribute for %s '%s' cannot be specified.

Location:
/var/log/ltm, tmsh

Conditions:
Misconfiguration.
Admin specifies an 'auto-generated' attribute while creating a new JWT config, or a JWK config in tmsh. This is not allowed as the value for this field is populated automatically.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
Auto-generated attribute should not be specified while creating a new JWT config or JWK config.


01071cb9 : Claim value cannot be empty for OAuth claim (%s).

Location:
/var/log/apm, TMSH

Conditions:
When the claim value is empty in the OAuth Claim.

Impact:
Object save will fail.

Recommended Action:
Configure claim value in OAuth Claim.


01071cba : %s claim value associated with OAuth claim (%s) cannot be empty for OAuth Authorization agent %s, entry %d.

Location:
/var/log/apm, TMSH

Conditions:
In the OAuth Authorization agent, the claim value of the OAuth Claim is empty.

Impact:
Object save will fail.

Recommended Action:
Configure claim value in the Claim that is configured in the OAuth Authorization agent.


01071cbb : The JWK config (%s) containing algorithm (%s) does not match curve (%s) for elliptic-curve.

Location:
/var/log/apm, TMSH

Conditions:
When the algorithm specified in the JWK config does not match with the curve. When algorithm is ES256, curve value must be P-256. When algorithm is ES384, curve value must be P-384. Any other combination is invalid.

Impact:
Object save will fail.

Recommended Action:
In the JWK config, when algorithm is ES256, configure curve value P-256. When algorithm is ES384, curve value of P-384 must be configured. Any other combination is invalid.


01071cbc : The last-discovery-time cannot be specified while creating Provider '%s'.

Location:
/var/log/ltm, tmsh

Conditions:
Misconfiguration.
Admin specifies a 'last-discovery-time' attribute while creating a new OAuth Provider in tmsh. This is not allowed as the value for this field is populated automatically.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
The 'last-discovery-time' attribute should not be specified while creating a new OAuth Provider in tmsh as this will be populated automatically.


01071cbd : The last-discovery-time cannot be modified for Provider '%s'.

Location:
/var/log/ltm, tmsh

Conditions:
Modification error.
Admin attempts to modify a 'last-discovery-time' attribute of an OAuth Provider in tmsh. This operation is not allowed.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
The 'last-discovery-time' is updated on discovering auto JWT config/JWK config on TMUI. It is not allowed to modify this field in tmsh.


01071cbe : When use auto JWT config is enabled, OAuth Provider (%s) must have trusted CA present.

Location:
/var/log/ltm, tmsh

Conditions:
Misconfiguration.
An admin attempts to create an OAuth Provider with the default value 'true' for attribute use-auto-jwt-config, and does not specify trusted-ca-bundle.
Or, an admin attempts to set the value for trusted-ca-bundle to 'none' for an OAuth Provider that has the value 'true' for use-auto-jwt-config.

Impact:
This is an mcp configuration error. The object containing this configuration will not be saved.

Recommended Action:
For an Oauth Provider with use-auto-jwt-config=true, trusted-ca-bundle is a mandatory field.


01071cbf : The JWK Config (%s) cert field cannot be empty if cert-key (%s) is specified.

Location:
CLI

Conditions:
The certificate key reference field is filled in but not the certificate field itself.

Impact:
The object cannot be saved.

Recommended Action:
Either attach a certificate along with the key, or use the modulus/exponent/x/y/curve fields.


01071cc0 : %s (%s): Traffic Scrubbing Advertisement Duration must be more than zero.

Location:
/var/log/ltm

Conditions:
A DoS Profile is configured with Application enabled and Traffic Scrubbing Advertisement Duration is set to 0.

Impact:
DoS profile changes are not saved.

Recommended Action:
Set the value to a value more than zero.


01071cc1 : %s (%s): RTBH Advertisement Duration must be more than zero.

Location:
/var/log/ltm

Conditions:
A DoS Profile is configured with Application enabled and RTBH Advertisement Duration is set to 0.

Impact:
DoS profile changes are not saved.

Recommended Action:
Set the value to a value more than zero.


01071cc2 : Anti-Fraud parameter '%s' is invalid. Cannot enable both %s and %s for same parameter in the Anti-Fraud profile '%s' (Anti-Fraud URL: '%s').

Location:
/var/log/ltm

Conditions:
Both "substitute value" and "check integrity" are enabled in an anti-fraud parameter.

Impact:
The configuration will not load.

Recommended Action:
Disable either of the 'substitute value' or 'check integrity' check boxes for the given parameter.


01071cca : Dos Signature (%s): %s is not user settable field.

Location:
/var/log/ltm, TMSH, GUI

Conditions:
This message will happen when user is trying to change unchangeable field of Dos Signature Configuration.

Impact:
The configuration is not changed.

Recommended Action:
None.


01071ccb : %s (%s): Attacked dst can not be enabled if per-destination detection/limit pps is less than 0.1%% of the corresponding vector setting.

Location:
/var/log/ltm

Conditions:
The per-source detection/limit pps is less than 1 percent of the corresponding value of the DoS vector. The DoS vector is specified by the configuration value of the rate threshold/rate limit in the DoS vector.

Impact:
The security DoS DNS/SIP/NETWORK/Device attack vector attacked dst cannot be enabled.

Recommended Action:
Change the configuration settings of attack vector for either the per-source detection/limit pps or the rate threshold/rate limit.


01071ccc : %s (%s): Attacked dst per-destination detection/limit pps cannot be greater than the corresponding vector setting.

Location:
/var/log/ltm

Conditions:
The per-source detection/limit packets per second is greater than the corresponding DoS vector specified in the value of the rate threshold/rate limit.

Impact:
Security DoS DNS/SIP/NETWORK/Device attack vector attacked dst actor cannot be enabled.

Recommended Action:
Change the configuration settings of the attack vector for either per-source detection/limit pps or rate threshold/rate limit.


01071cd4 : %s: %s can't be deleted because %s.

Location:
/var/log/ltm, GUI, console

Conditions:
When a configuration object is not allowed to be deleted, the error message is triggered.

Impact:
No update to the related configuration.

Recommended Action:
None.


01071cd5 : %s: %s can't be modified because %s.

Location:
/var/log/ltm, GUI, console

Conditions:
When modification to a configuration object is not allowed, the error message is triggered.

Impact:
No update to the related configuration.

Recommended Action:
None.


01071cd6 : Dos Signature (%s): %s is not allowed to be reset by user once it is specified.

Location:
/var/log/ltm, console, GUI

Conditions:
This message will happen when user is trying to reset unresettable field of Dos Signature Configuration.

Impact:
The configuration is not changed.

Recommended Action:
None.


01071cd9 : Field-list contains an invalid/duplicate value.

Location:
CLI

Conditions:
An attempt has been made to add an invalid field to the field-list when creating a security log profile.

Impact:
The CLI displays an error message when creating the security log profile:

root@(cfg-sync Standalone)(autodosd DOWN)(/Common)(tmos)# create security log profile test nat {format { end-inbound-session { type field-list field-list {context_name src_ip dest_ip test } user-defined [TEST] }}}
01071bf2:3: Field-list contains an invalid/duplicate value.The message indicates an invalid field configuration. After removing the invalid field, log profile can be created/modified.

Recommended Action:
Remove the invalid field.


01071cdc : Security static PAT %s translation object '%s' address (%s) is overlapping with another address (%s) located in '%s' PAT %s translation object.

Location:
GUI, CLI

Conditions:
A security static PAT translation object contains an overlapping address with another static PAT translation object address.

Impact:
An error message is displayed and the configuration is not applied.

Recommended Action:
Remove the overlapping address/address range from the configuration.


01071cdd : Traffic-group (%s) is referenced by security NAT Policy (%s) and cannot be deleted.

Location:
/var/log/ltm

Conditions:
An attempt was made to delete a traffic group that is being referenced by a security NAT policy object.

Impact:
The operation to delete the traffic group failed.

Recommended Action:
The referenced security NAT policy object must be deleted first. Then the traffic group can be deleted.


01071cde : Traffic-group (%s) is referenced by security source translation (%s) and cannot be deleted.

Location:
/var/log/ltm

Conditions:
An attempt was made to delete a traffic group that is being referenced by a security source translation object.

Impact:
The operation to delete the traffic group will fail.

Recommended Action:
The referenced security source translation object must be deleted first. Then the traffic group can be deleted.


01071cdf : Dos vector (%s) does not support Attacked destination DOS attack detection.

Location:
var/log/ltm

Conditions:
Certain dos vectors do not support attacked destination detection because they are error or drop vectors for which the system does not process traffic and drop packets. Do not configure for an attacked destination.

Impact:
Not an error or defect; this is an informational type message for the user.

Recommended Action:
None.


01071ce3 : %s (%s) cannot be set to (%s) when %s (%s) is set to (%s)

Location:
/var/log/ltm, GUI, console.

Conditions:
This is a generic error message describing a validation constraint across two different objects' value(s).

The objects can be:
1) of the same type
2) different types
3) the same instance

The constraint can be:
1) over the same property
2) over different properties

The specialization of this template should tell you which object classes and specific properties it is referring to.

Impact:
Validation error.

Recommended Action:
None.


01071ce4 : %s (%s): %s feature is not supported for %s attack type.

Location:
/var/log/ltm, console, GUI

Conditions:
This will happen when configuring Dos Attack for a feature that is not supported with the specified attack type.

Impact:
The configuration in the system will not be changed.

Recommended Action:
None.


01071ce5 : %s (%s): %s cannot be enabled if %s is not enabled for %s attack type.

Location:
/var/log/ltm, console, GUI

Conditions:
This will happen when enabling a Dos Attack feature that depends on a condition that is not satisfied.

Impact:
The configuration in the system is not changed.

Recommended Action:
None.


01071ce6 : The value (%s) is invalid. Valid TTL is %s.

Location:
GUI, console

Conditions:
The error message displays if a user attempts to configure the scrubber advertisement tel and the values are not in a valid range.

Impact:
Configuration of the scrubber TTL fails unless you change one of the allowed values for the TTL.

Recommended Action:
None.


01071ce7 : Cannot configure Advertisement TTL while scrubbing is in progress.

Location:
GUI, console

Conditions:
The user is attempting to modify the scrubber advertisement TTL, while the scrubber action is already in progress for one of the monitored objects.

Impact:
Modification of the scrubber advertisement TTL will fail, unless the user configures this value once the scrubbing action is done for all the monitored objects.

Recommended Action:
None.


01071ce8 : The VLAN %s has the same tag %u as VLAN %s. So the port-fwd-mode of the interface associated with the VLAN must be set to l2wire.

Location:
/var/log/ltm

Conditions:
The configuration is invalid. If an interface is added to a 'virtual wire' VLAN, the forwarding mode of the interface cannot be changed to the value other than 'virtual wire'.

Impact:
None.

Recommended Action:
Remove the interface from the VLAN before changing the forwarding mode property of the interface.


01071ce8 : The VLAN (%s) has the same tag %u as VLAN (%s). So the port-fwd-mode of the interface associated with the VLAN must be set to virtual-wire.

Location:
/var/log/ltm

Conditions:
This message is caused by an invalid configuration. If an interface is added to a 'virtual-wire' vlan, the port-fwd-mode cannot be changed to the value other than 'virtual-wire'.

Impact:
None.

Recommended Action:
Remove the interface from VLAN before changing the port-fwd-mode property.


01071ce9 : The Scrubber Route Domain (%s) has a destination IP (%s) that overlaps with (%s).

Location:
/var/log/ltm, console, GUI

Conditions:
When attempting to configure a scrubber-rd-network in scrubber-rt-domain, its destination IP must not overlap with other scrubber-rd-networks within the same scrubber-rt-domain.

Impact:
Validation failure.

Recommended Action:
Choose a different value.


01071ceb : Operation failed for CA bundle manager %s due to other pending operation.

Location:
/var/log/ltm

Conditions:
When a ca-bundle manager is updated more than once over a very short period of time, the keymgmtd will see two concurrent updates to the ca-bundle manager.

Impact:
The second update operation will be rejected.

Recommended Action:
Successive update to the same ca-bundle manager needs to be separated by a short time period. In most update operations, this error log will not be encountered.


01071ced : MQTT monitor '%s' must have a username when password is configured.

Location:
/var/log/ltm, console, GUI

Conditions:
The message appears for a missing username in MQTT monitor when a password is configured.

01071c73:3: MQTT monitor '/Common/mon-mqtt-1.2' must have a username when password is configured.

MQTT monitor is created and it has a 'password' field filled in while 'username' field remains empty (having value "none" in tmsh).

Impact:
Submitting configuration of MQTT monitor is not accepted.

Recommended Action:
Have a non-empty value for 'username' field in the MQTT monitor when username and password credentials are required.


01071cef : Policy (%s) of type %s cannot have subroutine-properties attached, policy type must be %s.

Location:
/var/log/ltm

Conditions:
This message is generated when an attempt is made to attach a subroutine to an access policy that is not of type "subroutine".

Impact:
The system cannot perform the requested operation of attaching the subroutine to a policy.

Recommended Action:
Create a policy of type "subroutine".


01071cf0 : DNS resolver must be configured for SAML metadata automation object (%s).

Location:
/var/log/ltm, VPE UI, tmsh

Conditions:
Administrator attempts to configure 'connection-properties' attribute of SAML metadata automation object. Administrator has not specified required DNS resolver in 'connection-properties' resulting in the validation error.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
Specify DNS resolver in connection-properties attribute of SAML metadata automation object.


01071cf1 : SAML metadata automation object (%s) should have only one 'connection-properties' attribute configured.

Location:
/var/log/ltm, VPE UI, tmsh

Conditions:
Administrator attempts to configure SAML metadata automation object, and set more then one property 'connection-properties'.

Only a single 'connection-properties' configuration is allowed per SAML metadata automation object, so the error will be shown.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
Configure only one 'connection-properties' attribute per SAML metadata automation object.


01071cf3 : Authorize redirect request (%s) must always use 'GET' method.

Location:
Console.

Conditions:
If an authorize redirect request is created with POST method, then this message displays

Impact:
Create the OAuth Request object fails.

Recommended Action:
Create authorize redirect request only with 'GET' method.


01071cf4 : Invalid %s for Monitor Test (%s) conflicts with monitor value (%s)

Location:
/var/log/ltm, tmsh, iControl REST

Conditions:
One or more of the parameters specified in the tmsh 'run ltm monitor' command to test an LTM monitor configuration are incorrect.
Specifically, the destination IP Address and/or Service Port are specified in the 'run ltm monitor' command, when the destination IP Address and/or Service Port are already specified in the LTM health monitor configuration being tested.

Impact:
A potentially-invalid or misleading monitor test is prevented from running.
If the destination IP Address and/or Service Port of an LTM health monitor is configured, that configuration will be used during the monitor test.
Preventing conflicting destination IP Address and/or Service Port parameters from being specified in the tmsh 'run ltm monitor' command helps ensure accuracy of the monitor test, and fidelity with actual behavior of the LTM health monitor as configured once assigned to an LTM node, pool member or pool.

Recommended Action:
When performing a test of an LTM monitor using the tmsh 'run ltm monitor' command, only provide destination IP Address and/or Service Port parameters which are not already configured in the LTM health monitor being tested.


01071cf5 : Invalid state (%s) for Monitor Test target (%s) marked for cleanup

Location:
/var/log/ltm

Conditions:
A monitor instance created internally for the purpose of executing the tmsh 'run ltm monitor' command (to test LTM health monitor configuration) was found to be in an unexpected state.

Impact:
The LTM monitor test result cannot be evaluated accurately.
This condition results from an invalid internal state in mcpd and/or bigd daemon processing. Therefore, it might be an indication of more significant inconsistencies within the BIG-IP configuration subsystem.

Recommended Action:
Further diagnosis of the mcpd and bigd daemons is indicated, including enabling mcpd and bigd debug logging and repeating the LTM monitor test which encountered the error condition.


01071cf6 : The current provisioning does not support the TurboFlex profile. Please provision LTM first or choose another profile suggested on the help page.

Location:
/var/log/ltm

Conditions:
TurboFlex profiles need certain provisioning to be configured. Different TurboFlex profiles have different requirements, but all of them can be configured when LTM is provisioned.

Impact:
When the user selects a TurboFlex profile, the profile does not become the active profile.

Recommended Action:
Provision LTM or other modules that support the chosen TurboFlex profile listed under the description of each profile. (The TMSH command is "show sys turboflex profile all field-fmt".)


01071cf7 : The chosen turboflex is not licensed, therefore the change cannot be made.

Location:
/var/log/ltm, GUI, tmsh

Conditions:
This only happens when the user is trying to change the active TurboFlex profile. If the user has an unthrottled license, which is also called a PAYG standard license, some TurboFlex profile will not be licensed. Therefore, choosing the unlicensed profile will trigger this message, and the change will not be made.

Impact:
The change of the desired TurboFlex profile will not be done.

Recommended Action:
If you would like the TurboFlex profile, you will need to upgrade the license from unthrottled to throttled, in other words, from PAYG standard to PAYG performance.


01071cf9 : The provision module %s requires TurboFlex profile %s. Please either un-provision the module or choose the required profile. For more information, please see 'tmsh help sys turboflex' on the command line, or look at the 'Help' tab on the TurboFlex page under Resource Provisioning.

Location:
/var/log/ltm, GUI

Conditions:
Some provisioning module can only be provisioned when a certain TurboFlex profile is set as active. Therefore, this error will appear when you are trying to provision a module when the required TurboFlex profile is not active, or when you are switching to another TurboFlex profile that does not allow a provisioned module to be provisioned that the previous profile allowed.

Impact:
The modifying action will not be done.

Recommended Action:
The error message will tell you which profile to modify with the command "tmsh modify sys turboflex profile-config type <profile>", or which modules to un-provision with command "modify sys provision <module> level none", in order for the change to occur without error.


01071cfb : Please get the Advanced Protocols or FIX add-on license to enable FIX features.

Location:
/var/log/ltm

Conditions:
The TurboFlex low latency profile cannot be enabled.

Impact:
The TurboFlex configuration will remain unchanged or will be the default configuration.

Recommended Action:
Customers will need to get an additional add-on license from F5 in order to enable the profile.


01071cfc : %s changing OpenSSL FIPS flag from (%d) to (%d). Reboot is required for changes to take full effect.

Location:
/var/log/ltm

Conditions:
Enabling or disabling either FIPS 140-2 compliance mode or modifying the Common Criteria DB variable (Security.CommonCriteria) changes the OpenSSL FIPS flag. Log the message. The prompt changes to 'Reboot Required'.

Impact:
The log message and the prompt change to 'Reboot Required' to remind the user to reboot for all FIPS changes to take effect.

Recommended Action:
Reboot the BIG-IP system for all processes to get initialized correctly in the compliant mode.


01071cfd : The VLAN (%s) tag %u cannot be modified to %u once the VLAN is created. Please delete and re-create it.

Location:
/var/log/ltm

Conditions:
The configuration is invalid. The VLAN tag is not allowed to change to an existing VLAN tag when a virtual wire interface is associated with any VLANs of the same tag.

Impact:
None.

Recommended Action:
Inspect the relevant object configuration in the VLAN, trunk, and interface. You can delete the VLAN and re-create the VLAN with the tag.


01071cfe : %s (%s): AutoMitigate %s %u must be lower than AutoMitigate ceiling %u.

Location:
GUI, CLI

Conditions:
In the AFM DoS feature, the attack detection threshold is higher than the detection ceiling value set for a vector.

Impact:
An attack detection threshold that exceeds the detection ceiling value invalidates the configuration.

Recommended Action:
Reset the detection ceiling to a value higher than the threshold.


01071cff : %s (%s): AutoMitigate %s 'infinite' must be lower than AutoMitigate ceiling %u.

Location:
GUI, CLI

Conditions:
In the AFM DoS feature, the attack detection threshold value is set to Infinite while the attack detection ceiling is set to a finite value.

Impact:
The configuration is invalid.

Recommended Action:
Set the rate threshold value to a finite value that is lower than the ceiling value.


01071d00 : Maximum response size (%u) for OAuth provider (%s) must be in range of (%u-%u).

Location:
TMSH

Conditions:
When the admin specifies the maximum allowed response size for a particular provider with too large or too small of a value.

Impact:
The out of range value will not be set. The previous value remains.

Recommended Action:
The admin has to enter a value within the range.


01071d01 : Invalid value (%s) for profile %s field %s. Only integers between 0 and 4294967295 are permitted.

Location:
/var/log/ltm, console, GUI

Conditions:
When the user enters a non-integer, a negative integer, or an integer that exceeds 4294967295 in a field that's limited to unsigned long integers.

Impact:
The profile will not be updated or created until the error is corrected.

Recommended Action:
Enter a value between 0 and 4294967295 in the field indicated by the error message.


01071d02 : Size of field '%s' for monitor '%s' exceeds allowed maximum of %d bytes.

Location:
/var/log/ltm, tmsh console, iControl REST, GUI

Conditions:
When a monitor has a password, or a secret parameter, and it is being created or updated with a value exceeding the allowed maximum number of bytes.

Impact:
Upon receiving the message, a creation or modification of the object for specified monitor fails.

Recommended Action:
Set the size of the identified parameter within the specified limit.


01071d03 : Encryption object is too big.

Location:
/var/log/ltm, tmsh console, iControl REST, GUI

Conditions:
There is an object which has a parameter stored in Secure Vault, and the size of the parameter, in bytes, exceeds a documented limit during the object creation or modification.

Impact:
An operation on the object creation or modification fails.

Recommended Action:
Set the parameter's value with the documented limit.


01071d04 : Encryption failed.

Location:
/var/log/ltm, tmsh console, iControl REST, GUI

Conditions:
There is an object which has a parameter stored in Secure Vault and encryption of the parameter fails during the object creation or modification.

Impact:
An operation on the object creation or modification fails.

Recommended Action:
None.


01071d05 : %s is not a valid IP address or hostname.

Location:
/var/log/ltm, console, GUI

Conditions:
For apm::aaa::active-directory, provide invalid ip or FQDN hostname for domain-controller.

Impact:
Configuration cannot be saved.

Recommended Action:
Supply valid ip or hostname for the value.


01071d06 : Overlapping %s IP addresses (%s) is in NAT policy '%s', rule '%s'.

Location:
/var/log/ltm

Conditions:
There are overlapping IP addresses in a NAT policy rule.

Impact:
No impact. Message is informational only

Recommended Action:
None.


01071d09 : Management auto-lasthop (%s) can't be disabled on a 1-NIC platform.

Location:
/var/log/ltm

Conditions:
The user tries to disable management auto-lasthop ("tmsh modify ltm global-settings general mgmt-auto-lasthop") on VE system configured with 1-NIC.

Impact:
Management auto-lasthop cannot be disabled.

Recommended Action:
None.


01071d0e : Global ASM health alerts configurations error: %s

Location:
tmsh

Conditions:
In tmsh when trying to configure new ASM alert with illegal value.

Example:
(/Common)(tmos)# modify asm health-alerts tmm-cpu-utl-threshold 200
01071d06:3: Global ASM health alerts configurations error: tmm CPU utilization threshold can't be more than 100.

Example:
root@(eddie)(cfg-sync Disconnected)(monpd DOWN)(/Common)(tmos)# modify asm health-alerts backlog-msg-queue-utl-threshold 900
01071d06:3: Global ASM health alerts configurations error: backlog message queue utilization threshold can't be more than 100.

Impact:
The threshold for the specific ASM alert will not be configured unless a legal value is given.

Recommended Action:
Provide legal value to the threshold field.


01071d16 : DNS profile (%s) cannot have both edns0 client subnet insertion and the DNS cache enabled simultaneously.

Location:
/var/log/ltm, GUI, CLI

Conditions:
A change was made to the configuration of a DNS profile such that both edns0 client subnet insertion and DNS caching are set to enabled.

Impact:
The current implementation of the DNS cache is not client subnet aware and therefore might cache responses for all clients when the scope of the response is actually much narrower. Consequently, the configuration changes are dropped.

Recommended Action:
Enable the DNS cache by disabling edns0 client subnet insertion (or vice versa). This can be accomplished in the same command/transaction:

tmsh modify ltm profile dns <profile_name> enable_cache <yes/no> cache <cache_name/none> edns0-client-subnet-insert <disabled/enabled>


01071d17 : DNS profile (%s) inherits options from DNS profile (%s) and cannot have both edns0 client subnet insertion and the DNS cache enabled simultaneously.

Location:
/var/log/ltm, GUI, CLI

Conditions:
A change was made to the configuration of the parent DNS profile so that a child DNS profile that inherits default options from the parent profile has entered an invalid state with both edns0 client subnet insertion and DSN caching enabled.

Note that the child profile might or might not be an immediate child of the parent and it is possible for the child to have one or more profiles between it and the parent profile.

Impact:
The current implementation of the DNS cache is not client subnet aware and therefore might cache responses for all clients when the scope of the response is actually much narrower. Consequently,the configuration changes are dropped.

Recommended Action:
Change the child profile so that it does not enter an invalid state. If the child profile explicitly sets a configured value rather than using the default value from the parent profile, then changing an option on the parent profile's configuration does not affect the same option on the child.

Setting the child's edns0-client-subnet-insert option to "disabled" or the cache-enabled option to "no" should allow changes to the parent profile.


01071d44 : The Traffic Matching Criteria (%s) is already in use by another Netflow Protected Server (%s).

Location:
/var/log/ltm

Conditions:
Validation error. Each Netflow Protected Server object must reference a unique Traffic Matching Criteria. A Traffic Matching Criteria cannot service more than one Netflow Protected Server.

Impact:
Validation error might lead to configuration load, upgrade, and sync failures.

Recommended Action:
Remove one of the references to Traffic Matching Criteria before assigning it to the intended Netflow Protected Server.


01071d45 : Invalid Netflow Protected Server [%s] name for stopping redirection

Location:
/var/log/ltm

Conditions:
When trying to stop redirection on a non-existent Netflow Protected Server.

Impact:
Validation error.

Recommended Action:
Reference an existant Netflow Protected Server.


01071d46 : Netflow Protected Server (%s) cannot have a Traffic Matching Criteria that references a route domain.

Location:
/var/log/ltm, CLI

Conditions:
The system cannot validate the system configuration.

Impact:
The configuration fails.

Recommended Action:
In the traffic matching criteria for a Netflow Protected Server, do not reference a route domain.


01071d47 : (%s) has an invalid mask %u.

Location:
/var/log/ltm

Conditions:
Configuration validation, when an IP Address is configured with invalid mask. For example, 10.10.0.1/24 should be 10.10.0.1/32.

Impact:
Configuration exception.

Recommended Action:
Provide the correct mask.


01071d62 : CMI device (%s) attempted to connect but is running an incompatibly old version of TMOS.

Location:
/var/log/ltm

Conditions:
The remote device is running an older software version that did not indicate a required DSC handshake protocol version in the message.

Impact:
Config sync is disabled between this device and another trust domain member. Config sync will remain disabled until the other device is upgraded to a compatible version.

Recommended Action:
Upgrade the other device to a compatible version and reboot the other device into the new installation volume.


01071d63 : CMI device (%s) attempted to connect but is running a version of TMOS with incompatible version (%s) (expected %s).

Location:
/var/log/ltm

Conditions:
The remote device is running an older software version that did not indicate a required DSC handshake protocol version in the message.

Impact:
Config sync is disabled between this device and another trust domain member. Config sync will remain disabled until the other device is upgraded to a compatible version.

Recommended Action:
Upgrade the other device to a compatible version.


01073035 : The encryption key for OAuth profile (%s) cannot be modified directly. Use encryption secret to generate a new encryption key.

Location:
/var/log/apm, TMSH

Conditions:
If jwt-refresh-token-enc-key is specified directly.

Impact:
Object won't be saved.

Recommended Action:
Do not specify key. Instead use jwt-refresh-token-enc-secret to generate key.


01073039 : All the JWK configs in a JWT config must have unique cert-thumbprint-sha1. The cert-thumbprint-sha1 '%s' is already present in JWT config '%s'.

Location:
/var/log/ltm, tmsh, GUI

Conditions:
Misconfiguration.
Admin attempts to add a JWK config to a JWT config, and the JWK config has cert-thumbprint-sha1 that is already present in the JWT config through some other JWK config. The cert-thumbprint-sha1 must be unique within a JWT config.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
When attempting to add a JWK config to a JWT config, check that the operation will not result in a JWT config with more than one instance of the same cert-thumbprint-sha1.


01073040 : All the JWK configs in a JWT config must have unique cert-thumbprint-sha256. The cert-thumbprint-sha256 '%s' is already present in JWT config '%s'.

Location:
/var/log/ltm, tmsh, GUI

Conditions:
Misconfiguration.
Admin attempts to add a JWK config to a JWT config, and the JWK config has cert-thumbprint-sha256 that is already present in the JWT config through some other JWK config. The cert-thumbprint-sha256 must be unique within a JWT config.

Impact:
This is an mcp configuration error. Object containing this configuration will not be saved.

Recommended Action:
When attempting to add a JWK config to a JWT config, check that the operation will not result in a JWT config with more than one instance of the same cert-thumbprint-sha256.


010c0009 : Lost connection to mcpd - reestablishing

Location:
/var/log/ltm. Neither the Console nor the GUI provides it.

Conditions:
When SOD loses its connection to MCPD for whatever reason, this message is logged.

Impact:
SOD won't have communication with MCPD. Any device status/configuration updates wouldn't be possible until the communication is re-established.

Recommended Action:
If the connection is not re-established automatically, try restarting all services with bigstart restart.


010c0018 : Standby

Location:
/var/log/ltm. The GUI provides other prompts that indicate a device is in Standby mode; and the Console provides a prompt with Standby State in it.

Conditions:
A device goes to standby by user manual intervention, or when some other device is the active one in the failover group.

Impact:
If it is due to a user intervention, all failover objects in the device will be serviced by the next active device in the failover group, for example, traffic groups.

Recommended Action:
None.


010c0022 : Opening %s for failover monitoring

Location:
/var/log/ltm.

Conditions:
This log is informational and indicates that SOD has opened the failover serial port. This occurs on the startup of SOD. The use of the serial port for failover status is determined by the configuration of the BIG-IP.

Example:
Nov 11 07:35:13 lead info sod[6502]: 010c0022:6: Opening /dev/tty01 for failover monitoring.

Impact:
None.

Recommended Action:
None.


010c002a : Requesting tmm to resend gratuitous arps for traffic group %s.

Location:
/var/log/ltm

Conditions:
In an Active-Active scenario, once it is decided which device will become standby and which will remain active (internal logic), the active device will request tmm to resend gratuitous arp messages. When this occurs, this log message appears in the device that remained active.

Impact:
None.

Recommended Action:
None.


010c002b : Traffic group %s received a targeted failover command for %s.

Location:
/var/log/ltm

Conditions:
This log entry appears when the active device has received and is processing a targeted-failover command that is issued by an administrator for a specified traffic group.

Impact:
This is an informational log entry that indicates that the administrator has issued a failover for a specific traffic group on the active device.

Recommended Action:
None.


010c002c : Traffic group %s received a targeted failover command from cluster mate for %s.

Location:
/var/log/ltm

Conditions:
This log message appears when a blade in a cluster has received and is processing a targeted-failover command from one of the other blades in the cluster for a specified traffic group.

Impact:
This is an informational log message that indicates that the administrator has issued a failover for a specific traffic group in a cluster and this blade is processing that command.

Recommended Action:
None.


010c002d : Traffic group %s going standby via targeted failover command.

Location:
/var/log/ltm

Conditions:
This log message appears when a specified traffic group is going from active to standby, caused by a targeted-failover command that is issued by an administrator for a specified traffic group.

Impact:
This is an informational log message that indicates that the administrator has issued a targeted failover command to change a specific traffic group from an active to standby. device.

Recommended Action:
None.


010c0037 : Up service module error %s.

Location:
/var/log/ltm

Conditions:
These messages indicate that the failover daemon encountered an unexpected system call failure, and is not functioning correctly.

If the specific message is "Up service module error: .... Too many open files", then the system is probably running a version of software that contains defect Bug ID 451917 or Bug 516669.

Any other runtime errors require diagnosis.

Impact:
If this condition occurs, HA failover might not work correctly.

Recommended Action:
Depending on the root cause of the runtime error, restarting the BIG-IP device might clear the condition.

Upgrade to a BIG-IP software release that contains the fixes for Bug 451917 and Bug 516669.


010c003b : Bind fails on %s addr %s port %d error %s

Location:
/var/log/ltm

Conditions:
An invalid address has been configured as a unicast address on the device.

Impact:
The invalid unicast address cannot be used to send or receive network failover data.

Recommended Action:
Change the unicast address to be a valid management IP or self-IP.


010c003c : Connect fails on %s addr %s port %d error %s

Location:
/var/log/ltm

Conditions:
The code paths in question can only be executed if secure network failover is enabled. This error can occur if no route exists to the remote unicast address ("Network is Unreachable").

Impact:
Network failover communication to the remote unicast address does not work.

Recommended Action:
Repair the network partition.


010c003e : Offline

Location:
/var/log/ltm

If this offline state was requested by the user, the GUI provides other status fields that indicate a device is in Forced Offline mode, and the Console provides a prompt with ForcedOffline State in it.

Conditions:
It is a transitional state that is logged when the device comes up or when SOD restarts.
It will also occur when the user forces a device to stay offline.
The device encounters networking problems.

Impact:
Device won't be online. Network connectivity for services won't be available.

Recommended Action:
Bring the device back online if the offline state was a consequence of a user action.
Restart sod daemon. If that doesn't work, restart all services.


010c003f : Forced offline

Location:
/var/log/ltm

Conditions:
This log message occurs when the SOD updates an internal state to offline as a result of detecting that a traffic group has been forced offline by the admin.

Impact:
The log (level Notice) is generated by SOD after it changes an internal state for a traffic group has been forced offline and is no longer accessible to the user. This log is an informational/debug log of a SOD internal state change to forced offline and not that useful to the user.

Recommended Action:
None.


010c0044 : Command: %s

Location:
The message appears only in /var/log/ltm. It does not appear on the console or on the GUI screen.

Conditions:
This is a log entry that displays a failover command, executed by means of the GUI, tmsh, or iControl. The following examples show some of the possible logs, but not all.

The following log corresponds to making a traffic group go to standby from the GUI.
010c0044:5: Command: go standby /Common/TG2 /Common/BIGIP-2.localdomain GUI.

The following log corresponds to making a traffic group go to standby from tmsh.
010c0044:5: Command: go standby /Common/TG2 /Common/BIGIP-1.localdomain tmsh.

The following when making the BIGIP go ForcedOffline mode via tmsh
010c0044:5: Command: go offline all tmsh.

The following when making the BIGIP come back online from ForcedOffline mode via GUI
010c0044:5: Command: release offline all GUI.

The following log comes when making the BIGIP go offline from iControl
010c0044:5: Command: go offline all iControl.

Impact:
None. This is a notification that a system failover command was executed.

Recommended Action:
None.


010c0048 : Bcm56xxd and lacpd connected - links up

Location:
/var/log/ltm

Conditions:
This message is information, and is logged by SOD when the links to Bcm56xxd and lacpd are up. This is part of the normal startup process for SOD.

Example:
Nov 11 07:36:15 lead notice sod[6502]: 010c0048:5: Bcm56xxd and lacpd connected - links up.

Impact:
None

Recommended Action:
None.


010c0049 : Tmm ready - links up.

Location:
/var/log/ltm

Conditions:
This is a message from SOD to indicate that the TMM has reached the running state, and can handle passing and receiving traffic on the self-IPs often used for failover addresses.

This message is seen on initial startup, as well as if SOD or the TMM is restarted.

Impact:
None.

Recommended Action:
None.


010c0050 : Sod requests links down

Location:
/var/log/ltm

Conditions:
This is an information message that is logged during the shutdown of the SOD daemon. It indicates that the links to Bcm56xxd and lacpd have been marked down.

Example:
Nov 11 07:29:03 lead notice sod[6214]: 010c0050:5: Sod requests links down.

Impact:
None.

Recommended Action:
None.


010c0052 : Standby for traffic group %s

Location:
This log only appears in /var/log/ltm. It does not appear on the Console or the GUI.

Conditions:
When a traffic group transitions to the standby state, this log message is logged by the system.

For example when a device is released from the forced offline state; the sequence of logs includes the following:

Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0044:5: Command: release offline all GUI.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0054:5: Offline for traffic group TG2.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0054:5: Offline for traffic group traffic-group-1.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c003e:5: Offline
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c006d:5: Leaving Offline for Standby for dbvar is redundant.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0052:5: Standby for traffic group TG2.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0052:5: Standby for traffic group traffic-group-1.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0018:5: Standby
Oct 11 13:30:04 BIGIP-2 info sod[28395]: 010c0096:6: Next active for traffic group traffic-group-1.
Oct 11 13:30:04 BIGIP-2 info sod[28395]: 010c0096:6: Next active for traffic group TG2.

Impact:
None. This is a notification of what is happening with the traffic-group in the device.

Recommended Action:
None.


010c0054 : Offline for traffic group %s.

Location:
/var/log/ltm. Neither the Console nor the GUI show it.

Conditions:
When a traffic-group is about to become active or standby, it starts with the transitional state of offline, which 0is when the log appears. For example the following sequence of logs appear when the device is booting up:

Oct 11 13:00:46 BIGIP-2 notice sod[5403]: 010c0057:5: Activating traffic group TG2.
Oct 11 13:00:46 BIGIP-2 notice sod[5403]: 010c0054:5: Offline for traffic group TG2.
Oct 11 13:00:46 BIGIP-2 notice sod[5403]: 010c0057:5: Activating traffic group traffic-group-1.
Oct 11 13:00:46 BIGIP-2 notice sod[5403]: 010c0054:5: Offline for traffic group traffic-group-1.

This could also be a result of initial configuration or releasing a device from a forced offline state. A common log sequence will look like this:

Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0044:5: Command: release offline all GUI.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0054:5: Offline for traffic group TG2.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0054:5: Offline for traffic group traffic-group-1.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c003e:5: Offline
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c006d:5: Leaving Offline for Standby for dbvar is redundant.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0052:5: Standby for traffic group TG2.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0052:5: Standby for traffic group traffic-group-1.
Oct 11 13:30:04 BIGIP-2 notice sod[28395]: 010c0018:5: Standby
Oct 11 13:30:04 BIGIP-2 info sod[28395]: 010c0096:6: Next active for traffic group traffic-group-1.
Oct 11 13:30:04 BIGIP-2 info sod[28395]: 010c0096:6: Next active for traffic group TG2.

Impact:
None. This is a notification of what is happening with the traffic-group in the device.

Recommended Action:
None.


010c0055 : Forced offline for traffic group %s.

Location:
/var/log/ltm

Conditions:
This log message occurs if the SOD detects that a traffic group has been forced offline by the admin.

Impact:
The log (level Notice) is generated by SOD after a traffic group has been forced offline and is no longer accessible to the user.

Recommended Action:
The admin has forced the specified traffic group offline and the user must use other traffic groups.


010c0056 : Deactivating traffic group %s

Location:
/var/log/ltm. Neither the Console nor the GUI provide it.

Conditions:
SOD has to reactivate the traffic groups in the device when certain configuration changes occur on the box, specially at boot time. This requires a deactivate/activate sequence, and, when the deactivate occurs, this log appears.

Impact:
None. This is a notification of what is happening with the traffic group on the device.

Recommended Action:
None.


010c0057 : Activating traffic group %s

Location:
/var/log/ltm. Neither the Console nor the GUI provide it.

Conditions:
SOD has to activate the traffic groups in the device when certain configuration changes occur on the box, specially at boot time. This requires a deactivate/activate sequence, and, when the activate occurs, this log appears.

Impact:
None. This is a notification of what is happening with the traffic group on the device.

Recommended Action:
None.


010c005a : Dropping a failover packet that is too small (%u)

Location:
/var/log/ltm

Conditions:
This message indicates that a message was received by SOD on one of its failover listening addresses, but the message was not big enough to be a valid failover packet.

Impact:
Messages that arrive at the failover listening addresses that are too small to be valid are dropped. There is no other effect on system behavior beyond this.

Recommended Action:
If failover messages are not being received from another device in the failover-sync group, and these messages are present in the log, it may indicate an issue with the SOD daemon on the other device. Restarting SOD on the other device may clear the issue. If not, then support will need to be contacted.

Spurious occurrences of this log without other system issue, are not a cause for concern.


010c005b : Dropping a packet that is not a failover packet.

Location:
/var/log/ltm

Conditions:
This log message occurs if the SOD process receives a packet that is not a failover packet.

Impact:
The log (level Notice) is generated when an unknown packet is received by the SOD process and the packet is dropped.

Recommended Action:
None.


010c005e : Waiting for mcpd to reach phase base, current phase is %s

Location:
/var/log/ltm

Neither the GUI nor the console should display it.

Conditions:
This log appears when the switch over (failover) daemon is trying to establish a connection with MCP (configuration daemon). It reports the current MCPD phase in its boot-up sequence.

Impact:
None. This log is informing that MCPD is not ready yet to take any connection.

Recommended Action:
None.


010c005f : Mcpd has reached phase base, current phase is %s

Location:
/var/log/ltm

Conditions:
This is an informational message that SOD has connected to MCPD, and MCPD has reached a state where SOD can continue starting up. This is logged whenever SOD starts up and connected to MCPD and MCPD reaches at least the base phase.

Example:
Nov 11 07:35:24 lead notice sod[6502]: 010c005f:5: Mcpd has reached phase base, current phase is running.

If the following message is seen, and the "MCPD has reached phase base" is not seen afterwards, it may indicate an issue with MCPD.

Nov 11 07:35:00 localhost notice sod[6502]: 010c005e:5: Waiting for mcpd to reach phase base, current phase is platform.

Impact:
None.

Recommended Action:
None.


010c0063 : Waiting for Mcpd without a response. Try again...

Location:
/var/log/ltm

Conditions:
This log message occurs if the SOD process has not established a connection with the MCPD process.

Impact:
The log (level Notice) is generated once during every connection attempt to the MCPD process until a successful connection is established. The SOD process will not operate until this connection is established.

Recommended Action:
Investigate the state of the MCPD process and possibly try a process restart.


010c006a : Configuration CRC values disagree amongst peers. Suggest configsync peers.

Location:
/var/log/ltm
Observed in the UI Device Management "Details" status display.
In the "show cm traffic-group" command.

Conditions:
Configuration relevant to network failover is not in-sync between devices in a failover device group. This message can appear briefly when traffic-group configuration has changed but configsync has not yet completed to the other devices.

Impact:
Network failover calculations might not be correct, resulting in inconsistent (or no) selection of a next-active device, and failover to an unintended location.

Recommended Action:
Enable automatic sync for the failover device group (preferred).
Manually sync the new configuration to the device group.


010c006b : Configuration CRC values agree amongst peers

Location:
/var/log/ltm

There are other indications of configuration being out of sync between devices in the GUI and command line, but the setting and clearing of these indications are unrelated to this log message.

Conditions:
When traffic-group state from other devices is processed, this log appears if the devices in the failover-group did not previously have their configurations in sync.

Oct 13 06:59:37 BIGIP-1 notice sod[6779]: 010c006b:5: Configuration CRC values agree amongst peers.

Impact:
None: Indicates that configurations are now in-sync between devices in the failover-group.

Recommended Action:
None.


010c006c : proc stat: [0] %s

Location:
/var/log/ltm. Neither the console nor the GUI provide it.

Conditions:
SOD has a list of processes it monitors. When any of the processes goes away, this log message appears.

An example of relevant logs when tmm is restarted with bigstart restart follows:

Oct 12 10:23:14 BIGIP-2 warning sod[28395]: 01140029:4: HA proc_running tmm fails action is go offline and down links.
Oct 12 10:23:14 BIGIP-2 notice sod[28395]: 010c0050:5: Sod requests links down.
...
Oct 12 10:23:21 BIGIP-2 notice sod[28395]: 01140045:5: HA reports tmm NOT ready.
Oct 12 10:23:22 BIGIP-2 notice sod[28395]: 010c006c:5: proc stat: [0] pid:28459 comm:(tmm.0) state:S utime:93 stime:103 cutime:1 cstime:10 starttime:7709594 vsize:6928031744 rss:18225 wchan:18446744073709551615 blkio_ticks:9 [-1] pid:1887 comm:(tmm.0) state:S utime:158666 stime:34358 cutime:0 cstime:13 starttime:85235 vsize:6932230144 rss:19317 wchan:18446744073709551615 blkio_ticks:7 [-2] pid:1887 comm:(tmm.0) state:S utime:158655 stime:34355 cutime:0 cstime:13 starttime:85235 vsize:6932230144 rss:19317 wchan:18446744073709551615 blkio_ticks:7 .
Oct 12 10:23:24 BIGIP-2 notice sod[28395]: 01140030:5: HA proc_running tmm is now responding.
...
Oct 12 10:23:31 BIGIP-2 notice sod[28395]: 01140044:5: HA reports tmm ready.
Oct 12 10:23:31 BIGIP-2 notice sod[28395]: 010c0049:5: Tmm ready - links up.
Oct 12 10:23:34 BIGIP-2 notice sod[28395]: 010c006c:5: proc stat: [0] pid:27987 comm:(bigd) state:S utime:6 stime:2 cutime:13 cstime:5 starttime:7709247 vsize:47583232 rss:6415 wchan:18446744071579502277 blkio_ticks:1 [-1] pid:3648 comm:(bigd) state:S utime:1920 stime:604 cutime:12 cstime:10 starttime:176428 vsize:50548736 rss:6472 wchan:18446744071581059260 blkio_ticks:15 [-2] pid:3648 comm:(bigd) state:S utime:1920 stime:604 cutime:12 cstime:10 starttime:176428 vsize:50548736 rss:6472 wchan:18446744071581059260 blkio_ticks:15 .

The log will appear when the process goes away, and when it comes back.

Impact:
None. This log on itself only provides a notification that SOD detected a process going away. The rest of the logs relevant to the process that went away should give more information of what went wrong.

Recommended Action:
None.


010c006d : %s.

Location:
/var/log/ltm

Conditions:
Reports information about the system. It can change from release to release because it is a complete free-form log, and has no rules of what information it can convey.

Some examples are:
"Leaving Offline for Active for dbvar not redundant (tmm ready)"
"Leaving Offline for Standby for dbvar not redundant (tmm not ready)"
"Leaving Offline for Active for mate is active"
"Leaving Offline for Standby for dbvar is redundant"
"Leaving Standby for Offline for ha table offline_cond"
"Leaving Standby for Active for dbvar not redundant (tmm ready)"
"No peer active but stay put for longer."
"Leaving Standby for Active (best ha score)"
"Leaving Standby for Active (mate ha score)"

Impact:
None.

Recommended Action:
None.


010c006e : All devices in traffic group %s %s have a HA group.

Location:
/var/log/ltm

Conditions:
Two different cases for this log message.
Case 1: 'All devices in traffic group %s now have a HA group'
This case indicates that HA group is configured correctly on all devices for a traffic group.

Case 2: 'All devices in traffic group %s should have a HA group'
This case indicates that HA group is not configured correctly on all devices for a traffic group.

Impact:
Case 1 is informational, indicating that HA group is configured correctly.

Case 2 is an error condition, indicating that the configuration of HA group is not configured correctly on one or more of the devices. HA group will not operate correctly for this traffic group.

Recommended Action:
Fix the configuration of the HA group in the traffic group on all devices for case 2 log message.


010c0076 : Exceeded mcp recv soft limit: %d. Succeeded after %d messages.

Location:
/var/log/ltm

Conditions:
When SOD is starting, it establishes a connection with MCP. If initialization exceeds the expected number of messages, it will log this notification with the original expected limit and the actual number.

Impact:
None.

Recommended Action:
None.


010c0077 : Listening for unicast failover packets on address %s port %d.

Location:
/var/log/ltm

Conditions:
This message indicates that SOD is listening on the specified address and port for unicast network failover packets. It is logged when SOD starts up and begins listening for failover packets. It is also logged when a new unicast failover address is configured while SOD is running.

Impact:
None.

Recommended Action:
None.


010c007b : Deleted unicast failover address %s port %d for device %s.

Location:
/var/log/ltm

Conditions:
This log message appears when a unicast ip address is deleted on a device by the admin.

Impact:
This log message is an informational message that shows that a unicast address was deleted on a device.

Recommended Action:
None.


010c007e : Not receiving status updates from peer device %s (Disconnected).

Location:
/var/log/ltm

Conditions:
This message is logged on a peer device in the failover-sync group when it does not receive any network failover packets for the network timeout. This timeout defaults to 3 seconds.

Impact:
The device mentioned in the log message is marked as offline by the device logging the message, and is not eligible to be the next failover device.

Recommended Action:
The state of the device that was disconnected should be checked on the reported device. It could be a networking issue, a hardware issue, or an environmental issue.

Once the issue is corrected the device will start sending network failover packets and will be marked online again.


010c0082 : Sorted Load-Aware failover %s.

Location:
/var/log/ltm

Conditions:
This log message occurs if there is a change by the SOD process in the use of the internal Sorted Load-Aware failover algorithm. The message will appear if it was previously disabled and is now enabled, or if it was previously enabled and is now disabled.

Impact:
The log (level Informational) is generated once during a change in the internal algorithm state. The Load Aware algorithm is more efficient when Sorted is used, but it can only be used if all devices are capable of running it. The user cannot configure this or determine if it is in use solely by means of this log.

Recommended Action:
None.


010c0083 : No failover status messages received for %s seconds, from device %s (%s).

Location:
/var/log/ltm

Conditions:
This log message occurs when the SOD process has not received a failover packet from a peer connection during the configured timeout interval.

Impact:
The log (level Warning) is generated after an expected failover packet is not received before the configured timeout interval. This indicates that the peer is no longer sending failover updates to the SOD process, possibly indicating that the peer has become busy or is offline.

Recommended Action:
Investigate the state of the peer connection.


010c0084 : Failover status message received after %s second gap, from device %s (%s).

Location:
/var/log/ltm

Conditions:
This log message occurs when the SOD process receives a failover packet from a peer connection that it marked as no longer sending failover updates.

Impact:
This log (level Warning) is generated by a peer, which is no longer sending failover packets to the SOD process during the expected timeout interval, that has resumed sending packets. The time between packets (in seconds) is displayed.

Recommended Action:
This message is informational.


010c0085 : First failover status message received from device %s (%s).

Location:
/var/log/ltm

Conditions:
This log message occurs if the SOD process has received a message for the first time on a peer connection.

Impact:
The log (level Informational) is generated after the SOD process receives a message for the first time on a new peer connection. This log provides information to the user about this peer connection.

Recommended Action:
None.


010c0089 : Invalid go standby command. %s is not a valid traffic-group or device.

Location:
/var/log/ltm

Conditions:
If an administrator runs the cmd_sod command directly from the Linux shell, and provides an invalid argument.

Impact:
No failover.

Recommended Action:
Use the correct device or traffic group name.


010c008a : Invalid go standby command. %s is not a valid device.

Location:
/var/log/ltm

Conditions:
If an administrator runs the cmd_sod command directly from the Linux shell, and provides an invalid argument.

Impact:
No failover.

Recommended Action:
Use the correct device name.


010c008b : Unable to send to unreachable unicast address %s port %d.

Location:
/var/log/ltm

Conditions:
The failover daemon (sod) periodically sends UDP packets to other devices in the Device Service Cluster. A packet could not be sent, usually because the current routing table indicates there is no route to the destination device.

Impact:
When sod is unable to transmit Network Failover packets, other devices in the Device Service Cluster may conclude that the device is inoperative, and take over service.

Recommended Action:
Restore network connectivity between the devices.


010c008c : Previously unreachable unicast address %s port %d is now reachable.

Location:
/var/log/ltm

Conditions:
Clears the prior error condition has cleared.

Impact:
Restores normal transmission of network failover packets.

Recommended Action:
None.


010d0005 : Chassis fan %d: status (%d) is bad

Location:
/var/log/ltm

Conditions:
A sensor determined that the fan speed is zero (0) RPM, indicating the chassis fan is not rotating.

Impact:
One or more faulty fans reduces the cooling capacity of the system, which can result in overheating issues. This log entry triggers the alarm LED to turn red and display an alert on the LCD.

Recommended Action:
Check for obstructions blocking the fan blades. Replace the fan tray for the faulty fan.


010d0006 : Chassis power supply %d has experienced an issue. Status is as follows: %s

Location:
/var/log/ltm

Appears in GUI, console, and LCD.

Conditions:
A system power supply has failed.

Impact:
In a redundant power supply system, only one power supply will be operational.

Recommended Action:
Replace the failed power supply. If the message persists, file a support ticket.


010d0009 : %s: voltage (%d) is too high

Location:
/var/log/ltm

Conditions:
A voltage sensor reading exceeded the operational limits.

Impact:
Continued operation during these conditions can produce component failure or unexpected behavior. This log triggers a red LED alarm and displays an alert on the LCD.

Recommended Action:
Contact support for resolution.


010d0010 : %s: fan speed (%d) is too low

Location:
/var/log/ltm

Appears in GUI, console, and LCD.

Conditions:
A system fan failed to operate at the minimum speed.

Impact:
Depending on the failed fan, the system could power off if chassis or CPU temperatures exceed maximum operating temperatures.

Recommended Action:
Determine the failed fan by typing 'system_check -d' at the command line. File a support ticket to diagnose and resolve this hardware problem.


010d0017 : %s: milli-voltage (%d) is too low

Location:
/var/log/ltm

Appears in GUI, console, and LCD.

Conditions:
Loss of power, or input power is out of recommended range.

Impact:
If a loss of power caused the condition, power redundancy is compromised.
If a loss of power did not cause the condition, indeterminate behavior can result.

Recommended Action:
Verify power is applied to unit.
Verify that the power is the correct input range.
Replace PSU associated with the alarm.


010e0001 : Cannot communicate with MCPD server

Location:
/var/log/ltm

Conditions:
This can be a result of BIG-IP device being very busy. The SNMP agent is unable to communicate with MCPd and thus logs this message. This situation can recover if BIG-IP device becomes less busy. Internally the SNMP requests come into the agent via the MCPd daemon. Responses back to the requester traverse the path back by means of the MCPd as well.

Impact:
All user requests either by means of the cli or the access to SNMP agents will not be honored. The SNMP data will not be retrieved as the interface to the SNMP daemon is down.

Recommended Action:
As a last option, reboot the BIG-IP device.


010e0002 : Established new connection to MCPD server

Location:
/var/log/ltm

Conditions:
This message occurs when a connection or new connection is established with the MCPD server. This message is internal to our software and is only an informational message. MCPD is the master control process daemon which has a number of connections to other processes of which one is the snmpd. When it establishes a communication channel to the snmpd process this message is printed in the log.

Impact:
An internal informational message is logged each time the mcpd communication channel is established with the snmpd.

Recommended Action:
None.


010e0004 : MCPD query response exceeding %d seconds

Location:
/var/log/ltm

Conditions:
This error message occurs when the MCPd response time is very slow. The SNMP subagent is encountering long timeouts while communicating with MCPd. The system may be very busy.

Impact:
The SNMP request fails.

Recommended Action:
One can retry the request. Also, it is worth executing an unrelated tmsh command to see if the same slow response times are seen. Wait to see if it is temporary slowdown of MCPd. Stop any of the SNMP queries that are currently running. As a last option, restart the BIG-IP device.


01100002 : alertd is going down

Location:
/var/log/ltm

Conditions:
BIG-IP device is restarting, or just the alertd daemon is stopping or restarting.

Impact:
None, informational only.

Recommended Action:
None.


01100017 : Email action is failed for toaddress %s

Location:
/var/log/ltm
LCD
SNMP Trap

Conditions:
Email notification for system alert failed to be sent.

Impact:
No additional impact to the system.

Recommended Action:
Recommendation is to review SOL3667 at AskF5 where email notification configuration is described. Make sure there are valid "To" and "From" addresses configured.


01100042 : Failed with MCPD at: %s (%s)

Location:
/var/log/ltm

Conditions:
The alertd daemon has encountered an inter-process communication error with the mcpd daemon. When this happens, there is likely a problem with mcpd either being down or too busy.

Impact:
If the error is simply "Socket read", and non-repeating, it was likely a single case of congestion and should not have long-term impact.

Most of the other errors such as "Connect", "Subscribe", "MCP msg receive", "Socket/pipe select", "Socket error event", "syslog pipe error event", or "errdefs scoket error event" indicate a failure for the alertd daemon to initialize properly. In this situation, alert generation and their associated SNMP traps are likely to be inoperational.

Recommended Action:
Issue a 'bigstart status alertd mcpd' from the CLI. If either process is not in 'run' state, or if the associated log messages are persisting, try issuing a 'bigstart restart <alertd|mcpd>' depending on whether one is malfunctioning, or perhaps both.


01100043 : logcheck Notice: %s %d

Location:
/var/log/ltm

Conditions:
1. "Disconnect mcpd". alertd disconnects from mcpd when alertd is exiting, due to a restart or the BIG-IP system shutting down.
2. "Receive alert msg from diskmonitor". alertd received a message from the disk monitoring subsystem, leading to a check for log rotation.
3. "logrotate triggered by large log <name_of_log_file> of size <size> KB -"Available disk space is <size> KB". Occurs when logrotate is running to compress logs.

Impact:
None. This is not an error condition, but normal operation. logrotate runs periodically to compress logs.

Recommended Action:
None.


01100048 : "Log disk usage still higher than %d%% after logrotate and %d times log deletion"

Location:
/var/log/ltm

Conditions:
Disk usage has surpassed the percentage threshold specified by the DB variable "logcheck.warnthres", whose default value is set at 80%. This warning is given after the system has already tried to compress or delete older log files over a number of iterations indicated in the message (default is 24 iterations).

Impact:
Disk space is running low, which could impact the system's ability to perform logging functions, receive new software for upgrades, or perform any other function requiring additional disk space.

Recommended Action:
1. Delete any unnecessary large files on the system or older logs.

Use "du" to find where the largest files are located:
du -a | sort -n -r

Inspect /shared/images for any unwanted ISO files.

Inspect /var/log for any undesirable large files.

2. Modify the "logcheck.warnthres" value if user believes that the disk usage threshold for the warning is too low.

modify sys db logcheck.warnthres Value
Values:
  [enter integer value min:0 max:100]

3. Consider adding additional storage capacity.


01100049 : logcheck Info: %s %d

Location:
/var/log/ltm

Conditions:
Informational messages that indicate DB variable values, free disk space in /var/log, and notifications that old compressed files are being deleted to free up space.

Impact:
Informational, but in some cases, might indicate a low amount of disk space free and deletion of the oldest compressed log archives in /var/log/ltm.

Recommended Action:
If message indicates deletion of old, compressed files, try deleting any unnecessary files that may be contributing to low amount of free disk space.


01100053 : %s

Location:
/var/log/ltm

Conditions:
This message occurs when a system administrator uses the command "lcdwarn -p emergency MESSAGE". In this case, the BIG-IP system logs the string "MESSAGE" and displays "MESSAGE" on the LCD pane, under priority "emergency".

Impact:
The Alert LED on the front panel of the box blinks red.

Recommended Action:
Use the command "lcdwarn -c emergency" to clear all messages of priority "emergency" from the LCD panel.


01100054 : %s

Location:
/var/log/ltm

Conditions:
This message occurs when a system administrator uses the command "lcdwarn -p critical MESSAGE". In this case, the BIG-IP system logs the string "MESSAGE" and displays "MESSAGE" on the LCD pane, under priority "critical".

Impact:
The Alert LED on the front panel of the box is solid red unless a higher priority message is also being displayed.

Recommended Action:
Run the command "lcdwarn -c critical" to clear all messages of priority "critical" from the LCD panel.


01100055 : %s

Location:
/var/log/ltm

Conditions:
This string is generated when an administrator uses the command "lcdwarn -p alert MESSAGE". In this case, the BIG-IP system logs the string "MESSAGE" and displays "MESSAGE" on the LCD panel under priority "alert".

Impact:
The Alert LED on the front panel of the box will be solid red unless a higher priority message is also being displayed.

Recommended Action:
Run 'lcdwarn -c alert' to clear all messages of priority 'alert' from the LCD panel.


01100056 : %s

Location:
/var/log/ltm

Conditions:
This string is generated when an administrator uses the command "lcdwarn -p error MESSAGE". In this case, the BIG-IP system logs the string "MESSAGE" and displays "MESSAGE" on the LCD panel under priority "error".

Impact:
The Alert LED on the front panel of the box will blink yellow unless a higher priority message is also being displayed.

Recommended Action:
Run 'lcdwarn -c error' to clear all messages of priority 'error' from the LCD panel.


01100057 : %s

Location:
/var/log/ltm

Conditions:
This string is generated when an administrator uses the command "lcdwarn -p warning MESSAGE". In this case, the BIG-IP system logs the string "MESSAGE" and displays "MESSAGE" on the LCD panel under priority "warning".

Impact:
The Alert LED on the front panel of the box will be solid yellow unless a higher priority message is also being displayed.

Recommended Action:
Run 'lcdwarn -c warning' to clear all messages of priority 'warning' from the LCD panel.


01100058 : %s

Location:
/var/log/ltm

Conditions:
An administrator has run the command 'lcdwarn -p info MESSAGE'. MESSAGE is the text string logged and displayed on the LCD panel under priority 'info'.

Impact:
None.

Recommended Action:
Run the command 'lcdwarn -c info' to clear all messages of priority 'info' from the LCD panel.


01100059 : Found db_name %s without value - reset to default %s.

Location:
/var/log/ltm

Conditions:
The user issues the command 'tmsh modify reset-to-default' against sys db variables that are in use by the alertd daemon.

Impact:
None.

Recommended Action:
None.


01110001 : Error running %s

Location:
This message will be generated in the LTM log.

Conditions:
These messages will only be generated when configuration is being synchronized between a pair of devices running a version of TMOS prior to 11.0. In 11.0, a new synchronization system was introduced and this message is longer be generated.

Impact:
The sync request fails, and the other device still has the configuration prior to 11.0.

Recommended Action:
Determine why the sync failed. Disk usage on the local or peer device might be a factor, as well as differences in the base configuration on the peer device, which can cause validation errors. Those errors will be found in the peer device's logs.


01110034 : The configuration for running config-sync is incorrect.

Location:
/var/log/ltm

Conditions:
This message is only generated on versions of TMOS prior to 11.0. Any of the following conditions will cause it to be generated:

- The device is not part of a redundant pair (see DB variable failover.isredundant).
- The device does not have a peer IP configured (either configsync.peeripaddr or statemirror.peeripaddr is acceptable).
- This device is unable to reach the other device over iControl SOAP to determine that it is configured as part of a redundant pair.
- This device has the same hostname configured as the other device, or cannot reach the other device to obtain its hostname (see DB variable hostname).

Impact:
Sync is not possible until all of the above conditions are resolved.

Recommended Action:
Inspect the values of the DB variables and check for iControl connectivity between the two devices.


01140029 : HA %s %s fails action is %s.

Location:
/var/log/ltm

Conditions:
This message occurs when a component detects an HA failure condition, and requests the system to take corrective action.

The first field is the feature type, and the second field is the component name. The list of configured HA features is available through the 'show sys ha-status' command.

Impact:
The impact depends upon what corrective action is configured for the specified component.

Recommended Action:
Correct the issue that caused the component to fail.


0114002a : HA %s %s created.

Location:
/var/log/ltm

Conditions:
The creation of a new HA table entry. The first parameter is the HA table feature name, the second is the component that the feature was created for. The "show sys ha-status" command lists all the current HA Table entries.

Impact:
None. This is a debug-level informational message and is only observed if the component logging level changes from the default to 'debug'.

Recommended Action:
None.


0114002b : HA %s %s enabled.

Location:
/var/log/ltm

Conditions:
An HA Table entry is enabled for failure monitoring. The first parameter is the HA table feature name, the second is the component that the feature was created for. The "show sys ha-status" command lists all the current HA Table entries.

Impact:
None.

Recommended Action:
None.


0114002c : HA %s %s disabled.

Location:
/var/log/ltm

Conditions:
Failure monitoring is disabled for an HA Table entry. The first parameter is the HA table feature name, the second is the component that the feature was created for. The "show sys ha-status" command lists all the current HA table entries.

Impact:
Failure of the designated component will not be detected.

Recommended Action:
None.


01140030 : HA %s %s is now responding

Location:
/var/log/ltm

Conditions:
An HA error condition no longer exists for the specified feature.

Impact:
The system may be able to exit the failure condition required by the HA error condition.

Recommended Action:
None.


01140043 : Ha feature %s reboot requested

Location:
/var/log/ltm

Conditions:
This message is issued when an HA system detects that a reboot should be performed. The most common occurrences are during administrator-requested reboots or a change of boot location:

Ha feature reboot_request_t reboot requested.
Ha feature software_update reboot requested.

Other components may be administratively configured to cause a reboot on failure.

Impact:
The device reboots.

Recommended Action:
If the reboot was unintentional, identify the failing component indicated by the 'feature', and other preceding log message that references this 'feature', and determine why that component failed. If a reboot is not an appropriate action for that component failure, reconfigure it for a different action.


01140044 : HA reports tmm ready

Location:
/var/log/ltm

Conditions:
The TMM is ready to process traffic.

Impact:
It's not an error.

Recommended Action:
None.


01140045 : HA reports tmm NOT ready

Location:
/var/log/ltm

Conditions:
It occurs any time that the tmm starts (or restarts), during the period from startup until when the TMM completes initialization.

Impact:
No traffic is processed until the TMM is ready.

Recommended Action:
Wait for the TMM to become ready.


01140100 : Overdog daemon startup

Location:
/var/log/ltm

Conditions:
The system is starting up and the HA watchdog is now active.

Impact:
The system will now respond to HA error conditions.

Recommended Action:
None.


01140101 : Overdog daemon shutdown

Location:
/var/log/ltm

Conditions:
The system watchdog daemon (overdog) has been shut down, typically because the system is shutting down or rebooting.

Impact:
Watchdog monitoring is no longer active.

Recommended Action:
Wait for the system to finish shutting down.


01140102 : Overdog daemon requests reboot

Location:
/var/log/ltm

Conditions:
The overdog daemon has detected that a subsystem has requested an HA action of "reboot", and is initiating the operation.

Impact:
The system will reboot.

Recommended Action:
None.


01140103 : Watchdog touch enabled with %d seconds

Location:
/var/log/ltm

Conditions:
This message is issued when the system watchdog process (overdog) initiates the hardware watchdog feature.

Impact:
If the system becomes non-responsive, it will automatically reboot.

Recommended Action:
None.


01140104 : Watchdog touch disabled

Location:
/var/log/ltm

Conditions:
This message is issued when the hardware watchdog process (overdog) disarms the hardware watchdog and stops periodic updates. This occurs automatically when the system is already rebooting, or when the administrator disables the hardware watchdog by setting the watchdog.state DB variable to "disable".

Impact:
The hardware watchdog will not automatically reboot the system.

Recommended Action:
Enable the watchdog function by setting the watchdog.state DB variable to "enable".


01140106 : Overdog daemon calling bigstart restart

Location:
/var/log/ltm
console

Conditions:
An HA Table failover action that specifies 'restart-all' has been triggered.

Impact:
All traffic groups will fail over to a peer device, and all local services are restarted.

Recommended Action:
None.


01150216 : Notice from %s: %s

Location:
/var/log/gtm

Conditions:
This is a generic logging message for the daemon "named" that occurs when the daemon checks if the current config file or current zone file is valid, and encounters an unknown error.

Impact:
Any recent changes to the named or zone file configuration will not take effect.

Recommended Action:
Use any information presented in the message to determine what action, if any, is required. This message could indicate an error in the named config or zone files, located in the directory "/var/named/config".


01160004 : LACPD reporting error conditions

Location:
/var/log/ltm

Conditions:
LACPD system encountered an unexpected I/O error when communicating with configuration delivery system (MCPD).

Impact:
No link aggregation functionality.

Recommended Action:
Inspect the /var/log/ltm file for additional errors and warnings and try to correlate the LACPD messaging error with MCPD errors.


01160005 : LACPD reporting internal error conditions

Location:
/var/log/ltm

Conditions:
LACPD system encountered an unexpected error within the BIG-IP system, when transmitting PDUs to the Broadcom switch daemon (bcm56xxd) or requesting PDUs from bcm56xxd via HAL messaging.

Impact:
Degraded or no link aggregation functionality.

Recommended Action:
Inspect the /var/log/ltm file for additional errors and warnings, and try to correlate the LACPD messaging error with bcm56xxd errors.
Issue "tmsh show sys service bcm56xxd" and "tmsh show sys service lacpd", and verify the status of the services.


01160009 : LACPD reporting a link being added to aggregation

Location:
/var/log/ltm

Conditions:
A link was added to aggregation.

Impact:
The user configuration changed to add a new port to the LACP trunk. This message is informational only.

Recommended Action:
None.


01160010 : LACPD reporting a link being removed from aggregation

Location:
/var/log/ltm

Conditions:
A link was removed from aggregation.

Impact:
The user configuration changed to remove the port from the LACP trunk. This message is informational only.

Recommended Action:
None.


01160011 : LACPD reporting a churn condition

Location:
/var/log/ltm

Conditions:
LACP detects an operable port, but the Actor has not attached the link to an Aggregator and brought the link into operation within a bound time period. Continued failure to reach agreement can be symptomatic of device failure.

Impact:
The churn condition is informational.

Recommended Action:
Inspect the /var/log/ltm file for additional LACP errors and warnings.
Inspect the LACP configuration of the devices.


01160012 : LACPD reporting a churn condition

Location:
/var/log/ltm

Conditions:
LACP detects an operable port, but the Partner has not attached the link to an Aggregator and brought the link into operation within a bound time period. Continued failure to reach agreement can be symptomatic of device failure.

Impact:
The churn condition is informational.

Recommended Action:
Inspect the /var/log/ltm file for additional LACP errors and warnings.
Inspect the LACP configuration of the devices.


01160016 : LACP reporting an internal condition as informational message

Location:
/var/log/ltm

Conditions:
Internal LACP system has encountered an unexpected condition. Conditions can vary and be caused by but not limited to:
- Linux socket errors, which may be temporary in nature
- Device misconfiguration

Impact:
Varies considerably with specific message. It may indicate a configuration error somewhere else in the system.

Recommended Action:
Inspect the /var/log/ltm file for additional errors and warnings and try to correlate the LACP messaging with another system that may be misconfigured or malfunctioning.


01160017 : Internal Link %s is AVAILABLE.

Location:
/var/log/ltm

Conditions:
When an internal trunk's member interface is up. This should only happen on a BIG-IP version 9.0 platform (3400, 6400, 6800, 8400, or 8800).

Impact:
This is an Information only message, and not an error message. It is logged at INFO level.

Recommended Action:
None.


01160018 : Internal Link %s is UNAVAILABLE.

Location:
/var/log/ltm

Conditions:
When an internal link for an internal trunk goes down. This only applies to BIG-IP version 9.0 platforms (3400, 6400, 6800, 8400 and 8800) and should only happen when tmm or bcm56xxd goes down or is restarted.

Impact:
This is an information message on an internal link status.

Recommended Action:
None.


01160024 : %s

Location:
/var/log/ltm

Conditions:
Sample messages: warning: no receive on 0.1 for 15s (timeout=30s)
                 warning: no receive on 4.3 for 30s (timeout=60s)

This warns when the timeout reaches the halfway point for early diagnosis of potential LACPd issues when monitoring customer trunks.

Impact:
None.

Recommended Action:
Check /var/log/ltm to see if there are any other log messages that can explain lacpd issues.
Investigate lacpd statistics.


01170003 : halGetDossier returned error (%d): Dossier generation failed.

Location:
/var/log/ltm/, console

Conditions:
This error occurs whenever dossier fields like the MAC address, unique device ID (AOM ID) is empty. These fields can be empty if there is a manufacturing error, or if BMC (in case of BIG-IP iseries) or LOP (in case of BIG-IP 4000-series, 5000-series, 7000-series, 10000-series) is not responsive. The details as to which dossier field is unavailable can be seen in /var/log/ltm.

For example. in /var/log/ltm:
err chmand[837]: 012a0003:3: getAomDeviceId error: No AOM id found ...
err chmand[837]: 012a0003:3: DossierReq exception: BmcDev: getAomDeviceIdIpmiCmdDev: f5OEMCmd: command 115 (cc=193) Invalid Command

warning get_dossier[8502]: 012a0004:4: hal_request_dossier: request failed
err get_dossier[8502]: 01170003:3: halGetDossier returned error (1): Dossier generation failed.

Impact:
Without a valid dossier, one cannot license a BIG-IP system. Every time a dossier request is sent, this error will be displayed on the console and logged in /var/log/ltm.

Recommended Action:
None. Contact F5 support.


01170012 : Unsupported argument (-%c).

Location:
/var/log/ltm

Conditions:
A user provides an unsupported argument when using the get_dossier application. The erroneous execution also provides the list of supported arguments in its output.

Impact:
get_dossier application fails to generate the dossier.

Recommended Action:
Provide arguments that are supported by the get_dossier application.


01170019 : Detected Registration Key-Less dossier generation for CSP.

Location:
/var/log/ltm

Conditions:
The BIG-IP system is licensing with an Hourly Billing license in a cloud environment supported by BIG-IP VE.

Impact:
Not an indicator of any kind of error with dossier generation or licensing.

Recommended Action:
None.


01170020 : Option -%c requires an argument.

Location:
/var/log/ltm

Conditions:
Some command-line options in get_dossier also require an argument value.

Impact:
get_dossier application fails to generate the dossier.

Recommended Action:
Must provide an argument value for get_dossier command line options that require a value.


01170021 : Invalid value (%s) passed for option (-%c).

Location:
/var/log/ltm

Conditions:
When using get_dossier, an invalid value for a command line option.

Impact:
get_dossier application fails to generate the dossier.

Recommended Action:
Provide correct values for command line options that are supported by the get_dossier application.


01180010 : [license processing][error]: %s

Location:
/var/log/ltm

The contents of /var/log/ltm can be viewed in the GUI under System > Logs > Local Traffic.

Conditions:
This group of messages includes messages that are generated internally by the license parsing code. They include three general cases:
1) The license file contains errors
2) The parsing code contains errors
3) mcpd's license load/validation code contains errors

The probable cause for this message is an error in copying the license file, for example, introduced during a manual license installation.

Impact:
The BIG-IP system does not function until it can successfully parse and evaluate the installed license file.

Recommended Action:
Re-license the box. If re-licensing does not solve the problem, contact F5 Support.


01190003 : arp_input: packet too short (%lu/%lu)

Location:
/var/log/ltm

Conditions:
The received ARP packet is invalid because the packet is too short.

Impact:
The packet will be dropped.

Recommended Action:
None.


01190004 : address conflict detected for %a (%m) on vlan %d

Location:
/var/log/ltm

Conditions:
Another node on the network issued a gratuitous ARP for an address configured on the BIG-IP device.

Impact:
An interruption for traffic using that IP is likely.

Recommended Action:
Assign a different IP address to the other node. The MAC address logged in the message can be used to identify the node.


01190007 : Neighbor update, route lookup failed, address = %la%%%u

Location:
/var/log/ltm

Conditions:
Creating a static ARP entry in which there is no route associated with that IP address.

Impact:
A static ARP entry becomes bogus in TMM, although it is still shown in the MCP database.

Recommended Action:
Before creating a static ARP entry, make sure that there is a route associated with the IP address of the static ARP entry.


01190008 : Neighbor update, route is not link type, address = %la%%%u

Location:
/var/log/ltm

Conditions:
Creating a static ARP entry in which the route associated with that IP address is not a link (interface) route.

Impact:
A static ARP entry becomes bogus in TMM, although it is still shown in the MCP database.

Recommended Action:
Before creating a static ARP entry, make sure that there is a link (interface) route associated with the IP address of the static ARP entry.


01190009 : Neighbor update failed, err = %E, address = %la%%%u, ifc name = %s

Location:
/var/log/ltm

Conditions:
Internal TMM error (e.g., out of memory) when creating a static ARP entry.

Impact:
A static ARP entry becomes irrelevant in TMM, although it is still shown in the MCP database.

Recommended Action:
Delete a static ARP entry and re-create it again.


01190010 : Neighbor delete failed, err = %E, address = %la%%%u

Location:
/var/log/ltm

Conditions:
When trying to delete an non-existing static ARP entry in TMM.

Impact:
No static ARP entry is deleted in TMM.

Recommended Action:
None.


011b0203 : Error '%s' opening file %s

Location:
/var/log/ltm

Conditions:
This error indicates that the merge daemon, merged, or statistics daemon, statsd, failed to open a file to read. This error identifies the file that failed to open. For example, the message "Error 'No such file or directory' opening file /sys/block/sda/stat" could mean that a drive is defined by the operating system, but the statistics are not yet available, or are no longer available. This error could happen on disk failure.

Impact:
Statistics for the disk are not available when the file is /sys/block/sda/stat. For files in /var/rrd, historical statistics are not be available.

Recommended Action:
No known workaround is available for /sys/block/sda/stat. Rebooting or replacing the failed drive might make statistics available for a failed drive. For /var/rrd, ensure that the directory exists, and is writable and executable. Ensure that the info files in /var/rrd are readable, and that the data files are readable and writable.


011b020b : Error '%s' scanning buffer '%s' from file '%s'

Location:
/var/log/ltm

Conditions:
A round-robin database (RRD) info file is not valid. At the end of the file, there should be a checksum hash on a line that begins "#CRC " followed by a number. This line was not found.

Impact:
The RRD files store historical statistics. The invalid info file prevents certain historical statistics from being read and updated. This affects specific reporting of these statistics like TMSH show commands and TMUI statistics views.

Recommended Action:
Remove or move away the invalid info file and restart statsd. You may need to remove or move away the corresponding data file with the same prefix.


011b0233 : CACHE MISS during %s, prev=%s, curr=%s.

Location:
/var/log/ltm

Conditions:
This log will occur if a statsd query fails to find the requested data in the cache. There is an internal cache within statsd that will store previously gathered full rows of stats data, thus allowing quicker access to the user. The stats cache is a certain size. If a user queries a stat and it is not present, then a cache miss occurs. The statsd process then needs to gather the requested stats for that query.

Impact:
If there are a lot of cache misses, then a performance impact is expected.

Recommended Action:
None.


011b0236 : Merged iStats merge interval changed to be every %d seconds.

Location:
/var/log/ltm

Conditions:
Logged at Notice level when the istats merge interval is modified by changing the value of the merged.istats.merge.interval variable.

Impact:
Reports a configuration change for a user.

Recommended Action:
None.


011b0237 : Merged iStats merge interval called with %d.

Location:
/var/log/ltm

Conditions:
A debug level message logged when the istats interval has expired and there are dynamic statistics to merge.

Impact:
Informational only.

Recommended Action:
None.


011b0309 : %s %s %s

Location:
/var/log/ltm

Conditions:
This error is reported when statsd or merged gets an error from mcpd. The most common example is "tmstat_sample not ready". This message typically happens on startup when statsd requests data from mcpd but merged has not yet merged any data. This message can also occur if there is an error with the /var/tmstat/cluster directory.

Impact:
Statsd will not be able to collect historical statistics, so they will not be available to tmsh show commands and tmui views.

Recommended Action:
If the message only occurs on startup, then it can be safely ignored. Otherwise, verify /var/tmstat/cluster exists and has permissions for merged.


011b032e : Graph '%s' is not supported, possibly because it is not licensed, or a license has expired.

Location:
/var/log/ltm

Conditions:
This message generated by the statsd daemon. The daemon provides services related to statistical data.

It is possible that the license has expired or that the particular graph is not licensed. A user action is required to update the license, so that graph creation is permitted.

Impact:
The Graph is not created and the message is logged.

Recommended Action:
Either update the license or call F5 support to acquire the needed license. A "tmsh install sys license" command will install the license.


011b0600 : Error '%s' during rrd_update for rrd file '%s'

Location:
/var/log/ltm

Conditions:
An attempt to update a round-robin database (RRD) file for historical statistics failed. This error typically means that the data file is corrupt. This error can also be caused by problems with the /var/rrd directory, such as the directory is missing or does not have write and execute permissions.

Impact:
The specific historical statistics are not updated so they are no longer reliable. If the data file is corrupt, this error can also affect reading the old historical statistics, so that statistics reports like TMSH show command or TMUI statistics views might not properly report the specific statistics.

Recommended Action:
Verify that the /var/rrd directory exists, and has write and execute permission. If the directory exists with write and execute permission, remove the specific data files, and then restart statsd to recreate the file.


011b0601 : Error '%s' during rrd_graph for graph '%s'

Location:
/var/log/ltm

Conditions:
This error is logged whenever the rrdGraph function fails for any reason.

Impact:
The specific graph is not created.

Recommended Action:
Reattempt the creation. If that fails, restart statsd daemon using "bigstart restart statsd" command.


011b0816 : Statistic collection has ALREADY been started.

Location:
/var/log/ltm

Conditions:
A message is informational (not an error) and is logged when a stat collection is already initiated, and is somehow re-initiated.

This condition can occur when a device in a clustered environment transitions from the HA failover state of primary, to backup, and then back to primary within the stat collection period. Stats collection is initiated on the primary device within an HA clustered environment.

Impact:
None.

Recommended Action:
None.


011b0826 : Cluster collection start error.Exitting

Location:
/var/log/ltm

Conditions:
The statsd daemon failed to read the /config/statsd.conf file, and configure itself to collect historical statistics. This condition might be caused by this file being invalid or a problem with permissions to read the file. It might also be a problem with system resource exhaustion, where file descriptors or memory are not available.

Impact:
No historical statistics will be collected. This issue occurs in all statistics reports that include historical statistics, such as various TMSH show commands and TMUI statistics views.

Recommended Action:
Verify that the /config/statsd.conf file has read permissions and that the file exists. Verify that the file format is valid using the -p (dash p) option of /usr/bin/statsd. Verify that adequate system resources are available. After fixing the problem, restart statsd by using the command "bigstart restart statsd".


011b0900 : TMSTAT error %s: %s

Location:
/var/log/ltm

Conditions:
This error means that the merge daemon, merged, or statistics daemon, statsd, failed to query statistics. This generic error reports a range of underlying causes for the failed query. For example, the error "TMSTAT error max disk stat: read failed." can mean that a drive is defined by the operating system, but that the statistics are not yet available, or are no longer available. This can happen on disk failure. Another example is the error "TMSTAT error tmstat_query cpu_info_table: Cannot allocate memory", which can mean that merged has run out of memory.

Impact:
Statistics for a disk are not available when the error "max disk stat" occurs. For other errors, the message details indicate the statistics that are not available. For example, "cpu_info_table" indicates that the CPU usage statistics have failed.

Recommended Action:
There is no known workaround for a "max disk stat" message. Rebooting or replacing the drive might cause the operating system to make statistics available for a failed drive. For a "Cannot allocate memory" message, restarting merged might make statistics available.


011b090c : tmstat_query_rollup on table %s called

Location:
/var/log/ltm

Conditions:
If debug log is turned on for statsd, then when a stats table roll up is done, typically every 30 seconds, a log message is generated indicating which table roll up is being done.

Impact:
Lots of log messages with the log level set to Debug.

Recommended Action:
Turn off the debug log level to something like informational.


011b090e : getTMValueUNKeyed start

Location:
/var/log/ltm

Conditions:
One is trying to get a statistics value from a table that does not have a key column or the key column is ignored, for example, for a roll up query.

Impact:
No impact. This log message is informational and not an error. A roll-up query is a valid type of query where keys are not specified and data from several tables is summarized.

Recommended Action:
None.


011b090f : DNS Services request rate limiter engaged.

Location:
/var/log/ltm

Conditions:
The error message DNS Services request rate limiter engaged will appear in the /var/ltm log file when the DNS Services Requests Per Second license limit has been exceeded.

Impact:
Subsequent requests are dropped until the number of requests falls below the licensed threshold.

Recommended Action:
View the licensed DNS rate limit using the "tmsh show ltm profile dns" command.


011b0910 : DNS Services request rate limiter disengaged.

Location:
/var/log/ltm

Conditions:
The message DNS Services request rate limiter disengaged will appear in the /var/log/ltm log file when Requests Per Second returns to within the licensed limit.

Impact:
Subsequent requests are processed.

Recommended Action:
View the licensed DNS rate limit using the "tmsh show ltm profile dns" command.


011b0914 : No individual CPU information is available.

Location:
/var/log/ltm

Conditions:
On systems with HT Technology CPUs with split planes enabled, data plane tasks and control plane tasks are split and handled by separate logical cores (hyper-threads). If an error is encountered while collecting statistics on CPU usage in this environment then this message is logged.

Impact:
A transient error. No serious impact.

Recommended Action:
Subsequent statistics requests should recover from this error.


011b0999 : %s: %s

Location:
/var/ltm/log

Conditions:
This message generated by statsd. The daemon provides services related to statistical data.
These are debug logs that can only be turned on thru tmsh.

Impact:
The /var/log/ltm file starts filling up if debug is not turned off. The system does not have this enabled by default.

Recommended Action:
Change the setting through a tmsh command. For example, it can be changed to info or warn as shown below.

tmsh modify sys db log.statsd.level value info
OR
tmsh modify sys db log.statsd.level value warn
OR
tmsh modify sys db log.statsd.level value warning


011d0002 : No diskmonitor entries in database

Location:
/var/log/ltm

Conditions:
MCP is down, or the database is unavailable.

Impact:
The diskmonitor script will not run.

Recommended Action:
Check 'bigstart singlestatus mcpd' and verify it is in 'run'. If not, try rebooting the box. If the problem persists a support ticket should be filed.


011d0004 : Disk partition %s has only %d free

Location:
/var/log/ltm

Conditions:
When the BIG-IP file systems become full, the diskmonitor utility generates warning messages and traps. The diskmonitor utility script runs periodically on the BIG-IP system, alerting you if the partition space or volumes reach a defined threshold.

Impact:
- Upgrades or hotfix installations might fail to proceed.
- Daemon log messages might appear similar to the following examples:
    Couldn't write to <file> / <partition>
    Failed to open file
- System performance can degrade, for example, slow or failed disk writes can occur.

Recommended Action:
Please, refer to https://support.f5.com/kb/en-us/solutions/public/14000/400/sol14403.html for possible actions.


011e0001 : Limiting %s from %d to %d packets/sec for traffic-group %s

Location:
/var/log/ltm

Conditions:
The BIG-IP device throttles the rate of response messages that it sends in certain situations. It is a part of the DoS mechanism. This log information is generated when the BIG-IP device stops throttling the bandwidth for a class of response messages. Depending on the beginning of the log message, it indicates:
- "icmp unreach response" - throttling of ICMP unreachable responses.
- "icmp ping response" - protection from ping floods.
- "icmp tstamp response" - throttling of ICMP response timestamp responses.
- "closed port RST response" - throttling of TCP unreachable messages (no listener).
- "open port RST response" - throttling of responses about aborted TCP connections.
- "unreachable response" - a generic throttle for other kinds of messages, it also covers the specific case of IP reject.

Impact:
It is an information message. The BIG-IP device stopped throttling traffic that likely was generated by a DoS attack.

Recommended Action:
None.


011e0002 : %s: Aggressive mode %s %s (%llx) (%s %s). (%llu/%llu %s)

Location:
/var/log/ltm

Conditions:
1. db variable log.sweeper.activation.enabled is enabled.
2. The sweeper aggressive mode is activated or deactivated.

The BIG-IP device, or virtual server on BIG-IP sweeper, enters or leaves the aggressive mode and starts or stops to kill connections, reflecting the connflow load change on the BIG-IP device.

BIGIP aggressive mode is activated or deactivated, reflecting the traffic load change on BIG-IP device or the affected virtual server. If it is activated, it indicates that the BIG-IP device is overloaded by connflows in the related virtual server. If it is deactivated, it indicates that the load of connflows is reduced to normal level.

Note that if the db variable is disabled, the log will not show up.

Impact:
It is an informational message only.

Recommended Action:
The message is informational and as designed.
Reducing traffic to the BIG-IP device might prevent this message from appearing.
Turn off the db variable to turn off the log if the log is the only concern.


011e0003 : mode sweeper: %s (%llx) (%s %s) %d Connections killed

Location:
/var/log/ltm

Conditions:
1. db variable log.sweeper.activation.enabled is enabled.
2. At least one connection is killed by sweeper due to connflow overloaded on impacted BIG-IP device or the virtual server.

Note if the db variable is disabled, the log will not show up but the connection will still be killed.

Impact:
Connection gets killed by BIG-IP sweeper.

Recommended Action:
The connection gets killed by design. It might suggest that the impacted BIG-IP device or the impacted virtual server is overloaded.

Here are the options to avoid this:
1. Reduce the traffic load to BIG-IP device or affected virtual server.
2. Change eviction policy or adjust the policy parameter of the impacted virtual server.
3. Turn off the db variable to turn off the log, if the log is the only concern.


011f0001 : %s: Bad chunk state %d

Location:
/var/log/ltm

Conditions:
This error occurs due to an invalid or non-compliant HTTP chunking format, while parsing a chunked HTTP response and attempting to retrieve the chunk size. Possible conditions that trigger this error include a malformed HTTP response from the back-end web server, or a faulty LTM virtual server iRule that affects the HTTP response.

Impact:
When this error occurs, the TMM gracefully aborts (resets) the active HTTP connection with the malformed chunked response.

Recommended Action:
A workaround involves either a detailed server-side logging (on the back-end server) to track possible malformed HTTP chunked responses, or the addition of minimal instrumentation logs to the iRules that are potentially altering the HTTP response.


011f0004 : Invalid header insert profile, missing the colon separator in - %s

Location:
/var/log/tmm

Conditions:
HTTP's header insertion profile feature is used with invalid text. The expected value is of the form:

Header: Value

Impact:
The header will not be inserted.

Recommended Action:
Change the text for the inserted header to match the expected form.


011f0005 : HTTP header (%d) exceeded maximum allowed size of %d

Location:
/var/log/ltm

Conditions:
HTTP headers have a configurable size limit. The request or response includes headers that are too large. The size of headers (in bytes) exceeds the limit configured in the http profile.

Impact:
The connection will be dropped.

Recommended Action:
The size limit for http headers can be modified in the http profile.


011f0007 : %s - Invalid action:0x%x %s (%C) %s (%C)

Location:
/var/log/ltm

Conditions:
This error describes the state of the HTTP filter, and the attempted action. The IP address of the client and server (if available) are shown.

The HTTP Filter encountered an unexpected situation, for example:
- Internal Errors.
- Complex unexpected interactions between filters.
- Complex IRule interactions.
- HA desynchronization.
- RFC violations

Impact:
The connection will be dropped.

Recommended Action:
A TCP Dump might be required in order to determine the exact sequence of events required to trigger the issue. Typically, this error is triggered by an unusual situation not covered by other error messages.


011f0008 : %s - Invalid state transition to %s

Location:
/var/log/ltm

Conditions:
A faulty iRule typically triggers this error, interfering with the normal flow of events in the TMM connection flow. For example, this error can occur when forcibly closing an HTTP connection while redirecting, all within an iRule handling the HTTP request event.

Impact:
This error can result in a range of conditions: from receiving a simple, benign notification to resetting (or aborting) the active connection, depending on how the iRule handles the related connection flow events.

Recommended Action:
When this error occurs, it indicates that an iRule attempts to alter the traffic flow on a virtual server in an unexpected way. The cause can be determined with additional logging in the iRule, and examination of the invalid state transition that is logged by the error.


011f0011 : HTTP header count exceeded maximum allowed count of %d

Location:
/var/log/ltm

Conditions:
The request or response has headers that are too large. The number of headers exceeds the limit configured in the http profile.

Impact:
The connection will be dropped.

Recommended Action:
The limit for the number of http headers can be modified in the http profile. Note that increasing this limit will increase the total amount of TMM memory that can be taken by a http connection.


011f0012 : HTTP profile option %s incompatible with proxy_type. Using default instead.

Location:
/var/log/tmm

Conditions:
Some HTTP profile field options are gated by the HTTP proxy type. If the field value is disallowed, then the default will be used.

This typically occurs due to the use of non-default enforcement options when the proxy type is not "transparent".

Impact:
This is a warning that the particular profile options selected are not in effect. The default behavior will be used instead.

Recommended Action:
1) Revert the profile field value to the default, or to a value allowed by the HTTP proxy type.

2) Inherit from a HTTP profile with a different proxy type that allows the wanted values.


011f0016 : %s - Invalid action:0x%x Server sends too much data. serverside (%C) clientside (%C)

Location:
/var/log/tmm

Conditions:
The HTTP server has responded with more data than expected. It either is returning more data than indicated by the Content-Length header, or more data after the ending chunk in Chunked Encoded transfers. This behavior is not compliant with the RFC.

Impact:
The TMM has lost synchronization with the HTTP servers data stream. The BIG-IP device cannot parse headers any more. The connection to the server will be aborted.

Recommended Action:
The back-end web application should return the correct size of its content body in the Content-Length header or Chunk headers.

If the back-end is the Internet (in a forward proxy scenario), setting the "pipeline" option to passthrough might be appropriate.


011f0017 : Config error: HTTP Header Entry [%s:%d] update: agent clone failed

Location:
/var/log/tmm

Conditions:
The probable cause for this message is internal to the BIG-IP system: when an http_header_entry agent, in a per request policy in APM, is modified, failure can happen while cloning it, because the pointer to the agent entry is NULL.

Impact:
The update made to the HTTP Header Modify agent in per-request policy is lost and logs this error message.

Recommended Action:
Update to HTTP Header Modify agent in per-request policy can be made again.


01200009 : Packet rejected remote IP %*A port %d local IP %*A port %d proto %s: Connection limit exceeded.

Location:
/var/log/ltm

Conditions:
The connection has been rejected because the per-virtual connection limit has been reached.

Impact:
New connections will not be established until the open connection count falls below the limit.

Recommended Action:
None.


01200012 : Warning, connections equals limit %F, proto %s, VS %s: Connection limit reached.

Location:
/var/log/ltm

Conditions:
The connection limit for the virtual address/node address/snat address has been reached. In a single tmm system, it is the total connection limit for that tmm. In a cmp system, the tmm's connection limit is determined by the conn_limit/number of active blades. If it does not divide evenly, then the remainder is distributed among the members of low pg number blades.

The connection limit can be set by modifying "connection-limit" for an ltm virtual-address, virtual, snat-translation, node, or pool members. A value of 0 indicates no limit.

Impact:
Any future connection to this tmm for the particular address will result in it being rejected by the tmm.

Recommended Action:
Adjust the connection-limit as appropriate.


01200014 : Warning, connections equals limit %F, proto %s, RD %s: Connection limit reached.

Location:
/var/log/ltm

Conditions:
This will occur if BIG-IP reaches the maximum number of connections for the given protocol on the given route domain.

Impact:
The new connection will not be made.

Recommended Action:
None.


01200016 : Warning, node IP %*A has reached its connection limit.

Location:
/var/log/ltm

Conditions:
Connection limit has been reached on the specified Node.

Impact:
It's an information message. The user can expect TMM to refuse further connections for that Node.

Recommended Action:
Consider reviewing your configuration to possibly increase the Node connection limit if the situation is frequent.


01200017 : Warning, pool member IP %*A port %u for pool %s has reached its connection limit.

Location:
/var/log/ltm

Conditions:
Connection limit has been reached on the specified Pool Member.

Impact:
It's an information message. The user can expect TMM to refuse further connections for that Pool.

Recommended Action:
Consider reviewing your configuration to possibly increase the Pool Members connection limit if the situation is frequent.


01220001 : TCL error: %s

Location:
/var/log/tmm

This error appears in both GUI and console. The exact error message is in the printout.

Conditions:
An error occurred during iRule execution. The exact error message is in the printout.

Impact:
If the error occurred on a connection, the connection can become terminated.

Recommended Action:
To repress the error, use a catch command to prevent the error pass up.


01220002 : Rule %s: %s

Location:
/var/log/ltm

Conditions:
This error is present in the log when one of the following conditions occurs:
1. The iRule code includes a log statement which does not use any of the component, facility, and priority options.
   For example, the statement looks like:

   <some code>
   ...
   log "this is a log message without facility and priority"

2. There an error occurred during TCL compilation of the script.
   In this case, the message will include details of the error generated by the compiler
   and will be of the form "Rule <rule name> compilation failed: <compiler error here>"

Impact:
In the first case, normal log messages appear in the log with this code.

In the second case, the iRule will need to be modified to correct the error.

Recommended Action:
For the first case, it is recommended that the usage of the log command be changed to include facility and priority. For example, change the statement below:
   log "this is a log message without facility and priority"
to
   log local0.info "this is an info level log message"

For the second case, resolution is highly dependent on the error generated, but will most likely require modification
of the iRule source.


01220007 : No pending rule event found for %F

Location:
/var/log/ltm

Conditions:
This message indicates that upon resumption of iRule execution,
after a suspending operation has been executed (for example executing [table lookup key]),
the state of the flow is not as expected and is no longer in a suspending state.

A possible scenario involves an iRule that performs a side band connection as part of its logic, and has the connection reset by the peer while waiting for a response. For example, perform DNS resolution, or obtain some information from a server using HTTP request, and
wait for the answer.
When the suspending operation is completed, the flow cannot resume normal operation.

This condition should rarely be present during normal operation.

Impact:
If the flow was externally affected (terminated), it is likely not in service, so no impact is caused to traffic associated with the flow.
If the flow was not terminated, it is possible traffic associated with the flow may be impacted.

Recommended Action:
Ensure network conditions around the BIG-IP device does not contribute to this issue.

It is possible to forcibly terminate the flow if it still exists (for long held connections) by issuing the following command:
tmsh del sys conn cs-client-addr a.a.a.a cs-server-addr s.s.s.s cs-server-port p


01220008 : Unable to resume pending rule event %s for closed %F

Location:
/var/log/ltm

Conditions:
This message indicates that upon resumption of iRule execution,
after a suspending operation has been executed (for example executing [table lookup key]),
the flow is terminated due to another event.

A possible scenario involves an iRule that performs a side band connection as part of its logic, and has the connection reset by the peer while waiting for a response. For example, perform DNS resolution, or obtain some information from a server using HTTP request, and wait for the answer.
When the suspending operation is completed, the flow cannot resume normal operation.

This condition should rarely be present during normal operation.

Impact:
If the flow was externally affected (terminated), it is likely not in service, so no impact is caused to traffic associated with the flow.
If the flow was not terminated, it is possible traffic associated with the flow may be impacted.

Recommended Action:
Ensure network conditions around the BIG-IP device do not contribute to this issue.

It is possible to forcibly terminate the flow if it still exists (for long held connections) by issuing the following command:
tmsh del sys conn cs-client-addr a.a.a.a cs-server-addr s.s.s.s cs-server-port p


01220009 : Pending rule %s aborted for %F

Location:
/var/log/ltm

Conditions:
This is an information message, issued when one of the following event occurs:

A connection is torn down or aborted, where the connection has an iRule
   currently executing a suspending command (eg. [table lookup key])

Impact:
This is an information message only.

Recommended Action:
None.


01220010 : %d previous aborted rule log messages suppressed

Location:
/var/log/ltm

Conditions:
This log message is emitted under the following conditions:
1. The control used to suppress rule aborted messages is set to a non-default number greater than 1 (TBD see reference for ltm global-settings rule rule-aborted-log-ratio)
2. There were N (the number set for the control) aborted rule events.

This message indicates that the previous N occurrences of aborted rules were suppressed.
The message is generated to ensure that when the control is set to a value larger than 1 (presumably a large number), the actual number of aborted rule executions is recorded.

Impact:
When a user sets the control referred to above to a number other than 1 (and presumably large), the number of log messages in /var/log/ltm is reduced, but this message is emitted whenever a sufficient number of aborted rule executions has occurred.

In effect, the number of logged messages is reduced from 1 message per occurrence to 2 per N occurrences.

Recommended Action:
The user can set the value of the control referred to above to the default of 1 to prevent this message from appearing in the log.


01220011 : Pending rule %s aborted for context %llx

Location:
/var/log/ltm

Conditions:
An iRule using a parking command (table, after, etc) is on a virtual server. A flow on that virtual server is running the iRule and the iRule is parked, but the flow has been closed before the iRule could unpark (usually because of an abort).

Impact:
The iRule does not finish executing.

Recommended Action:
The primary recommended action is to ensure that aborts are not common for flows on virtual servers with parking iRules. The secondary recommended action is to put as much of the state changing operation of the iRule before any parking commands.


01230001 : Interface %d.%d: link is up, %dMbps %s

Location:
/var/log/ltm

Conditions:
Occurs on startup as informational message about an internal interface link status. If this message doesn't occur, then likely a different issue occurred related to device initialization.

Impact:
None.

Recommended Action:
None.


01230002 : Interface %d.%d: link is down

Location:
/var/log/ltm

Not on console or in GUI

Conditions:
This message is logged when internal interfaces used to communicate with F5 internal high speed bridges transition from up to down in tmm and report to the master control process (mcp). This is not a spontaneous link failure, but a controlled action, when the tmm process is exiting.
This is an informational log on an internal link status.

This message will appear once for every internal interface when the tmm processes restart. The user can verify that the interface comes back up with the following command:
tmsh show net interface <interface_number> -hidden

At this time, there is not a corresponding message when the interface comes back up.

Impact:
None, this is informational

Recommended Action:
None.


01230032 : Interface %s not found

Location:
/var/log/ltm

Conditions:
When processing a trunk member configuration change, if the tmm can not find the interface in its interface list then it logs this message.

Impact:
The trunk configuration or status might not be configured properly and not deliver traffic.

Recommended Action:
Check the configuration. Restart system. Force-load mcp binary db (https://support.f5.com/csp/article/K13030)


01230066 : Vlan %s - untagged interface %d/%d currently in use on vlan %s

Location:
/var/log/ltm

Conditions:
This VLAN is trying to use an interface as untagged when the interface is already used as untagged on another VLAN.

Impact:
The interface will not be used.

Recommended Action:
Do one of the following: Use the interface as a tagged interface, change the interface to a tagged interface on the other VLAN, or choose a difference interface.


01230087 : Vlan %s, member %s instance add error %u

Location:
/var/log/ltm

Conditions:
1. TMM is out of memory (error value in the log message will be 1 in this case).
2. There is an error in the member interface that was not caught by the configuration subsystem.

Impact:
The error can occur when configuring to add a member interface or trunk to a VLAN. When the error occurs, the error is logged, but the VLAN member configuration is allowed to proceed. The only feature impacted by this error in 13.0.0 is Layer 2 cloning (packets will not be cloned to the member interface where the error is encountered).

Recommended Action:
For error due to out of memory condition, locate processes occupying large amounts of memory, and restart if possible.


01230111 : Interface %d.%d: HSB DMA lockup on %s.

Location:
/var/log/ltm

Conditions:
The HSB hardware experiences some lockup conditions under certain circumstances.

A tmm reports that one of the internal interface that connects to the HSB DMA engine is in a bad lockup state on either the transmitter or receiver side.

Jun 14 04:46:12 slot1/BIG-IP1 crit tmm4[34471]: 01230111:2: Interface 0.5: HSB DMA lockup on transmitter failure.

Impact:
Traffic will be interrupted, and failover might be triggered. The BIG-IP system might reboot to recover. A core file might also be generated because this condition usually leads to the tmm missing heartbeats, and thus is aborted by sod.

Recommended Action:
When this condition happens, collect an HSB register dump by running the hsb_snapshot command before the BIG-IP system is rebooted, such that it may be examined by the firmware team for root cause analysis. If the condition continues, send the register dumps to the firmware team for analysis of possible hardware issues.


01230113 : "Unsupported media setting %s for interface %s"

Location:
/var/log/ltm, console

Conditions:
A media setting for an interface such as speed or duplex does not match the type supported by the physical port.

Impact:
The interface change will not occur. Normally, these settings are caught in configuration validation and not expected to be logged by tmm.

Recommended Action:
Check the configuration for the interface.


01230140 : RST sent from %A:%d to %A:%d, %s

Location:
/var/log/ltm

Conditions:
This message is logged only when the db variable tm.rstcause.log is set to TRUE.
This message includes the source address and port, destination address and port, and a description, if available. For example, "RST sent from 1.2.3.4:80 to 5.6.7.8:56789, No flow found for ACK".

Impact:
When the db variable tm.rstcause.log is enabled, performance might be affected.

Recommended Action:
This db variable tm.rstcause.log is off by default. To turn off these messages, set the db variable tm.rstcause.log to disabled (tmsh modify sys db tm.rstcause.log value disabled).


01240006 : Error querying request URI: %s

Location:
/var/log/tmm

Conditions:
Inflate or Deflate filter is enabled on the virtual server, and no URI was found in the request. This might happen if client specifies legacy HTTP version 0.9 request without a URI, or an intentionally malformed request.

Impact:
Inflate/Deflate filter logs message, but continues processing. This condition does not trigger a connection reset or other response.

Recommended Action:
Check that all requests to virtual server are supplying a valid URI.


01260000 : Profile %s: %s

Location:
/var/log/ltm

Conditions:
This message occurs in the following cases:
* Cannot load a required file (key, certificate, CRL, CA)
* Forward Proxy is enabled, but not licensed
* The supplied cipher string resulted in no ciphers
* Problems with a FIPS key
* Invalid OCSP configuration.

Impact:
Any virtual server reporting this SSL configuration will not work as expected.

Recommended Action:
The message contains details about which error occurred. Use those details to determine a course of action. For example, if the detail is `could not load key file' determine which file it cannot load and why.


01260006 : Peer cert verify error: %s (depth %d; cert %s)

Location:
/var/log/ltm

Conditions:
The peer certificate failed to validate for any number of reasons (invalid certificate, out of date, and so on).

Impact:
The SSL handshake will be aborted.

Recommended Action:
The CA file might need to be updated. More likely, the peer certificate is simply invalid. This is mostly informative.


01260008 : SSL transaction (TPS) rate limit reached

Location:
/var/log/ltm

Conditions:
The SSL license has a limited number of transactions per second, and the incoming rate exceeds this.

Impact:
Any transactions exceeding the licensed limit will be aborted.

Recommended Action:
This is mostly informational, though an, `unlimited,' license is available.


01260009 : Connection error: %s:%d: %s (%d)

Location:
/var/log/ltm

Conditions:
* Various internal errors (unexpected states)
* An attempt to initiate a handshake while a handshake is in progress
* Anytime an SSL alert is sent

Impact:
This is informative and should have no effect on an existing connection.

Recommended Action:
Informative only. No workaround.


01260010 : FIPS acceleration device failure: %s

Location:
/var/log/ltm

Conditions:
The internal FIPS card is not responding correctly to requests. This is a hardware error.

Impact:
Performance degradation to performance cessation.

Recommended Action:
There is no workaround for this issue.


01260012 : Self-initiated renegotiation attempted while renegotiation disabled: %s

Location:
/var/log/ltm

Conditions:
An SSL client or server requests renegotiation when the corresponding SSL profile has renegotiation disabled.

Impact:
Renegotiation will not happen.

Recommended Action:
Enable `renegotiation' is the associated profile.


01260013 : SSL Handshake failed for <PROTOCOL> <SRC> -> <DST>

Location:
/var/log/ltm

Conditions:
The connection is closed before the SSL handshake completes.

Impact:
This is informative only. The peer closed the connection during an SSL handshake.

Recommended Action:
Informative only.


01260014 : Cipher %x:%x negotiated is not configured in profile %s

Location:
/var/log/ltm

Conditions:
Proxy-ssl is configured on the virtual server, passthru is not enabled, and the cipher negotiated by the client and server is not supported in the SSL profile.
Note: This message is deprecated. The new message is, ``Cipher %x:%x negotiated is not supported by Proxy SSL configured in virtual server %s''.

Impact:
The connection will not be allowed.

Recommended Action:
Add the necessary ciphers to the SSL profiles, or reconfigure the SSL server to only negotiate ciphers allowed by the profiles.


01260014 : Cipher %x:%x negotiated is not configured in profile %s

Location:
/var/log/ltm

Conditions:

Impact:
The connection will not be allowed.

Recommended Action:
Add the necessary ciphers to the SSL profiles, or reconfigure the SSL server to only negotiate ciphers allowed by the profiles.


01260015 : Certificate supplied by server (subject CN: %s) was not configured on virtual: %s

Location:
/var/log/ltm

Conditions:
Proxy SSL is configured and the certificate from the SSL server does not exist in any profiles attached to the virtual.

Impact:
An alert will be sent closing the connection.

Recommended Action:
Add the SSL server's certificate to a profile connected with the virtual.


01260017 : Connection attempt to insecure SSL server (see RFC5746) aborted: %A:%d

Location:
/var/log/ltm

Conditions:
Strict renegotiation is enabled on a server-ssl profile, and the SSL server is not capable of secure renegotiation.

Impact:
The connection to the SSL server will be aborted.

Recommended Action:
Only use SSL servers that support secure renegotiation.


01260018 : Connection attempt to insecure SSL server (see RFC5746): %A:%d

Location:
/var/log/ltm

Conditions:
An SSL server does not support secure renegotiation (defined by RFC 5746).

Impact:
This is informational only.

Recommended Action:
None.


01260024 : OCSP failure on profile %s, certificate with issuer %s and serial number %lx: %s - %s

Location:
/var/log/tmm

Conditions:
This message is seen when there is a failure in fetching OCSP response.

Impact:
None.

Recommended Action:
None.


01260025 : Cipher %x:%x negotiated is not supported by Proxy SSL configured in virtual server %s

Location:
/var/log/ltm

Conditions:
Proxy-ssl is configured on the virtual server, passthru is not enabled, and the cipher negotiated by the client and server is not supported in the SSL profile.

Impact:
The connection will not be allowed.

Recommended Action:
Add the necessary ciphers to the SSL profiles, or reconfigure the SSL server to only negotiate ciphers allowed by the profiles.


01260026 : No shared ciphers between SSL peers %A.%d:%A.%d.

Location:
/var/log/ltm

Conditions:
An SSL client attempts to connect to a BIG-IP device, but none of the sent ciphers match the configured ciphers in the client-ssl profile.

Impact:
The SSL client will be unable to connect to the BIG-IP device.

Recommended Action:
Determine which ciphers the SSL client is sending, and add one or more of them to the relevant client-ssl profile.


01260034 : SSL decryption canceled.

Location:
/var/log/ltm

Conditions:
When the SSL decryption process is intentionally canceled during the SSL handshake. Usually a result of a SSL client side's terminating of an SSL connection.

Impact:
None.

Recommended Action:
None.


01260039 : Block cipher data limit exceeded.

Location:
/var/log/ltm, GUI

Conditions:
Amount of data encrypted/decrypted using block cipher exceeded its safety limit. If this happens, SSL will attempt to renegotiate. If renegotiation failed, connection will terminate.

Impact:
If SSL renegotiation is successful, there is no impact. On the other hand, if renegotiation failed, connection will be terminated.

Recommended Action:
Make sure SSL renegotiation works correctly, or avoid block cipher with lower data safety limit: 3DES.


01260040 : SSID Message length exceeds maximum handshake size set for TMM.

Location:
/var/log/ltm

Conditions:
The BIG-IP system receives a very large handshake message, larger than the maximum size of the SSL handshake (default 32768 bytes), from an SSL client. This might happen when the SSL client supplies a very large client certificate chain.

Impact:
Even when a BIG-IP system receives such a large handshake message, and the connection switched to Passthrough mode for acceptance, such a receipt is not logged in the error log. This information might be useful for debugging purposes.

Recommended Action:
None.


01260041 : SSID SSL Fragmented handshake received.

Location:
/var/log/ltm

Conditions:
The BIG-IP system receives a 16,384-byte fragment or fragments of messages that are part of a larger handshake, from an SSL client. This might happen when the SSL client supplies traffic from a network that has a very low Message Transmission Unit (about 300 bytes).

Impact:
Even when the BIG-IP system receives such fragmented messages, and the connection switched to Passthrough mode for acceptance, such a receipt is not logged in the error log. This information might be useful for debugging purposes.

Recommended Action:
None.


0127000c : Coalesced (%lu) requests for the previous command into 1 execution

Location:
/var/log/ltm

Conditions:
Disabled by default. When syscalld debugging is enabled, appears in /var/log/ltm.

The same syscalld command is invoked in rapid succession.

Impact:
Instead of running the command once for every request, in order to prevent the system from being overrun, syscalld will combine invocations of the same command with the same arguments.

Recommended Action:
No action required. This message does not indicate a problem.


01280045 : Debug: %s

Location:
/var/log/ltm

Conditions:
STPD is running and debug logging is enabled.

Impact:
No impact - debug messages are to aid developers.

Recommended Action:
None.


01290003 : HALMSG reporting error conditions

Location:
/var/log/ltm

Conditions:
Various logs associated with errors encountered by the hardware abstraction layer (HAL) when using the inter daemon messaging interface during startup or normal operation.
Some typical examples are:
    "HalmsgTerminalImpl_::sendMessage() Can't create HalmsgConnection_"
    "HalmsgTerminalImpl_::sendMessage() Unable to send to any %s address", str

Impact:
The HAL messaging service might not create or maintain a connection between affected daemons, for transferring messages between registered HAL messaging component end points.

Recommended Action:
The specific log indicates if the error relates to system instability, where relevant daemons might not be running or responding. If the issue persists across daemon or system restarts, file a support ticket with more specific information, as indicated in the relevant log message.


01290004 : HALMSG reporting warning conditions

Location:
/var/log/ltm

Conditions:
Internal HAL messaging system has encountered an unexpected condition. Conditions can vary and be caused by but not limited to:
- Linux socket errors, which may be temporary in nature
- File operations that encounter names that are too long
- Messages from other processes that are too long

Impact:
Varies considerably with specific warning. It might indicate a configuration error somewhere else in the system.

Recommended Action:
Inspect the /var/log/ltm file for additional errors and warnings, and try to correlate the HAL messaging error with another system that might be misconfigured.


012a0000 : "LIBHAL reporting system is unusable"

Location:
/var/log/ltm

Conditions:
During startup or normal operation, the system logs various emergency level messages associated with errors encountered by the hardware abstraction layer (HAL) daemon. Some typical examples are:

      "Automatically rebooting to complete firmware update"
      "System rebooting ..."
      "Reboot required to fix PCIe hardware failure"
      "Blade %d power DOWN effected (as requested by %d via CAN bus %d)",...

Impact:
A system reboot might be required for continued operation, due to a possible failure of the HAL daemon or because firmware was updated.

Recommended Action:
The specific log indicates whether the error is related either to expected system restarts after firmware updates or to hardware and system instability issues. If the issue persists across daemon/system restarts, file a support ticket.


012a0002 : "LIBHAL reporting critical conditions"

Location:
/var/log/ltm

Conditions:
Various critical logs associated with errors encountered by the hardware abstraction layer (HAL) daemon during startup or normal operation.
Typical examples include:
   "platform_detect: no recognized platform detected."
   "critical platform initialize failure. exiting..."
   "hal_get_dossier: space allocation error"
   "Error creating interface_bundle = %x",err
   "SSD (%s) at bay %d shelf %s: current available space (%d%%) has reached its threshold (%d%%)",...

Impact:
The HAL daemon might not be able to correctly identify the platform or publish the hardware abstraction configuration at startup, or has encountered a critical failure during normal operation.

Recommended Action:
The specific log will indicate if the error relates to platform-specific issues, or system instability. If the issue persists across daemon/system restarts, a support ticket should be filed.


012a0003 : LIBHAL reporting error conditions

Location:
/var/log/ltm

Conditions:
Various error level logs, associated with errors, were encountered by the hardware abstraction layer (HAL) daemon during startup or normal operation.
Some typical examples are:
    "DossierReq exception: %s", str
    "StorageReadReq failure error = %s", str
    "Unable to attach to LCD: %s", str
    "HAL unsupported platform : %s", str

Impact:
The HAL daemon might not be able to correctly identify the platform or publish the hardware abstraction configuration at startup, or has encountered a critical failure during normal operation.

Recommended Action:
The specific log indicates if the error relates to platform specific issues, or system instability. If the issue persists across daemon or system restarts, file a support ticket with more specific information as indicated in the relevant log message.


012a0004 : LIBHAL reporting warning conditions

Location:
HAL daemon (chmand) warning logs reported in /var/log/ltm

Conditions:
Various warning logs associated with problems or anomalies encountered by the hardware abstraction layer (HAL) daemon during startup or normal operation.
Typical examples include:
   "hal_stop_chman: sendMessage failed"
   "AomSelLogger: unable to process SEL logs"
   "halAnnunciatorSet: sendMessage failed"
   "halGetInterfaceOwner: sendMessage failed"
   "halGetSystemSerialId: sendMessage failed",...

Impact:
The HAL daemon may not be able to correctly identify the platform or publish the hardware abstraction configuration at startup, or has encountered a problem during normal operation.

Recommended Action:
The specific log will indicate if the error relates to platform specific issues, or system instability. If the issue persists across daemon/system restarts and causes problems in system operation, a support ticket should be filed.


012a0005 : LIBHAL reporting normal but significant condition

Location:
/var/log/ltm

Conditions:
An event associated with the hardware platform monitoring code has been observed and highlighted as important information. The events can range from state changes in the system to unexpected events that might indicate an error. Some examples are: platform firmware version checks, delays or timeouts when taking actions, and processes starting or stopping.

Impact:
Impact might be very context specific. In most cases, the message itself should indicate whether it is an unexpected event, state change, or important information.

Recommended Action:
If the message indicates a state change, review whether it was expected based upon any changes that were made at that time to the system. If the message indicates an error, look for additional errors of higher or similar severity at the same time that would provide greater clarity to the problem.


012a0006 : LIBHAL reporting informational

Location:
/var/log/ltm

Conditions:
An informational event associated with the hardware platform monitoring code has been observed and reported. It is used widely for indicating chassis and blade status related to disk media and sensor monitoring.

Impact:
The messages are for informational purposes only.

Recommended Action:
There are no workarounds or actions required based on these log messages.


012a0007 : LIBHAL reporting debug-level messages

Location:
/var/log/ltm

Conditions:
These only occur when someone has manually configured the 'log.libhal.level' DB variable to 'Debug'.

Impact:
No impact, these are only intended to be used by F5 development and support for additional diagnostics.

Recommended Action:
Recommend setting log.libhal.level DB variable back to default value of 'Notice'.

modify sys db log.libhal.level value Notice


012a0013 : Blade %d hardware sensor critical alarm: %s

Location:
/var/log/ltm

Conditions:
A hardware sensor reported a potentially critical condition, depending on context.
For example:
- An excessively high temperature reading
- An excessively high or excessively low voltage reading
- Loss of power to a power supply

Impact:
Evaluate this error message in context to determine whether a critical, transitory, or expected condition applies.
- If the error occurs once, it might indicate a transient communication error in the sensor-monitoring subsystem, and not an actual hardware failure or critical environmental condition.
- If the error occurs due to an external event (for example, disconnected external power from a power supply during a maintenance procedure), the message confirms the result of the external action, and no further action is required.
- If the error occurs repeatedly, without the apparent result of a known external event, perform additional diagnosis to identify the faulty hardware or environmental condition causing the critical sensor report.

Recommended Action:
1. If the reported condition appears to be caused by a known external event, no further action is required.
2. If the error occurs only once, examine the logs for entries indicating a transitory communication error (for example, a related daemon restarting). If no obvious explanation is found, perform an EUD during the next available maintenance window. Continue to monitor the system unless additional messages occur.
3. If the error continues with no obvious external cause, perform an EUD as soon as feasible. Evaluate applicable external contributing factors. Consider an RMA for the affected component.


012a0016 : Blade %d hardware sensor notice: %s

Location:
/var/log/ltm and LCD if connected

Conditions:
One of the hardware sensors has indicated the presence or absence of a notable condition.
Examples: Temperature going too high or returning to normal, fan speeds going too low or returning to normal, power going too low or returning to normal.

Impact:
Varies by condition.

Recommended Action:
Inspect /var/log/ltm for additional details. This message is typically accompanied by several other log messages that specify the exact nature of the sensor alarm.


012a0017 : Chassis power module %d turned on

Location:
/var/log/ltm

Conditions:
A power supply status has changed from being powered off to powered on.

Impact:
Informational.

Recommended Action:
It is not an error, no action required.


012a0019 : Chassis power module %d is on.

Location:
/var/log/ltm

Conditions:
A power supply unit is active with sufficient input power.

Impact:
None.

Recommended Action:
None.


012a0021 : Chassis power module %d absent.

Location:
/var/log/ltm

Conditions:
This occurs when power supply module #x is missing or removed from the chassis, where "x" is greater than 4.

Impact:
The chassis is missing one of the power supply modules and may not have full power capacity or redundant recovery in case the other supplies fail.

Recommended Action:
Replace or reinsert a power supply module in bay #x to restore full power capacity and redundancy.


012a0022 : %s

Location:
/var/log/ltm, LCD

Conditions:
The BIG-IP system experienced a communication error with the AOM. This could be due to successive errors or timeouts.

The BIG-IP system received an alert from the AOM that was classified as a 'warning' level priority. Examples are CPU faults and unexpected or unidentified sensors that the BIG-IP system could not otherwise interpret.

Impact:
Impact varies by specific incident.

Recommended Action:
Inspect /var/log/ltm for additional errors or indications around the time that the log message occurred.

If present, inspect /var/log/sel for additional errors or indications around the time that the log message occurred.


012a0023 : %s

Location:
/var/log/ltm, LCD

Conditions:
The BIG-IP system received an alert from the AOM that was classified as an 'error' level priority. While the message infrastructure exists, there are no uses of this message.

Impact:
Impact would vary by specific incident.

Recommended Action:
Inspect /var/log/ltm for additional errors or indications around the time that the log message occurred.

If present, inspect /var/log/sel for additional errors or indications around the time that the log message occurred.


012a0024 : %s

Location:
/var/log/ltm, LCD

Conditions:
The BIG-IP system received an alert from the AOM that was classified as an 'alert' level priority. While the message infrastructure exists, there are no uses of this message.

Impact:
Impact would vary by specific incident.

Recommended Action:
Inspect /var/log/ltm for additional errors or indications around the time that the log message occurred.

If present, inspect /var/log/sel for additional errors or indications around the time that the log message occurred.


012a0025 : %s

Location:
/var/log/ltm, LCD

Conditions:
The BIG-IP system detected that a FRU component has corrupted or missing information.

The BIG-IP system detected that a fan tray was removed.

The BIG-IP system detected that an internal hardware module is absent (ex. internal switch, LCD, HSB, CPU).

The BIG-IP system detected that the chassis air filter replacement is overdue.

The BIG-IP system detected a problem communicating with the LCD module.

The BIG-IP system detected a CPU fault CATERR, IERR, or MCERR.

The BIG-IP system received a 'critical' level alert from the AOM for a sensor type that it didn't expect or could not interpret.

Impact:
Impact varies by specific incident.

Recommended Action:
Inspect /var/log/ltm for additional errors or indications around the time that the log message occurred.

If present, inspect /var/log/sel for additional errors or indications around the time that the log message occurred.


012a0026 : %s

Location:
/var/log/ltm, console, LCD

Conditions:
The BIG-IP device detected a CPU FIVR error.

The BIG-IP device received an 'emergency' level alert from the AOM for a sensor type that it didn't expect or could not interpret.

Impact:
Impact varies by specific incident.

Recommended Action:
Inspect /var/log/ltm for additional errors or indications around the time that the log message occurred.

If present, inspect /var/log/sel for additional errors or indications around the time that the log message occurred.


012a0027 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM SEL is full.

Any one of the AOM WARN, ERROR, ALERT, CRIT, or EMERG level alert conditions previously reported has now cleared.

Impact:
If the AOM SEL is full, the AOM will no longer be able to log messages to it. This could result in losing valuable information associated with a future problem. Reaching this condition in the first place also suggests that there could be a serious problem with the hardware, since the SEL should remain rather inactive at steady state conditions and it supports tens of thousands of entries.

For other log messages, the impact varies by specific incident, but they are primarily informational and indicate that a condition has recovered from a previously bad state.

Recommended Action:
If the SEL is full, it can be cleared using the ipmiutil command: 'ipmiutil sel -d'
NOTE: It is highly recommended to make sure that /var/log/sel has the latest information from the SEL before clearing it. The /var/log/sel file gets updated automatically every two minutes.

For other log messages, inspect /var/log/ltm for additional information around the time that the log message occurred.


012a0028 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a temperature sensor has crossed a 'warning' threshold.

Impact:
Integrity of the hardware could be at risk if overheating is not mitigated.

Recommended Action:
Check the fan status of the unit using 'tmsh show sys hardware'.

Inspect the LCD and/or /var/log/ltm for any fan related problems.

Ensure that ambient room temperature in which the device is located has sufficient cooling.

Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the unit might be starting to overheat.


012a0029 : %s

Location:
/var/log/ltm, LCD

Conditions:
The BIG-IP system detected an error while monitoring a temperature sensor.

Impact:
Diagnostic temperature information might be unavailable or inaccurate.

Recommended Action:
Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the sensor might have encountered a problem.

Inspect the following tmctl table for errors in the row 'GetSensRead'.
# tmctl ipmi_ops

If sensor reading errors are continuously incrementing in the above table, try reseting the AOM through the AOM menu, followed by a re-start of chmand after waiting about 5 minutes from the AOM restart:
# bigstart restart chmand


012a0030 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a temperature sensor has crossed an 'alert' level threshold.

Impact:
Integrity of the hardware could be at risk if overheating is not mitigated.

Recommended Action:
Check the fan status of the unit using 'tmsh show sys hardware'.

Inspect the LCD and /var/log/ltm for any fan related problems.

Ensure that ambient room temperature in which the device is located has sufficient cooling.

Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the unit may be starting to overheat.


012a0031 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a temperature sensor has crossed a 'critical' level threshold.

Impact:
Integrity of the hardware could be at risk if overheating is not mitigated.

Recommended Action:
Check the fan status of the unit using 'tmsh show sys hardware'.

Inspect the LCD and /var/log/ltm for any fan related problems.

Ensure that ambient room temperature in which the device is located has sufficient cooling.

Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the unit may be starting to overheat.


012a0032 : %s

Location:
/var/log/ltm, console, LCD

Conditions:
AOM has indicated that a temperature sensor has crossed an 'emergency' level threshold.

Impact:
This will likely result in an automatic power down event by the AOM.

Recommended Action:
Integrity of the hardware could be at risk from overheating. Careful inspection for the cause of overheating should be performed and an EUD should be run next time the unit is powered on.


012a0033 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a temperature sensor has experienced an 'information' level state change. These are almost always the result of a temperature returning back to normal after having experienced an abnormal reading.

Impact:
Likely indicates that the unit has returned to a good state after having experienced a temperature anomaly.

Recommended Action:
Make sure root cause for any preceding temperature anomaly is understood in order to prevent recurrence.


012a0034 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a fan sensor has crossed a 'warning' threshold.

Impact:
Integrity of the hardware could be at risk for eventual overheating if problem is not mitigated.

Recommended Action:
Check the fan status of the unit using 'tmsh show sys hardware'.

Inspect the LCD and/or /var/log/ltm for any other fan related problems.

Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the fan might be malfunctioning.

Check for any objects obstructing free movement of the fan.

If the fan is associated with the chassis fan tray, make sure that the fan tray is fully inserted and fastened with the set screws. Also try re-seating the fan tray if problem persists.


012a0035 : %s

Location:
/var/log/ltm, LCD

Conditions:
The BIG-IP system detected an error while monitoring a fan sensor.

Impact:
Diagnostic fan information may be unavailable or inaccurate.

Recommended Action:
Inspect the following tmctl table for errors in the row 'GetSensRead':
# tmctl ipmi_ops

If sensor reading errors are continuously incrementing in the above table, try reseting the AOM through the AOM menu followed by a re-start of chmand after waiting about 5 minutes from the AOM restart:
# bigstart restart chmand


012a0036 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a fan sensor has crossed an 'alert' threshold.

Impact:
Integrity of the hardware could be at risk for eventual overheating if problem is not mitigated.

Recommended Action:
Check the fan status of the unit using 'tmsh show sys hardware'.

Inspect the LCD and/or /var/log/ltm for any other fan related problems.

Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the fan may be malfunctioning.

Check for any objects obstructing free movement of the fan.

If the fan is associated with the chassis fan tray, make sure that the fan tray is fully inserted and fastened with the set screws. Also try re-seating the fan tray if problem persists.


012a0037 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a fan sensor has crossed a 'critical' threshold.

Impact:
Integrity of the hardware could be at risk for eventual overheating if problem is not mitigated.

Recommended Action:
Check the fan status of the unit using 'tmsh show sys hardware'.

Inspect the LCD and/or /var/log/ltm for any other fan related problems.

Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the fan may be malfunctioning.

Check for any objects obstructing free movement of the fan.

If the fan is associated with the chassis fan tray, make sure that the fan tray is fully inserted and fastened with the set screws. Also try re-seating the fan tray if problem persists.


012a0038 : %s

Location:
/var/log/ltm, console, LCD

Conditions:
AOM has indicated that a fan sensor has crossed an 'emergency' threshold.

Impact:
Integrity of the hardware could be at risk for eventual overheating if problem is not mitigated.

Recommended Action:
Check the fan status of the unit using 'tmsh show sys hardware'

Inspect the LCD and/or /var/log/ltm for any other fan related problems.

Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the fan may be malfunctioning.

Check for any objects obstructing free movement of the fan.

If the fan is associated with the chassis fan tray, make sure that the fan tray is fully inserted and fastened with the set screws. Also try re-seating the fan tray if problem persists.


012a0039 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a fan sensor has experienced an 'information' level state change. These are almost always the result of a fan returning back to normal after having experienced an abnormal reading.

Impact:
Likely indicates that the unit has returned to a good state after having experienced a fan anomaly.

Recommended Action:
Make sure root cause for any preceding fan anomaly is understood in order to prevent recurrence.


012a0040 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a power sensor has crossed a 'warning' threshold. Likely causes are:

- A PSU is insufficiently powered or malfunctioning.
- An internal power fault has occurred within the unit.

Impact:
Unit might be malfunctioning or insufficiently powered.

Recommended Action:
Check the PSU status of the unit using 'tmsh show sys hardware'

Inspect the LCD and /var/log/ltm for any other power related problems.

Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the power might be malfunctioning.

Make sure each PSU in the system is properly seated with an appropriate power source supplied to it.


012a0041 : %s

Location:
/var/log/ltm, LCD

Conditions:
The BIG-IP system detected an error while monitoring a power sensor.

Impact:
Diagnostic power information might be unavailable or inaccurate.

Recommended Action:
Inspect the following tmctl table for errors in the row 'GetSensRead':
# tmctl ipmi_ops

If sensor reading errors are continuously incrementing in the above table, try reseting the AOM through the AOM menu followed by a re-start of chmand after waiting about 5 minutes from the AOM restart:
# bigstart restart chmand


012a0042 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a power sensor has crossed an 'alert' threshold. Likely causes are:

- A PSU is insufficiently powered or malfunctioning.
- An internal power fault has occurred within the unit.

Impact:
Unit might be malfunctioning or insufficiently powered.

Recommended Action:
Check the PSU status of the unit using 'tmsh show sys hardware'.

Inspect the LCD and /var/log/ltm for any other power related problems.

Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the power might be malfunctioning.

Make sure each PSU in the system is properly seated with an appropriate power source supplied to it.


012a0043 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a power sensor has crossed a 'critical' threshold. Likely causes are:

- A PSU is insufficiently powered or malfunctioning.
- An internal power fault has occurred within the unit.

Impact:
Unit might be malfunctioning or insufficiently powered.

Recommended Action:
Check the PSU status of the unit using 'tmsh show sys hardware'.

Inspect the LCD and /var/log/ltm for any other power related problems.

Inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the power might be malfunctioning.

Make sure each PSU in the system is properly seated with an appropriate power source supplied to it.


012a0044 : %s

Location:
/var/log/ltm, console, LCD

Conditions:
AOM has indicated that a power sensor has crossed an 'emergency' threshold. Likely causes are:

- A PSU is insufficiently powered or malfunctioning.
- An internal power fault has occurred within the unit.

Impact:
Hardware integrity of the unit is in jeopardy and will likely be powered down automatically.

Recommended Action:
If the unit can still be powered on, inspect /var/log/ltm and /var/log/sel around the time of the message for any additional indications as to why the power might be malfunctioning.

Make sure each PSU in the system is properly seated with an appropriate power source supplied to it.


012a0045 : %s

Location:
/var/log/ltm, LCD

Conditions:
AOM has indicated that a power sensor has experienced an 'information' level state change. These are almost always the result of a power reading returning back to normal after having experienced an abnormal reading, or a message providing the initial status on first power up.

Impact:
Likely indicates that the unit has returned to a good state, after having experienced a power anomaly, or the unit has just been powered on.

Recommended Action:
Make sure root cause for any preceding power anomaly is understood in order to prevent recurrence.


012a0046 : Chassis power module 1 turned on.

Location:
/var/log/ltm

Conditions:
Power supply 1 is powered on.

Impact:
None.

Recommended Action:
None.


012a0047 : Chassis power module 2 turned on.

Location:
/var/log/ltm

Conditions:
Power supply 2 is powered on.

Impact:
None.

Recommended Action:
None.


012a0048 : Chassis power module 3 turned on.

Location:
/var/log/ltm

Conditions:
Power supply 3 is powered on.

Impact:
None.

Recommended Action:
None.


012a0049 : Chassis power module 4 turned on.

Location:
/var/log/ltm

Conditions:
Power supply 4 is powered on.

Impact:
None.

Recommended Action:
None.


012a0050 : Chassis power module 1 turned off.

Location:
/var/log/ltm

Conditions:
A chassis power module is present in slot 1 but does not have an input power supply. This could be because the unit is switched off, the external power supply is inadequate, or a malfunction has occurred.

Impact:
Power supply redundancy is compromised since the power supply unit in slot 1 is not actively supplying power to the box.

Recommended Action:
If the condition is unexpected:
Verify that the power supply unit is switched on.
Verify that external source to the power supply unit is functioning properly.
Verify that the power supply unit is seated properly.
Inspect /var/log/ltm for additional power related alarms for indications of any potential malfunctions.


012a0051 : Chassis power module 2 turned off.

Location:
/var/log/ltm

Conditions:
Power supply 2 is powered off.

Impact:
None.

Recommended Action:
None.


012a0052 : Chassis power module 3 turned off.

Location:
/var/log/ltm

Conditions:
Power supply 3 is powered off.

Impact:
None.

Recommended Action:
None.


012a0053 : Chassis power module 4 turned off.

Location:
/var/log/ltm

Conditions:
Power supply 4 is powered off.

Impact:
None.

Recommended Action:
None.


012a0054 : Chassis power module 1 absent.

Location:
/var/log/ltm

Conditions:
The power supply module #1 is missing or removed from the chassis.

Impact:
The chassis is missing one of the power supply modules. If any other power supplies fail, then both the full power capacity and redundant recovery may be compromised.

Recommended Action:
To restore full power capacity and redundancy, replace or reinsert a power supply module in bay #1.


012a0055 : Chassis power module 2 absent.

Location:
/var/log/ltm

Conditions:
The power supply module #2 is missing or removed from the chassis.

Impact:
The chassis is missing one of the power supply modules. If any other power supplies fail, then both the full power capacity and redundant recovery may be compromised.

Recommended Action:
To restore full power capacity and redundancy, replace or reinsert a power supply module in bay #2.


012a0056 : Chassis power module 3 absent.

Location:
/var/log/ltm

Conditions:
The power supply module #3 is missing or removed from the chassis.

Impact:
The chassis is missing one of the power supply modules. If any other power supplies fail, then both the full power capacity and redundant recovery may be compromised.

Recommended Action:
Replace or reinsert a power supply module in bay #3 to restore full power capacity and redundancy.


012a0057 : Chassis power module 4 absent.

Location:
/var/log/ltm

Conditions:
The power supply module #4 is missing or removed from the chassis.

Impact:
The chassis is missing one of the power supply modules. If any other power supplies fail, then both the full power capacity and redundant recovery may be compromised.

Recommended Action:
To restore full power capacity and redundancy, replace or reinsert a power supply module in bay #4.


012a0058 : Chassis with %d blades (%d W) may be inadequately powered - increase active number of power supplies

Location:
/var/log/ltm, console

Conditions:
The number of power supplies installed might not be enough to support the number of blades in the system.

Impact:
The system might not function properly.

Recommended Action:
None.


012a0059 : Chassis power module %d is unidentified.

Location:
/var/log/ltm, LCD

Conditions:
This error message is seen when a power supply that is unsupported or unidentified on the particular platform is inserted or powered on.

Impact:
Since the power supply would be unsupported on the platform under consideration, it will not supply power to the device. All power supply related sensor readings will be unavailable.

Recommended Action:
Replace the unsupported power supply with a good or supported one. We can hot-plug the power supply and in ~30 secs all sensor reading will be available.


012b0021 : Executable %s version '%s'.

Location:
/var/log/gtm

Conditions:
This log occurs during the big3d installation. In the event that the modification time stamp of big3d under /shared/bin is up to date and its signature is correct, the versions of /shared/bin/big3d and /usr/sbin/big3d are retrieved and written to the log file. This is done to ensure that we copy /usr/sbin/big3d over to /shared/bin/big3d when the version of /usr/sbin/big3d is newer than /shared/bin/big3d.

Impact:
Allows user to verify version types of /shared/bin/big3d and /usr/bin/big3d, so they can manually copy /usr/bin/big3d to /shared/bin/big3d if the time stamp and version of /usr/bin/big3d are more more recent, or if the signature of /shared/bin/big3d fails.

Recommended Action:
Solution Referenced From: https://support.f5.com/csp/article/K13703

Verify Time Stamp

stat /shared/bin/big3d
stat /usr/sbin/big3d

Verify Version
 
/shared/bin/big3d -v
/usr/sbin/big3d -v

or

cat /var/log/gtm


Copy over /usr/bin/big4d if these cases are true
/usr/sbin/big3d modification time > /shared/bin/big3d modification time
or
/usr/sbin/big3d version > /shared/bin/big3d version

tmsh stop /sys service big3d && cp -a $(which big3d) /shared/bin/ && tmsh start /sys service big3d


012b0022 : Executable %s version is newer than %s.

Location:
/var/log/gtm

Conditions:
This log occurs during the big3d installation. In the event that the modification time stamp of big3d under /shared/bin is up to date and its signature is correct, the versions of /shared/bin/big3d and /usr/sbin/big3d are retrieved and written to the log file. This is done to ensure that we copy /usr/sbin/big3d over to /shared/bin/big3d when the version of /usr/sbin/big3d is newer than /shared/bin/big3d.

Impact:
Allows user to verify version types of /shared/bin/big3d and /usr/bin/big3d, so they can manually copy /usr/bin/big3d to /shared/bin/big3d if the time stamp and version of /usr/bin/big3d are more more recent, or if the signature of /shared/bin/big3d fails.

Recommended Action:
Solution Referenced From: https://support.f5.com/csp/article/K13703

Verify Time Stamp

stat /shared/bin/big3d
stat /usr/sbin/big3d

Verify Version
 
/shared/bin/big3d -v
/usr/sbin/big3d -v

or

cat /var/log/gtm


Copy over /usr/bin/big4d if these cases are true
/usr/sbin/big3d modification time > /shared/bin/big3d modification time
or
/usr/sbin/big3d version > /shared/bin/big3d version

tmsh stop /sys service big3d && cp -a $(which big3d) /shared/bin/ && tmsh start /sys service big3d


012b3005 : Error encountered while opening SSL certificates %s.

Location:
/var/log/gtm

Conditions:
There was an error while big3d was attempting to load the SSL certificates and keys. The message includes the error from the system call.

Impact:
It is unlikely that big3d will be able to accept SSL connections from remote clients since it is unable to load the SSL certificates.

Recommended Action:
Examine the error message and resolve the issue with the certificates.


012b7010 : No Route Domain support, cannot create a listener for Route Domain %u.

Location:
/var/log/gtm

Conditions:
big3d is unable to detect support on this BIG-IP for route domains, yet there are route domains configured. This should not be possbile.

Impact:
big3d will not listen for connections on non-zero route domains.

Recommended Action:
It is possible that the wrong version of big3d has been loaded on this BIGIP.
Check the running version via the command:
/shared/bin/big3d -v
to make sure it is the expected version.
If it is not the desired version, remove it and allow the default version to run via:
bigstart stop big3d
rm /shared/bin/big3d
bigstart start big3d


012c0004 : Lost connection with MCP: %d ... Exiting

Location:
/var/log/ltm. Not in GUI or console.

Conditions:
This is an internal error indicating that the bcm56xxd daemon lost communication with the mcpd process.

Impact:
The bcm56xxd daemon will restart. That will bounce all external interfaces.

Recommended Action:
No workaround, this is an internal error. Look in /var/log/ltm or /var/tmp/mcpd.out for any indication of why the mcpd process stopped communicating or restarted.


012c0010 : BCM56XXD driver error

Location:
/var/log/ltm

Conditions:
Various error logs associated with errors encountered by the switch daemon when attempting to configure the switch.
Some typical examples are:
    "Vlan %s invalid vid", vlan_name
    "Unable to set mac address for unit=%d, port=%d",unit, port
    "Unable to set bundle state for interface %s", name
    "Cannot set flow control for %s", name

Impact:
The switch daemon might not correctly configure the switch based on the existing configuration.

Recommended Action:
Verify that these errors relate to platform-specific configuration issues, or system instability. If the issue persists across daemon or system restarts, a support ticket should be filed.


012c0011 : BCM56XXD SDK error

Location:
/var/log/ltm.

This message is not available in the GUI or the console.

Conditions:
This message indicates that the Broadcom SDK library runs into an error condition when executing a command from the BIG-IP system's bcm56xxd switch daemon to configure broadcom switch.

Impact:
Typically this message indicates a critical error that prevents the broadcom switch from operating at the proper configuration required by BIG-IP. It might impact packets passing on some production traffic, or statistics reporting. Often, bcm56xxd also logs another error message, indicating which application level API is failing.

Recommended Action:
This error rarely occurs. When it does occur, in some cases restarting bcm56xxd ("bigstart restart bcm56xx"), or rebooting the box, will resolve the issues. Otherwise, the error persists after a bcm56xxd restart or reboot, and if it affects production traffic, an SR should be submitted to the F5 support team.


012c0012 : BCM56XXD info

Location:
/var/log/ltm

Conditions:
These messages occur during the normal initialization process of the bcm56xxd daemon. They are used to track the initialization progress of the daemon.

Impact:
None, these are informational messages only.

Recommended Action:
None.


012c0013 : BCM56XXD starting

Location:
/var/log/ltm

Conditions:
Anytime the bcm56xxd daemon starts up as a result of booting or restarting. This message is just a marker to indicate that bcm56xxd has begun executing.

Impact:
No impact, informational only

Recommended Action:
None.


012c0014 : SAMPLE: bcm56xxd - Exiting...

Location:
/var/log/ltm

Conditions:
This message occurs as a result of an orderly bcm56xxd daemon shutdown. The shutdown can occur as a result of the 'bigstart restart' or 'bigstart stop' commands or a self-initiated restart to affect an interface bundling change.

Impact:
None, this is informational only.

Recommended Action:
None.


012c0015 : Link: %s is %s

Location:
/var/log/ltm

Conditions:
Reporting link status of an interface. This is not an error, but an informational message.
Link status can be "DISABLED" "UP" "UNPOPULATED" or "DOWN"

UP means the interface is enabled, communicating and has link.
DOWN means the interface is enabled, but is not able to establish link.
UNPOPULATED means there is no optic inserted in the interface.
DISABLED means the interface is administratively disabled.

Impact:
No impact, informational only.

Recommended Action:
None.


012c0016 : BCM56XXD SDK info

Location:
/var/log/ltm

Conditions:
These messages occur during the normal initialization process of the bcm56xxd daemon. They are used to track the initialization progress of the daemon.

Impact:
None, these are informational messages only

Recommended Action:
None.


012d0007 : Lost connection with MCP: %08x

Location:
/var/log/ltm

Conditions:
This happens when eventd's attempt to make a connection to MCP fails. This is most likely because MCP is down.

Impact:
MCP is down so eventd cannot make a connection to it.

Recommended Action:
Check MCP daemon log to see why it's down. The work around is to restart MCP.


012e0029 : The configuration was successfully loaded.

Location:
/var/log/ltm

Conditions:
This is a deprecated message that was used by bigpipe (prior to tmsh) to indicate successful configuration loads.

Impact:
Cosmetic.

Recommended Action:
None.


01300001 : RAMCACHE Initialize - Not enough memory available to create the cache. Please try reducing the cache size and max entries

Location:
/var/log/ltm

Conditions:
A low or out of memory condition.

Impact:
Caching is disabled.

Recommended Action:
Reduce memory usage in other profiles. Use of memory statistics to find profiles or systems that use or reserve too much memory is advised.


01300002 : RAMCACHE Response - Too many Cache-Control headers in response, max is %d.

Location:
/var/log/ltm

Conditions:
If an HTTP response contains multiple cache-control headers, it is possible for the total number of cache-control headers to exceed the maximum allowed.

Impact:
All of the cache-control headers are ignored.

Recommended Action:
Reduce the number of cache-control headers.


01300003 : RAMCACHE - Header too long. Header %d of length %d exceeds the max %lu bytes.

Location:
/var/log/ltm

Conditions:
At least one cache-control header field exceeds the maximum size allowed by RAM cache.

Impact:
The response is not cachable.

Recommended Action:
Modify the response to have shorter cache-control lines.


01310027 : ASM subsystem error (%s,%s): %s

Location:
/var/log/asm

Conditions:
This generic error might indicate any fault encountered by ASM control plane daemons, such as asm_start, asm_config_server.pl, asmlogd, and asmcrond.

Impact:
ASM control plane daemons encountered a fault and might restart.

Recommended Action:
ASM logs should be investigated for other issues encountered.


01340001 : HA Connection with peer %la:%d for traffic-group %s established.

Location:
/var/log/ltm

Conditions:
HA HELLO message is successfully processed.

Impact:
HA connection is successfully established. HA system compatibility check is done. Not an error.

Recommended Action:
None.


01340002 : HA Connection with peer %la:%d for traffic-group %s lost

Location:
TMM log files.

Conditions:
Indicates that the mirroring connection with the peer was dropped. This error only occurs if the connection was up, and subsequently lost. This message might indicate that the peer is rebooting, including for administrative action, network failures, and failures within mirroring.

Impact:
This message can occur during initial startup, and does not indicate an error unless it repeats or is not explicable by administrative reboots. When loss of mirroring connectivity occurs, L7 mirrored flows are no longer mirrored. New connections are mirrored as normal.

The connection will automatically be recreated. If errors recur, refer to the workaround. If this error occurs sporadically, it might be related to bursts of client traffic. Use the workarounds to ensure that the bandwidth and the statemirror.queuelen support the traffic bursts.

Recommended Action:
Ensure that the channel bandwidth supports the needed volume. For example, if mirroring 10G of traffic across a 1G link, this error will recur until the mirroring connection supports the amount of data that needs to be mirrored. Also, adjust the database statemirror.queuelen as appropriate for your platform and mirroring needs.


01340003 : Cluster error: %s

Location:
/var/log/ltm

Conditions:
This error category is used for critical errors in communication between TMM threads,
specifically by MPI proxy.

Impact:
The system may be in an unpredictable state.

Recommended Action:
All occurrences of this error should be reported to TMM developers.


01340004 : HA Connection detected dissimilar peer: local npgs %u, remote npgs %u, local npus %u, remote npus %u, local pg %u, remote pg %u, local pu %u, remote pu %u. Connection will be aborted.

Location:
/var/log/ltm

Conditions:
This message appears when attempting to mirror dissimilar peers. This message indicates a different number of tmms between two HA peers, for example, mirroring from a BIG-IP appliance with 8 tmms to an appliance with 12 tmms. This message also appears when the blades in two chassis are in different locations, or when VCMP guests are on different slots on the same tmms.

Impact:
HA config sync functions normally, but mirroring is not operational. If failover occurs, connections will be lost.

Recommended Action:
Mirroring is only supported between similar peers. For VCMP, guests must be on the same slots on the same physical blades. For appliances, mirroring is only supported between appliances with the same number of tmms.


01340007 : HA Connection with peer %la:%d for traffic-group %s closing.

Location:
/var/log/ltm

Conditions:
This message appears when HA connection is closing. Usually this means that one of the peers might've gone inactive.

Impact:
HA mirror is not available for these HA peers.

Recommended Action:
No workaround available. Verify that HA peers can communicate with each other and are both available. Virtual server serving mirrored traffic has to have mirror enabled.


01340009 : HA reconnect with peer %la:%d for traffic-group %s postponed.

Location:
/var/log/ltm

Conditions:
A reconnect attempt on an HA channel was rescheduled. This normally should not happen. There is no direct path leading to this situation in the system. Rare occurrences of this message indicate an inconsequential issue. Multiple messages can indicate a lock up.

Impact:
It is an information message. It can indicate a lock up if it appears multiple times.

Recommended Action:
None.


01340012 : HA context missing for %s on virtual %s

Location:
/var/log/ltm

Conditions:
The current and next-active device configurations are probably not in sync. A possible reason is that a profile assigned to the virtual server on the next-active device does not exist on the active device. As a result, the active device does not send HA context, which the next-active device requires for the assigned profile.

Impact:
Mirrored connections that cannot find an expected HA context on the next-active device are not established on that device.

Recommended Action:
Resolve configuration differences between the current and next-active devices.


01360008 : ERROR: Cannot connect to GWM server %s; Will try it again in 30 seconds.

Location:
/var/log/ltm

Conditions:
This message is logged when the SASP monitor daemon loses connectivity with a Group Workload Manager (GWM) server. The GWM server might be down, or improperly configured, or the SASP monitor might be improperly configured.

Impact:
This message indicates that the SASP monitoring daemon is not receiving GWM health monitor status updates. The SASP monitor has lost connectivity with a GWM server, and will attempt to reconnect. No further GWM health results for SASP monitoring will be received until this connection is restored.

This might be normal behavior when user-initiated activity has (temporarily) taken the GWM server offline (such as to perform configuration or other administrative activities), or might indicate a configuration error or failure of a network resource.

Recommended Action:
No recommended action in the case where user-initiated activities temporarily remove from service the GWM server, as SASP monitoring will automatically be restored when the GWM server is placed back into service.

When this error is unexpected (such as not resulting from user-initiated action on the GWM server), the user should verify the configuration of the SASP monitor; and verify configuration and availability of the GWM server. Upon repairing an improper GWM server configuration or making the GWM server available, SASP monitoring should resume automatically.


01380002 : Certificate '%s' in file %s will expire on %s

Location:
/var/log/ltm
console

Conditions:
The warning message is directly printed on the console right after the "checkcert" command is given.
The certificate specified in the warning message is going to expire within one month.

Impact:
The warning message doesn't indicate any error. It is to remind the user to update the certificates that will expire soon. If the user doesn't take any action, then those certificates will expire and it could fail some of the certificate verification process and hence fail the SSL connections that rely on these certificates.

Recommended Action:
Renew or remove the expiring certificates.


013a0004 : %s

Location:
/var/log/ltm, stdout

Conditions:
A clusterd is emitting a log message at log level ERROR.

Impact:
An ERROR log message is emitted from clusterd to the /var/log/ltm and to stdout.

Recommended Action:
None.


013a0005 : %s

Location:
/var/log/ltm

Conditions:
A clusterd is emitting a log message at log level WARNING.

Impact:
A WARNING log message is emitted from clusterd to the /var/log/ltm.

Recommended Action:
None.


013a0006 : %s

Location:
/var/log/ltm

Conditions:
A clusterd is emitting a log message at log level NOTICE.

Impact:
A NOTICE log message is emitted from clusterd to the /var/log/ltm.

Recommended Action:
None.


013a0007 : %s

Location:
/var/log/ltm

Conditions:
A clusterd is emitting a log message at log level INFO.

Impact:
An INFO log message is emitted to the /var/log/ltm.

Recommended Action:
None.


013a0008 : %s

Location:
/var/log/ltm

Conditions:
A clusterd is emitting a log message at log level DEBUG.

Impact:
A DEBUG log message is emitted from clusterd to the /var/log/ltm.

Recommended Action:
None.


013a0014 : %s

Location:
/var/log/ltm

Conditions:
A cluster member has transitioned to Slot State FAILED.
This message is emitted only when a clusterd is not receiving packets from peer cluster members on the mgmt_bp. That is, a partial partition on the mgmt_bp has been detected.

Impact:
While the error log message itself is purely informational, the slot on which clusterd has failed will be unavailable until cluster health is restored.

If the user has set sys db clusterd.communicateovertmmbp true:
- The cluster will mend itself when the mgmt_bp partition is dissolved.

If tmm.communicateovertmmbp is set to false:
- The cluster might remain in a degraded state with the partitioned member marking peers FAILED.
- That cluster member will elect itself primary of its own cluster (of size equal to one cluster member).
- This partitioned member will then attempt to usurp, from the majority cluster, the chassis-wide cluster-floating manangement-ip for its newly created minority cluster.
- The unwitting primary of the majority cluster will flap in a primary election loop.

On peers not experiencing the partition, which can still receive packets from the member that cannot, the FAILED member is reported as available and running due to the receipt of packets that the failed member can still send.

No mechanisms are available for the automatic resolution of the inconsistent state encountered in this scenario.
Manual intervention is required.

Thus, if this message is observed when tmm.communicateovertmmbp is false, users are advised that the cluster might encounter an inconsistent state.

Recommended Action:
On the afflicted cluster member, run the following command in order to give the failed slot a chance to rejoin the cluster:
$ bigstart restart clusterd

Watch the output of the following command in order to observe the outcome of restarting clusterd on the failed slot:
tmsh show sys cluster

If the partition on the mgmt_bp has already dissolved when clusterd comes back up on the formerly-failed slot, then the slot will join the cluster as usual.


013a0015 : %s

Location:
/var/log/ltm

Conditions:
"Blade N quorum state increasing from ST_FOO to ST_BAR." is observed.

The clusterd State is increasing, e.g.
from State ST_INITIAL to ST_QUORUM_WAIT,
from ST_QUORUM_WAIT to ST_QUORUM,
from ST_QUORUM to ST_RUNNING,
or from ST_RUNNING to ST_SHUTDOWN,
or from Any Lower State to Any Higher State.

Impact:
Clusterd is transitioning from ST_FOO to ST_BAR, as indicated by the log messages, while simultaneously these log messages are emitted by clusterd.

Recommended Action:
None.


013a0016 : %s

Location:
/var/log/ltm

Conditions:
"Blade N quorum state decreasing from ST_BAR to ST_FOO." is observed.

The clusterd State is decreasing.
The clusterd is transitioning from state ST_BAR to ST_BAZ, where ST_BAR > ST_BAZ according to clusterd.

For example:
to State ST_INITIAL from ST_QUORUM_WAIT,
to ST_QUORUM_WAIT from ST_QUORUM,
to ST_QUORUM from ST_RUNNING,
or to Any Lower State from Any Higher State.

Impact:
Clusterd is transitioning from ST_FOO to ST_BAR as indicated by the log messages, while simultaneously these log messages are emitted by clusterd.

Recommended Action:
None.


013a0018 : "%s"

Location:
/var/log/ltm

Conditions:
A cluster member has transitioned to clusterd Availability State RED.

Impact:
A cluster member is indicating that it has transitioned to Availability State RED.
This coincides with the cluster member reporting a status of Slot Failed.
You might want to investigate the current cluster status with:
(tmos)# show sys cluster

Recommended Action:
Investigate the reason for clusterd transitioning to Availability State RED by grepping the /var/log/ltm for RED.
The reason for the transition follows this Log, as below:
cat /var/log/ltm | grep RED
example:
Apr 3 23:31:33 slot2/sk0 err clusterd[5936]: 013a0018:3: Blade 2 turned RED: Run, HA TABLE offline
Apr 3 23:31:33 slot3/sk0 err clusterd[5659]: 013a0018:3: Blade 3 turned RED: Run, HA TABLE offline
Apr 3 23:31:33 slot4/sk0 err clusterd[4903]: 013a0018:3: Blade 4 turned RED: Run, HA TABLE offline
Apr 3 23:29:52 slot1/sk0 err clusterd[5763]: 013a0018:3: Blade 1 turned RED: Quorum: waiting for lind, HA TABLE offline


013a0019 : %s

Location:
/var/log/ltm

Conditions:
A cluster member has transitioned to clusterd Availability State YELLOW, indicating a transition to cluster state Quorum.

Impact:
The cluster member will not be available until it transitions to Availability State GREEN. The cluster will automatically try to bring the cluster member up to Availability State GREEN, running.

Recommended Action:
None.


013a0020 : %s

Location:
/var/log/ltm

Conditions:
A cluster member has transitioned to clusterd Availability State GREEN.

Impact:
No impact. This notice log purely informational.

Recommended Action:
No workaround is required.
You might wish to run the following command in order to confirm the expected cluster state:
(tmos)# show sys cluster


013a0024 : %s

Location:
/var/log/ltm

Conditions:
The cluster has selected a new cluster member to take on the role of primary cluster member.

The following message is observed:
"Blade N: Changing primary from J to K"
Where N may be any valid slot id of a cluster member,
and J and K may also be the valid slot id of a cluster member, as well as (self) or (none).

Impact:
The cluster member J which was formerly the primary will now be a secondary. The cluster member K indicated in the log message will become the cluster's new primary member.

Recommended Action:
None.


013b0004 : %s

Location:
/var/log/ltm

Conditions:
This is a catch-all error message emitted for any error in the csyncd daemon. On all devices, this daemon watches for certain file changes (such as, copying an ISO image of a new TMOS version to the device) and performs actions as a result of those changes (such as, informing the rest of the system that a new installable ISO is available). On chassis, in addition to this, it ensures that updates on some files (such as the system configuration) are kept in sync across all blades.

Impact:
Variable.

Recommended Action:
Variable.


013b0008 : %s

Location:
/var/tmp/csyncd.out

Conditions:
When csyncd logging is enabled, many events will log messages describing what they are doing. csyncd is the system service that watches the filesystem to take certain actions, such as informing TMOS about an ISO image for a new release copied onto the filesystem. It also synchronizes certain files between blades of a chassis.

Impact:
This is not an error message. Error messages will be logged at a higher log level.

Recommended Action:
None.


013c0004 : %s

Location:
/var/log/ltm

Conditions:
There are many conditions that are reported under the context of this error message.

failure communicating with the mcp daemon - error may include "IO error on recv from mcpd - connection lost"
failure interacting with storage devices - error may include "volumeset does not exist HD1.1", or "Failed to create volumeset"
failure interacting with the system hypervisor - error may include "Fatal error: vcmp_media_insert failed"
failure interacting with the kernel - error may include "audit failed, cannot continue
failure parsing the startup commands - error may include "audit failed, cannot continue

Impact:
Software management will not be possible.

Recommended Action:
- You might be out of disk space and you might encounter this when creating new volumes. Check the amount of available disk space. For more information, see SOL14403: Maintaining disk space on the BIG-IP system (11.x - 12.x).
- If this occurs while trying to load an image or when provisioning a VCMP instance with a new image, the permissions on the image might be incorrect. Make sure that the .iso images in /shared/images have 644 permissions.
- If this occurs on a VIPRION, you may need to re-insert the blade if you recently added it.
- You might need to back up the configuration, re-install new software, and reload the configuration.
- If your hard drive firmware is running version 01.03E01, you might need to obtain a hard drive firmware update from F5, referencing ID363930.


013c0006 : %s

Location:
/var/log/ltm

Conditions:
Image files are being removed from the /shared/images directory.

Example: 013c0006:5: Image (BIGIP-12.1.0.0.0.1434.iso) has a software image entry in MCP database but does not exist on the filesystem.

Impact:
None.

Recommended Action:
None.


013d0006 : cand done

Location:
/var/log/ltm

Conditions:
BIG-IP is shutting down, or the cand daemon is restarting.

Impact:
None, this is informational not an error condition.

Recommended Action:
None.


013e0000 : Tcpdump starting locally on %la:%u from %la:%u

Location:
/var/log/ltm

Conditions:
A tcpdump capture was started directly for a specific tmm.

Impact:
It is just an information message. The output of this tcpdump capture will contain only packets from the single specified tmm.

Recommended Action:
None.


013e0001 : Tcpdump starting bcast on %la:%u from %la:%u

Location:
/var/log/ltm

Conditions:
tcpdump was running to collect some traffic data. This message is internal to the BIG-IP implementation of tcpdump. It can be useful to correlate logs with the .pcap file content.

Impact:
Running tcpdump in a production environment can have some unexpected side effects.

Recommended Action:
None.


013e0002 : Tcpdump stopping on %la:%u from %la:%u

Location:
/var/log/ltm

Conditions:
Tool tcpdump, which was listening on a specific interface, stopped listening due to close, abort, or expire.

Impact:
None.

Recommended Action:
None.


013e0005 : Tcpdump starting remote to %A from %A

Location:
/var/log/ltm

Conditions:
A remote tcpdump session (tcpdump with the --remote-dest option) was started.

Impact:
Remote tcpdump session was started, so captured packets will be sent to the remote destination.

Recommended Action:
None.


013e0006 : Tcpdump to %A failed to connect : %E

Location:
/var/log/ltm

Conditions:
- A remote tcpdump session (tcpdump with the --remote-dest option) was attempted to be started.
- An attempt to connect to the remote destination resulted in a fatal error.

Impact:
Remote tcpdump session could not be started, so captured packets will not be sent to the remote destination.

Recommended Action:
The error code printed in the log message can be used to determine cause for failure. For example, "10" is ERR_RTE, which means there was a routing error. In this case it can be checked to see if the destination is reachable from the BIG-IP system.

A restart of the remote tcpdump session can be attempted to see if the condition is temporary.


013e0007 : Tcpdump stopping remote to %A from %A

Location:
/var/log/ltm

Conditions:
- A remote tcpdump session needs to have been successfully started (tcpdump with the --remote-dest option).
- This remote tcpdump session is now ending, whether it is due to user initiation of close or closure due to network or internal error conditions.

Impact:
The remote tcpdump session will not be functioning anymore, and captured packets will not be sent to the remote destination.

Recommended Action:
This message indicates that the remote tcpdump session is ending.
If it is user initiated, then there is nothing to be done.
If it is not user initiated, then normal troubleshooting using other LTM and TMM log messages can be used to see if the cause can be determined.

The only workaround is to restart the remote tcpdump session if this was not a user initiated closure.


013e0008 : Tcpdump ICMP error Type:%d Code:%d from %A

Location:
/var/log/ltm

Conditions:
- A remote tcpdump session (tcpdump with the --remote-dest option) was started.
- This remote tcpdump session encountered a fatal ICMP error.

Impact:
Remote tcpdump session will be stopped, so captured packets will not be sent to the remote destination anymore.

Recommended Action:
The Type and Code of the ICMP error can be used to determine what kind of a ICMP error was encountered, and actions to mitigate these could be done.
The Type and Code are standard from ICMP RFC 792.


01410000 : %s

Location:
/var/log/ltm

Conditions:
Debugging log message for RTSP.

Impact:
None.

Recommended Action:
None.


01410002 : RTSP: %s buffer length %u or header size %u exceeds max_header_size %u

Location:
/var/log/ltm

Conditions:
While parsing RTSP message, its header size is bigger than max.

Impact:
Session aborted.

Recommended Action:
Change RTSP profile configuration parameter max_header_size.


01410003 : RTSP: %s queued data %u exceeds max_queued_data %u

Location:
/var/log/ltm

Conditions:
Number of queued messages exceeds the configured max.

Impact:
Session aborted.

Recommended Action:
Change RTSP profile configuration parameter max_queued_data.


01410004 : RTSP: client_port and server_port not paired

Location:
/var/log/ltm

Conditions:
During final transport generation, a BIG-IP system combines what was in the client transport header with what was in the server transport header, and puts the result in the client session. Server parameters win. This is a warning about different server and client parameters.

Impact:
Just a warning.

Recommended Action:
None.


01410005 : RTSP: client_port and server_port not specified

Location:
/var/log/ltm

Conditions:
In the case of unicast or interleaved, no client ports specified.

Impact:
Session aborted.

Recommended Action:
Analyze the RTSP traffic.


01410006 : RTSP: multicast not compatible with unicast or interleaved

Location:
/var/log/ltm

Conditions:
During final transport generation, it turns out that the parameters are incompatible, namely multicast is combined with unicast or interleaved.

Impact:
The session is aborted.

Recommended Action:
Analyze the RTSP traffic.


01410007 : RTSP: incompatible port specifications

Location:
/var/log/ltm

Conditions:
Both multicast port and unicast/interleaved ports specified.

Impact:
Session aborted.

Recommended Action:
Analyze RTSP traffic.


01410008 : RTSP: no multicast port(s) specified

Location:
/var/log/ltm

Conditions:
In the case of multicast, no multicast port(s) specified.

Impact:
Session aborted.

Recommended Action:
Analyze RTSP traffic.


01410009 : RTSP: no multicast address specified

Location:
/var/log/ltm

Conditions:
In case of multicast, no multicast address specified

Impact:
Session aborted.

Recommended Action:
Analyze RTSP traffic.


0141000a : RTSP: Expiring active RTP peer connection

Location:
/var/log/ltm

Conditions:
Clean up both RTP and RTCP connections because a port is no longer available for one or both connections.

Impact:
Cleanup.

Recommended Action:
None.


0141000b : RTSP: Expiring active RTCP peer connection

Location:
/var/log/ltm

Conditions:
Clean up both RTP and RTCP connections because a port is no longer available for one or both connections.

Impact:
Cleanup.

Recommended Action:
None.


0141000c : RTSP: Expiring active RTP connection

Location:
/var/log/ltm

Conditions:
Clean up both RTP and RTCP connections because a port is no longer available for one or both connections.

Impact:
Cleanup.

Recommended Action:
None.


0141000d : RTSP: Expiring active RTCP connection

Location:
/var/log/ltm

Conditions:
Clean up both RTP and RTCP connections because a port is no longer available for one or both connections.

Impact:
Cleanup.

Recommended Action:
None.


0141000e : RTSP: release RTP peer conn flow

Location:
/var/log/ltm

Conditions:
Clean up both RTP and RTCP connections because a port is no longer available for one or both connections.

Impact:
Cleanup.

Recommended Action:
None.


0141000f : RTSP: release RTCP peer conn flow

Location:
/var/log/ltm

Conditions:
Clean up both RTP and RTCP connections because a port is no longer available for one or both connections.

Impact:
Cleanup.

Recommended Action:
None.


01410010 : RTSP: release RTP conn flow

Location:
/var/log/ltm

Conditions:
Clean up both RTP and RTCP connections because a port is no longer available for one or both connections.

Impact:
Cleanup.

Recommended Action:
None.


01410011 : RTSP: release RTCP conn flow

Location:
/var/log/ltm

Conditions:
Clean up both RTP and RTCP connections because a port is no longer available for one or both connections.

Impact:
Cleanup.

Recommended Action:
None.


01410012 : RTSP: Can't create RTP endpoints: %E

Location:
/var/log/ltm

Conditions:
During connflow setup, RTP endpoints cannot be created.

Impact:
The connflow setup is aborted.

Recommended Action:
Analyze the RTSP traffic.


01410013 : RTSP: Can't create RTCP endpoints: %E

Location:
/var/log/ltm

Conditions:
During connflow setup, RTCP endpoints cannot be created.

Impact:
The connflow setup is aborted

Recommended Action:
Analyze the RSTP traffic.


01410014 : RTSP: Failed to set up sa_entry on client

Location:
/var/log/ltm

Conditions:
While setting up the RTP and possibly RTCP connflows, source address cannot be obtained.

Impact:
Processing is aborted.

Recommended Action:
Analyze the RTSP traffic.


01410015 : RTSP: Can't find a port for media connections

Location:
/var/log/ltm

Conditions:
During processing of RTSP client setup request, port for media connections cannot be found.

Impact:
Event processing is aborted.

Recommended Action:
Analyze RTSP traffic.


01420001 : %s

Location:
/var/log/ltm

Conditions:
TMSH uses this code to indicate internal operation errors, possibly caused by user input. Often, the TMSH session is terminated along with this log message.

Some of the sample error messages for this code include:

1. Errors related to idle timeout.

"Unable to call thread method watch_time_left: "
"Unable to access user tty path"
"Failed to create timeout thread: "

2. Errors related to internal functioning of TMSH. These could also be user input related.

"fatal: <error_string>"
"exception: <error_string>"
"cfg exception: <error_string>"
"std exception: <error_string>"
"unexpected exception"
"boost assertion failed: <error_msg> file: <filename> line: <line_number>"

Impact:
TMSH application exits.

Recommended Action:
None.


01420002 : SAMPLE: tmsh - AUDIT - pid=13324 user=root query_partitions=all update_partition=Common module=(tmos)# status=[Command OK] cmd_data=list ltm virtual idnshare3-139

Location:
/var/log/audit

Conditions:
These messages appear whenever tmsh processes a command while auditing is turned on (GUI: system->logs->configuration->options->audit-logging->tmsh).

Impact:
These messages are strictly informational. They simply record the commands received by tmsh (and the success or failure there-of) for later use by auditors.

Recommended Action:
These messages do not represent warning or error conditions. They can be disabled by turning off the audit logging (see Conditions above).


01420003 : "%s"

Location:
/var/log/ltm

Conditions:
1. User sets cli global-settings idle-timeout. This idle timer expires.

The tmsh cli global-settings idle-timeout can be configured to terminate the user sessions. The timeout expiry results in the session termination along with this log generation.

"User idle time out reached; logged out of tmsh."

2. The roles for a user with an ongoing tmsh session changes.

"Your user account role has been changed, you must re-authenticate. Current session has been terminated."

3. User authentication failure.

"Cannot authenticate <username> with mcpd. mcpd did not return a result message elements. Current session has been terminated."

"Cannot load user credentials for user <username>. Current session has been terminated."

// failure to get result message from backend
"<msg> Current session has been terminated."

4. partition-access for the current user has changed.

"Your user account partition-access has been changed, you must re-authenticate. Current session has been terminated."

Impact:
Ongoing tmsh session terminates.

Recommended Action:
None.


01420004 : %s

Location:
/var/log/ltm

Conditions:
This is a user defined log message that allows a user with the role of administrator or resource administrator to log from a tmsh cli Tcl script. See "tmsh help cli script", the section on Logging. The tmsh Tcl script command is tmsh::log

Impact:
None.

Recommended Action:
None.


01420006 : %s

Location:
/var/log/ltm

Conditions:
Errors due to incorrect user entered data, syntax errors, or errors received from the backend database. This error does not result in termination of the TMSH session.

Some error strings include:

- "error opening %s: %s" when processing stats script commands.
- "Invalid input for tmsh idle-timeout: <value>. Value not changed."

Because extensive feature-specific and generic application errors map to this error code, exhaustive coverage of the error messages is not provided.

Impact:
None.

Recommended Action:
None.


01420007 : Certificate '%s' in file %s expired on %s

Location:
/var/log/ltm
console

Conditions:
The warning message is directly printed on the console right after the "tmsh run sys crypto check-cert" command is given.
The certificate specified in the warning message has been expired since the specified date.

Impact:
The expired certificates could fail some of the certificate verification process and hence fail the SSL connections that rely on these certificates.

Recommended Action:
Renew or remove the expiring certificates.


01420008 : Certificate '%s' in file %s will expire on %s

Location:
/var/log/ltm
console

Conditions:
The warning message is directly printed on the console right after the "tmsh run sys crypto check-cert" command is given.
The certificate specified in the warning message is going to expire within one month.

Impact:
The warning message doesn't indicate any error. It is to remind the user to update the certificates that will expire soon. If the user doesn't take any action, then those certificate will expire and it could fail some of the certificate verification process and hence fail the SSL connections that rely on these certificates.

Recommended Action:
Renew or remove the expiring certificates.


01420010 : %s

Location:
/var/log/ltm

Conditions:
A condition occurred in TMSH that might be caused by internal functioning errors, for example: could not connect to back end daemon etc.

Because several system conditions map to this error code, an exhaustive list is not provided. Instead, example error messages appear in the known issue text.

TMSH logs messages with this code when a nonfatal condition occurs for the application. The TMSH session does not terminate when this warning message is logged.

sys config component related warnings
- Failed: ("<message>)"
- "Getting emergency configuration options in /config/.bigip_emergency.conf from the last successful save."
- "Failure to save the temporary SCF. Error message: <message>"

Subscription related warnings
- "subscription cannot establish mcp connection\n"
- "subscription has failed to establish mcp connection. Exception: <message>"
- "subscriber identification failed. Exception: <message>"
- "subscription failed, no response from mcpd\n"
- "subscription failed: <message>"
- "subscription failed to register. Exception: <message>"
- "subscription failed to receive message. Exception: <message>"

master key related warnings
- "Exception during query for initial master key value\n"
- "General exception during query for initial master key value\n"

Impact:
None.

Recommended Action:
None.


01460005 : SAMPLE: promptstatusd - mcpd.running(1) held, wait for mcpd

Location:
This message appears in the LTM log.

Conditions:
The promptstatusd is the system service that keeps the files updated that control the dynamic parts of the bash and tmsh prompts. For example, this includes the part that shows whether the system is active, standby, offline, or waiting to come up.

These messages are of level 'warn', which may indicate that something is wrong. Since promptstatusd is a service that only reports information, it does not indicate a problem with promptstatusd, but with another part of the system. As one example, 'mcpd.running(1) held, wait for mcpd' indicates that mcpd has restarted and that promptstatusd is waiting for it to come up again.

Impact:
promptstatusd will return to a healthy state when the underlying condition is fixed.

Recommended Action:
Other errors, proximate in time, will describe the issue (for example, why mcpd restarted or is having trouble coming up). promptstatusd will return to normal once that issue is resolved.


01460006 : SAMPLE: promptstatusd - semaphore tmm.running(1) held

Location:
This message appears in the LTM log.

Conditions:
The promptstatusd is the system service that keeps the files updated that control the dynamic parts of the bash and tmsh prompts. For example, this includes the part that shows whether the system is active, standby, offline, or waiting to come up.

These messages are of level 'notice', which record state but do not require immediate action. For example, 'semaphore tmm.running(1) held' is a common log message, which means that the TMM is in the process of starting up.

Impact:
These are not error messages. No action is required.

Recommended Action:
These are not error messages. No action is required.


01460007 : SAMPLE: promptstatusd - semaphore tmm.running(1) released

Location:
This message appears in the LTM log.

Conditions:
The promptstatusd is the system service that keeps the files updated that control the dynamic parts of the bash and tmsh prompts. For example, this includes the part that shows whether the system is active, standby, offline, or waiting to come up.

These messages are of level 'info', which record state but do not require immediate action. For example, 'semaphore tmm.running(1) released' is a common log message, which means that the TMM just finished starting up, and things that depend on it are now allowed to proceed with their startup.

Impact:
These are not error messages. No action is required.

Recommended Action:
These are not error messages. No action is required.


01470000 : iSession: Connection error: %s:%u: %s:%d

Location:
/var/log/ltm

Conditions:
A fatal error occurred on an iSession tunnel, producing the following message:
01470000:3: iSession: Connection error: <function>:<line number>:<cause>, <TMM error>.
- The <function>:<line number> text identifies the code location.
- The <cause> text describes the error.
- The <TMM error> text provides the TMM error text.

There are three kinds of iSession tunnels: user data connections, deduplication control connections, and WAN optimization control daemon (wocd) connections.

Fatal errors include deduplication and compression codec errors, memory management errors, and iSession protocol errors.

Impact:
Transient errors on deduplication control connections are common when a deduplication endpoint is initializing. Deduplication connections and wocd connections are automatically re-established after a fatal connection error. User data connections must be re-established by the client application after a fatal connection error.

Recommended Action:
If iSession connection errors persist, verify network connectivity to the iSession peer endpoint associated with the aborted flows.


01470002 : iSession: tunnel %F: connection error: deduplication: unrecognized control message %d

Location:
/var/log/tmm

Conditions:
An iSession endpoint receives an invalid deduplication control message for an iSession connection.

Impact:
The iSession connection aborts.

Recommended Action:
None.


01470006 : iSession: tunnel %F: internal error: %s:%d: %s: %E; connection aborted

Location:
/var/log/tmm

Conditions:
A generic internal iSession error is logged when an error condition occurs that lacks a more specific log message. The message is logged when aborting an iSession; the connection fails to clean up pending deduplication cache hits.

Impact:
Memory associated with deduplication cache hits may leak.

Recommended Action:
None.


01470007 : iSession: internal error: %s:%d: %s: %E

Location:
/var/log/tmm

Conditions:
Unexpected TDR-2 internal errors are logged using this general error message.
The specific error message cause is supplied as an argument to this general error message. The "i_tdr2_detach_dedup_flow" argument indicates a failure to release a reference count for pending TDR-2 cache hit. The "isession_dedup_abort_ack_seg zero seg_idx" argument indicates an invalid segment index value of zero for a TDR-2 cache hit acknowledgement.

Impact:
Both errors described in the Conditions section occur when an iSession connection is being aborted. These errors might occur if datastor has been restarted.

Recommended Action:
If the errors persist, try "bigstart restart tmm".


01480001 : %s

Location:
/var/log/ltm

Conditions:
Contains one of the following:
- "Transaction is already sunk."
- "No transaction in progress to sink."

The message is displayed by the plugin framework when the transaction sinking api is incorrectly used, that is, a plugin signals the end of a L7 request, but it never signalled the start of a L7 request.

Impact:
The plugin affected may not function correctly.

Recommended Action:
Look for a plugin specific workaround.


01480002 : %s

Location:
/var/log/ltm

Conditions:
General high-level error message indicating function or subsystem failure. This is usually due to failure deeper in the system for other reasons.

Impact:
Specific functionality failed, error string indicates failure point.

Recommended Action:
Look for specific subsystem errors in order to determine why the function/subsystem failed.


01480010 : Got a message(%d) for a non existent flow

Location:
/var/log/ltm

Conditions:
A plugin, such as ASM, is configured on the virtual server. When a flow is aborted or expired there might still be control messages from the plugin queued. When the control messages are processed but the aborted flow is not found, this message is logged.

Impact:
None.

Recommended Action:
Investigate why flows are being aborted. Reasons that flows are aborted include external connection resets and the TMM aggressively aborting flows to free memory.


01480024 : Can't bind the flow, waiting for config response on channel %s

Location:
/var/log/ltm

Conditions:
The message appears when traffic is sent to a virtual server that has a plugin profile, and the TMM has not yet completed establishing a connection to the plugin. This usually occurs when there are configuration changes to the virtual server or the plugin. During configuration changes, the TMM and plugin negotiate the plugin configuration. This happens very quickly; however, in instances of high load, the TMM might try to accept a client connection before the TMM connection with the plugin has been established.

Impact:
Connections initiated while the plugin connection is not established will be dropped.

Recommended Action:
A successful configuration update to a virtual or plugin may display this message under high load but only briefly. If the messages persist, the plugin is not responding to the TMM request for a configuration update. The plugin may be restarting or had failed to start. Check the plugin specific configuration and status.


01480031 : headers limited to %d bytes

Location:
/var/log/ltm

Conditions:
A component implemented as a TM plugin failed to configure. The component attempted to subscribe to receive an HTTP header which was longer than supported. It's possible the component is internally subscribing to the long header based on a user configuration.

Impact:
The plugin will fail to configure if the user configuration causes the plugin to subscribe to the long header. This indicates an internal error where the plugin component failed to validate the configuration with appropriate feedback to the user.

Recommended Action:
What headers a plugin subscribes to depends on the component. Check the component configuration for any specification of long headers.


01490510 : %s: Initializing Access with max global concurrent access session limit: %d

Location:
/var/log/apm

Conditions:
- When the device boots up.
- When device license is reactivated.
- When add-on license is installed.
- In an HA setup, when the standby unit becomes active the first time.

Impact:
This is not an error message.

Recommended Action:
None.


01490523 : {{Access Profile, %s}{Partition, %s}{Session ID, %s}{Max Concurrent Sessions, %d}} "#0:#1:#2: Initializing Access with max global concurrent connectivity session limit: #3"

Location:
/var/log/apm

Conditions:
- When the device boots up.
- When device license is reactivated.
- When add-on license is installed.
- In an HA setup, when the standby unit becomes active the first time.

Impact:
This is not an error message.

Recommended Action:
None.


01490526 : %s: Initializing Access with max global concurrent connectivity session limit: %d

Location:
/var/log/apm

Conditions:
- When the device boots up.
- When device license is reactivated.
- When add-on license is installed.
- In an HA setup, when the standby unit becomes active the first time.

Impact:
This is not an error message.

Recommended Action:
None.


01490541 : Access using device name: %s and device ID: %.*s.

Location:
/var/log/apm

Conditions:
1. When the device boots up.
2. When the device name is updated.

Impact:
This is an informational message only.

Recommended Action:
None.


01490555 : %s: Initializing Access with max global concurrent url filtering session limit: %d

Location:
/var/log/apm

Conditions:
Message is observed when the URL Filtering license is initialized and the license key is used.

Impact:
This is not an error, but a notice that informs the user that URL Filtering license has been initialized.

Recommended Action:
None.


01490570 : PPP listener local address %A tunnel nexthop is NULL

Location:
/var/log/apm

Conditions:
PPP tunnel connection is disrupted and the nexthop destination is not present.

Impact:
While unbinding the tunnel listener, the NULL tunnel nexthop cannot release.

Recommended Action:
None.


014b0002 : RADIUS: %s error %lE

Location:
/var/log/ltm

Conditions:
If a 'persist' error is indicated, an error has been encountered while the BIG-IP device is attempting to determine what persistence record should be used for the connection. This can have multiple causes: ERR_BUF or ERR_VAL (however that is displayed in log messages) might mean that the RADIUS message is malformed in various ways; whereas, ERR_MEM means that the BIG-IP device was not able to allocate memory to perform an operation. Other values might also be logged.

Currently, 'persist' is the only class of error that is indicated by this message.

Impact:
If a persistence failure is encountered, RADIUS messages will be load-balanced afresh regardless of existing persistence records.

Recommended Action:
If RADIUS messages are arriving malformed, you can disable persistence on the virtual server, or you can fix the equipment sending the malformed messages.


014c0001 : DIAMETER: %s error: %lE

Location:
This error is logged in /var/log/ltm and can take a few forms:

err tmm1[6286]: 014c0001:3: diameter process ingress error Improper version
err tmm4[7361]: 014c0001:3: diameter hud_dime_handle error Prerequisite operation not in progress
err tmm2[15195]: 014c0001:3: diameter rexmit_callback error Hudfilter teardown
err tmm2[15195]: 014c0001:3: diameter process ingress error Not found
err tmm1[8269]: 014c0001:3: diameter process ingress error Illegal value

Conditions:
This message will be logged if an exception arises in the following conditions:
1. The diameter retransmit callback is called and the message cannot be retransmitted.
2. An egress message fails to be rewritten or the i/o queue fails to be processed.
3. The watchdog callback has been called and a signal fails to be sent to the watchdog.
4. The diameter event handler has been called and one of 23 errors occurs. The most common of these is "Prerequisite operation not in progress," which usually occurs if handshake fails.
5. The input cannot be parsed, or the i/o queue cannot be processed on ingress.
6. An invalid AVP query is attempted.

Impact:
In each condition, an error is logged. In all cases except the invalid AVP case, a HUDEVT_ABORTED event is created and handled.

Recommended Action:
1. If the retransmit callback is called and the message cannot be retransmitted, there is no workaround. To mitigate this problem, try increasing the retransmit attempt limit in the profile configuration.
2. If an egress message cannot be written, it's because an AVP is too big or un-parseable. Make sure peer servers are sending well-formed AVPs.
3. If the watchdog callback fails, it's because of an out of memory error. Try reducing traffic on this hardware, or try making changes to the configuration to free more memory, such as removing unneeded iRules or changing the persistence timeout.
4. If a handshake fails, check your network status and ensure proper configuration of the diameter peer that failed the handshake.
5. If parsing the input fails, it means that the input is not properly formed, or an out of memory error has occurred. Check that you have adequate resources and ensure proper configuration of diameter peers. If the error message says "Improper version," make sure the version of tmos you're running supports the messages you're receiving.
6. If an invalid AVP query occurs, a peer has passed an invalid AVP, possibly maliciously. Make sure the diameter peer is properly configured.


014c000f : DIAMETER: Invalid AVP length: %d

Location:
/var/log/ltm

Conditions:
Actual AVP length does not match the declared one.

Impact:
Session aborted.

Recommended Action:
Diameter traffic should be analyzed.


014c0010 : DIAMETER: Invalid AVP code

Location:
/var/log/ltm

Conditions:
Error while configuring diameter profile persistence.

Impact:
Diameter profile persistence should be reconfigured.

Recommended Action:
Diameter profile persistence should be reconfigured.


014c0010 : DIAMETER: Invalid AVP length: %d

Location:
/var/log/ltm

Conditions:
The attribute-value pair (AVP) header's AVP length doesn't match the real AVP content's length.

Impact:
The connection might be reset.

Recommended Action:
None.


014c0011 : DIAMETER: Invalid AVP code

Location:
/var/log/ltm

Conditions:
The Diameter MRF AVP persistence is enabled, and the persistence configuration doesn't provide the correct format such as: avp1[index1]:avp2[index2]:avp3[index3] ...
or the AVP code cannot be found.

Impact:
The persistence won't work and the connection will be aborted. But it should never be in this situation. The MCP validation will catch the error configuration beforehand.

Recommended Action:
None.


014c0012 : DIAMETER: Invalid event

Location:
/var/log/ltm

Conditions:
Unexpected event occurs, for example, a message that is not suitable for a given diameter scenario.

Impact:
Message handling is aborted.

Recommended Action:
Capture the traffic and analyze it.


014e0001 : mysql failure detected, attempting to restart mysql (attempt %d).

Location:
/var/log/ltm

Conditions:
The HA subsystem has detected that the MYSQL Daemon has failed, and is attempting to restart it.

Impact:
Components that use MYSQL will not function correctly until the MYSQL Daemon has restarted successfully.

Recommended Action:
Wait for the restart to complete.


014e0003 : mysql service back online.

Location:
/var/log/ltm

Conditions:
A previous failure of the MYSQL Daemon has recovered.

Impact:
MYSQL sercvices hve been restored.

Recommended Action:
None.


014e0007 : mysqlhad starting to monitor mysqld

Location:
/var/log/ltm

Conditions:
The HA subsystem has begun monitoring the MYSQL daemon. This will occur whenever the MYSQL daemon starts.

Impact:
None.

Recommended Action:
None.


014f0001 : %s

Location:
/var/log/ltm

Conditions:
scriptd is starting.

Impact:
This is not an error message. No action is necessary. The system is likely starting up.

Recommended Action:
None.


014f0002 : %s

Location:
/var/log/ltm

Conditions:
scriptd is stopping.

Impact:
This is not an error message. No action is necessary. The system is likely shutting down.

Recommended Action:
None.


014f0004 : %s

Location:
/var/log/ltm

Conditions:
An error occurred, usually one generated by a running Tcl script. Some of the more common errors are:

"Lost connection to mcpd": mcpd restarted; therefore, scriptd automatically restarted in order to reconnect to it. No action is required.

"stopping worker process (....) socket error": scriptd maintains a pool of processes, and one of these had an issue and therefore was killed. This requires no action; scriptd will start up another one as necessary.

"scriptd, initialization failed": Another scriptd process is running. This is an F5 bug, but one that does not affect system functionality. No action is required.

Impact:
An iApp template or iCall script is likely failing.

Recommended Action:
Examine the error message to determine the issue.


014f000e : Becoming primary cluster member

Location:
/var/log/ltm

Conditions:
scriptd is running on a chassis, and a new blade became the cluster primary. This message prints on the primary blade to indicate that this scriptd instance is now working. (scriptd does nothing on secondary blades.)

Impact:
This is not an error message. No action is necessary.

Recommended Action:
None.


014f0013 : Script (%s) generated this Tcl error: (%s)

Location:
/var/log/ltm

Conditions:
"Script (%s) generated this Tcl error: (%s)"

The first %s in the string is the name of the script that failed. The second %s is the actual error reported by the script.

This is an error in a TCL script used for iCall. This error message will occur at each invocation of the script, which can be periodic or event-triggered depending on iCall configuration.

An error can be:
- Syntax error.
- TCL initialization error.
- Requires iApp and iApp::legacy packages, which failed to load.
- Requires bash access.
- Script failed to complete.

Impact:
This means the iCall script is not working, and whatever its intended purpose was is not being completed. Further impact can only be determined by examining the contents of the script.

Recommended Action:
Read the error appearing after the log entry "generated this TCL error:", and correct the cause of the error. It reports the error from the script that's being run, and should aid in your script troubleshooting efforts. The reported error is script dependent.

If the error message reads "(Syntax Error: A port number or service name is missing for "21", please specify a port number or service name using the syntax "21:<port>".

If the message appears while executing "exec /usr/libexec/aws/autoscale/aws-autoscale-pool-manager.sh" line:1))", it could be due to the pool name having the same name as the autoscale group name. The names need to be different, and changing the pool name or the AWS group name will correct this problem.

If you have passwords or other strings with a $ character in your custom script, the TCL interpreter might be interpreting the string after the $ as a variable, which could also be triggering the error.


014f0017 : Perpetual handler (%s) exited with failure

Location:
/var/log/ltm

Conditions:
An iCall perpetual handler object was deleted, or scriptd was shutting down.

Impact:
The handler will not process events until restarted.

Recommended Action:
Restart the handler using this tmsh command: "restart sys icall handler perpetual <name>".


01510003 : %s

Location:
/var/log/ltm

Conditions:
This message can indicate a few different serious errors in vcmpd.

"Guest has invalid macsa data or mac pool size. To correct this issue, the guest must be taken to configured state and then redeployed."

"Guest Install failed."

"ShmBlock id(0x) does not match shm key (0x)"

"MgmtNet id(X) does not match (Y)"

A generic critical message might also be seen if the guest fails to start or shut down properly.

Impact:
Impact varies based on the message, but all of the messages indicate a serious issue preventing the guest from starting or shutting down.

Recommended Action:
Most of these indicate an internal validation error with no obvious workaround. For the macsa case, the guest must be taken to the configured state and redeployed.


01510004 : %s

Location:
/var/log/ltm

Conditions:
This is a generic error message that could indicate a variety of error conditions related to vcmpd and vCMP guests.

Impact:
Impact varies depending on the specified error string. The error string itself will provide additional information about impact.

A few examples:
"vCMP is NOT provisioned. Will exit."
vCMP must be provisioned on the host to run vCMP guests.

"Timeout waiting for all VMs to exit"
If VMs take too long to exit the process will be killed immediately.

"Could not create tmstat segment "
vCMP guest stats might be inaccurate or not appear

"MCP object exists for nonexistent template: errno: deleting invalid mcp object"
No impact.

"guest is starting with no trunk virtual mbrs"
Guest may fail to launch and will not function properly.

"License file () not found. Delaying VCMPD start up."
A valid license file is required for vCMP guests to deploy.

Recommended Action:
Workaround varies depending on the specified error string. The error string itself will provide information about possible workaround.

A few examples:
"vCMP is NOT provisioned. Will exit."
Provision vCMP on the host system.

"Timeout waiting for all VMs to exit"
No workaround. It is possible that heavy activity on the guest or host is delaying the shutdown process.

"MCP object exists for nonexistent template: errno: deleting invalid mcp object"
No workaround, the code will detect and attempt to correct the error condition.

"guest is starting with no trunk virtual mbrs"
Take the guest to configured state and attempt to reprovision/redeploy.

"License file () not found. Delaying VCMPD start up."
A valid license file is required for vCMP guests to deploy.


01510005 : SAMPLE: vcmpd - VDisk (LBEMP-LOTWAN01.img/1): Failed to save info file - /shared/vmdisks/LBEMP-LOTWAN01.info

Location:
/var/log/ltm

Conditions:
This is a generic message that could indicate a variety of warning conditions related to vcmpd and vCMP guests. In general these are conditions that are worth noting but not as serious as an error.

Impact:
Impact varies depending on the specified warning string. The error string itself might provide additional information about impact.

Examples:
"Watchdog shared memory was not cleaned up."
"HAL shared memory was not cleaned up."
"Management network taps were not shutdown properly."
No real impact here, the system will attempt to correct the error condition before starting the guest.

"Failed to find enum definition ()"
Specific enum will not be mapped to a string.

"Info file dir () could not be created. Guest will be missing info files."
Guest vminfo files will not be created.

Recommended Action:
Most of these conditions are informational and there is no workaround.


01510007 : %s

Location:
/var/log/ltm

Conditions:
This is an informational log that reports various guest conditions during normal operation such as adding/removing vDisks, deleting files, and guest setup/shutdown.

Impact:
None.

Recommended Action:
None.


01510011 : vCMP guest %s powered off.

Location:
/var/log/ltm

Conditions:
This message is logged whenever the vCMP guest is shut down.

Impact:
The specified vCMP guest is no longer running.

Recommended Action:
None.


01530007 : %s started ===============================

Location:
/var/log/ltm

Conditions:
The DNS Express zone transfer daemon (zxfrd) has successfully initialized and started operating.

Impact:
The zone transfer daemon is ready to perform zone transfers as required.

Recommended Action:
No action required for a single instance of this message. It is a notification displayed when the zone transfer daemon starts up.

If this message persists then it might indicate that a separate issue is causing the zone transfer daemon to restart in a loop. Other log messages should be investigated to determine the cause.


0153002c : An instance of zxfrd (pid: %d) is already running! Exiting

Location:
/var/log/ltm

Conditions:
An instance of the DNS Express zone transfer daemon (zxfrd) has attempted to start while another instance was already running.

This is most likely to occur if an instance of the zone transfer daemon was manually started through '/var/service/zxfrd/run'.

Impact:
The second instance of the DNS Express zone transfer daemon will exit leaving the first to continue processing.

Recommended Action:
If there is a single instance of this message, occurring in a situation where the system or zxfrd has recently been started, then there is likely no issue and no action required.

If this message persists or is occurring in a situation where the system or zxfrd has not recently been started, then it might indicate a problem with the status of zxfrd. Restarting the zone transfer daemon by running the command 'bigstart restart zxfrd' as root, might resolve the issue.


01531003 : Failed to sign zone transfer query for zone %s using TSIG key %s

Location:
/var/log/ltm

Conditions:
The DNS Express zone transfer daemon (zxfrd) encountered an error while attempting to sign a zone transfer query for the specified zone using the specified TSIG key.

Impact:
The zone transfer query will not be sent, causing the zone transfer to fail. This in turn might cause the associated zone to be marked invalid and will not be available for dns queries until a successful zone transfer is completed.

Recommended Action:
Verify that the associated TSIG key is correct and that the secret value entered for this key comes from the appropriate key generation utility, such as BIND's "keygen".


0153100c : Failed on receive of %d bytes for transfer of zone %s (%s)

Location:
/var/log/ltm

Conditions:
There was a connection error during a zone transfer for the specified zone. The type of error is specified by the parenthesized portion of the message.

Impact:
The zone being transferred might not be available until a successful zone transfer is completed.

Recommended Action:
Use the parenthesized portion of the log message, combined with other log messages, to diagnose and correct the connection error. The system will automatically schedule a new zone transfer attempt.


0153100e : Transfer of zone %s failed with rcode (%s).

Location:
/var/log/ltm

Conditions:
This error indicates that DNS Express was not able to perform a zone transfer from a master nameserver.

Impact:
If the zone has never been transferred successfully, the zone will not be available. If the zone has previously successfully transferred, it will not be updated until the issue is resolved. If the issue is not resolved before the zone expiration time, the zone will no longer be available on the BIG-IP until the next successful transfer.

Recommended Action:
The rcode in the error message is provided by the master nameserver and can be used to investigate why the master nameserver was not able to provide the zone transfer.


01531010 : Transfer of zone %s failed b/c there are no records

Location:
/var/log/ltm

Conditions:
This error is generated by DNS Express when a zone transfer answer is received from a master nameserver with no records. At a minimum, there should be SOA records in the answer, even if there are no zone resource records.

Impact:
If the zone has never been transferred successfully, the zone will not be available. If the zone has previously successfully transferred, it will not be updated until the issue is resolved. If the issue is not resolved before the zone expiration time, the zone will no longer be available on the BIG-IP until the next successful transfer.

Recommended Action:
Configuration on the master nameserver should be investigated to determine why a malformed zone transfer response is being generated.


01531015 : Failed to retrieve next RR in %s for zone %s

Location:
/var/log/ltm

Conditions:
This error message can only occur when the zone transfer daemon (zxfrd) is processing a response to a zone transfer request. The message means that zxfrd was unable to obtain the next resource record from the packet it is processing.

This can occur if:
- The data in the response is incomplete
- The data in the response is garbled
- The number of records in the ANSWER section of the transfer does not match the amount indicated in the DNS header.

Impact:
This message indicates that the zone transfer has failed and will be rescheduled. If the issue is persistent and prevents a successful transfer from succeeding before the zone expiration time, the zone will no longer be available on the BIG-IP until the next successful transfer.

Recommended Action:
If the issue is persistent, configuration and logs on the master nameserver or intermediate network devices should be investigated to determine why the BIG-IP cannot successfully complete a zone transfer.


01531018 : Failed to transfer zone %s from %s, will attempt %s

Location:
/var/log/ltm

Conditions:
This error indicates that a zone transfer attempt failed. The first argument is the name of the zone, the second is the master nameserver, and the third is the next type of transfer attempt that will occur (AXFR or IXFR). This message should be seen in conjunction with a more specific error message that gives more details about the failure.

Impact:
If the zone has never been transferred successfully, the zone will not be available. If the zone has previously successfully transferred, it will not be updated until the issue is resolved. If the issue is not resolved before the zone expiration time, the zone will no longer be available on the BIG-IP until the next successful transfer.

Recommended Action:
The BIG-IP system continues to attempt to transfer the zone. The cause of this issue could be incorrect configuration on the BIG-IP system, such as the wrong master nameserver IP address, network configuration issues that prevent the BIG-IP system from reaching the master, or configuration issues on the master nameserver, such as incorrect ACLs.

Additional log messages should provide context as to the cause of the transfer failure.


0153101b : Ignoring NOTIFY for zone %s due IXFR in progress

Location:
/var/log/ltm

Conditions:
The DNS Express zone transfer daemon (zxfrd) has received a zone change notification (DNS notify) for the specified zone, but that zone has an incremental zone transfer in progress.

Impact:
The received zone change notification is ignored.

Recommended Action:
There is no action required. The system is simply displaying that it has received the notification and has chosen to ignore it, under the assumption that the current zone transfer will include the change notifications.


0153101c : Handling NOTIFY for zone %s

Location:
/var/log/ltm

Conditions:
The DNS Express zone transfer daemon (zxfrd) is logging that it has received a zone change notification (DNS notify) for the specified zone.

Impact:
A zone transfer will be scheduled to begin within a short period of time for the specified zone.

Recommended Action:
None.


0153101f : %s Transfer of zone %s from %s succeeded

Location:
/var/log/ltm

Conditions:
The DNS Express zone transfer daemon (zxfrd) has successfully completed transferring a zone.

Impact:
The records being transferred are now available on the system and can be returned as the result of incoming dns queries.

Recommended Action:
None.


01531023 : Scheduling zone transfer in %ds for %s from %s

Location:
/var/log/ltm

Conditions:
This message occurs whenever the zone transfer daemon (zxfrd) schedules a zone transfer from a master nameserver.

The logging level for this message was changed from NOTICE to DEBUG beginning in version 11.3.0.

Impact:
The conditions that this message indicates are normal and expected. There is no negative impact to the system.

Recommended Action:
None.


01531025 : Serials equal (%d); transfer for zone %s complete

Location:
/var/log/ltm

Conditions:
This message occurs whenever the zone transfer daemon (zxfrd) requests a zone transfer from a master nameserver and there have been no changes to the zone since the last successful zone transfer.

The logging level for this message was changed from NOTICE to DEBUG beginning in version 11.3.0.

Impact:
The conditions that this message indicates are normal and expected. There is no negative impact to the system.

Recommended Action:
None.


0153102a : Failed connect callback to %s for transfer of zone %s

Location:
/var/log/ltm

Conditions:
This is primarily a diagnostic error message used to provide additional context when a zone transfer fails. The failure is most likely due to a network connectivity or network configuration problem.

Impact:
If the zone has never been transferred successfully, the zone will not be available. If the zone has previously successfully transferred, it will not be updated until the issue is resolved. If the issue is not resolved before the zone expiration time, the zone will no longer be available on the BIG-IP until the next successful transfer.

Recommended Action:
Use this log message in conjunction with other ZXFR log messages that should appear with it to help diagnose the cause of the failure. Investigate network connectivity between the BIG-IP and master nameserver and verify network configuration on all devices including intermediate switches/firewalls.


01531105 : Zone %s expired. Zone will be unavailable until the next successful zone transfer.

Location:
/var/log/ltm

Conditions:
A zone that was transferred to this system has expired.

Impact:
The expired zone will not be available to dns queries until another zone transfer is successfully completed.

Recommended Action:
None.


01531300 : Cluster status changing from %s to %s

Location:
/var/log/ltm

Conditions:
The DNS Express zone transfer daemon (zxfrd) detected that the cluster state has changed. This generally occurs when a blade in a clustered system changes its offline/online status.

Impact:
Depending on the new cluster status, the DNS Express zone transfer daemon (zxfrd) might start or stop zone transfers on this blade. The primary blade on a clustered system handles zone transfers to the system.

Recommended Action:
No action is directly required by this message. However, if this state change was unexpected or unintended, then there should be other log messages on the system, indicating what caused the specified status change. Corrective action can be taken based upon those messages.


0153e0f7 : Lost connection to mcpd

Location:
/var/log/ltm

Conditions:
The DNS Express zone transfer daemon (zxfrd) has lost its connection to the configuration daemon (mcpd). This is expected to be a recoverable transient condition, most likely seen when mcpd has restarted.

Impact:
zxfrd will restart in an attempt to restore its connection with mcpd. Until zxfrd is able to restore its connection to mcpd, zone transfers will not be attempted.

Recommended Action:
The message indicates a problem communicated with mcpd. If the message persists, the logs should be investigated to determine what could be affecting mcpd. If zxfrd is having trouble, other daemons will be as well.


01550004 : Critical:

Location:
/var/log/ltm

Conditions:
During initialization, a critical resource supporting expected operation of the data plane was found to be malfunctioning or missing.

Impact:
The BIG-IP system is not allowed not to go Active. Access to logs and tmsh commands are still possible, since the BIG-IP system continues to run.

Recommended Action:
A reboot or power cycle of the platform hardware might remedy the situation.


01550005 : Critical:

Location:
/var/log/ltm

Conditions:
During initialization of the platform software, no configuration module is detected in a configuration module slot where a configuration module is expected.

Impact:
The BIG-IP system is not allowed not to go Active. Access to logs and tmsh commands are still possible, since the BIG-IP system continues to run.

Recommended Action:
None.


01550006 : Critical:

Location:
/var/log/ltm

Conditions:
During initialization of the platform software, an unsupported Configuration module is detected in one of the platform's configuration module slots.

Impact:
A Configuration Module not supported by the platform has been detected in one of the platforms configuration module slots. The platform hardware should not be used in this condition. The BIG-IP system is not allowed not to go Active. Access to logs and tmsh commands are still possible, since the BIG-IP system continues to run.

Recommended Action:
None.


01570004 : %s

Location:
/var/log/ltm

Conditions:
The connection from lldpd to mcpd is lost. Most possibly mcpd is down or restarted.

Impact:
The lldpd daemon will be restarted and try to connect to mcpd again.

Recommended Action:
None.


015a0000 : SAMPLE: devmgmtd - Initial trust configuration created

Location:
/var/log/ltm

Conditions:
First boot of the device, or reset of the trust domain.

Impact:
This is not an error condition. The system is behaving normally.

Recommended Action:
None.


015a0004 : "%s"

Location:
/var/log/ltm

Conditions:
This error code represents any error in devmgmtd, the daemon used for establishing CMI trust between devices.

Impact:
It is likely that the trust setup failed.

Recommended Action:
Retry creating trust between devices.


015c0004 : %s

Location:
/var/log/ltm

Conditions:
This general error message originates from the iprepd daemon.
These errors typically relate to network availability, brightcloud.com availability, DNS lookups, or memory issues.

Impact:
The iprepd daemon cannot connect to the brightcloud.com service. Consequently, it cannot diagnose traffic coming from IPs with bad reputations. Related features (for example, ASM or irules) will not work, or work with a non-updated IPs database.

Recommended Action:
A customer usually needs to check and fix the network connection or the dns setup. There is no other workaround.


015c0009 : IP Reputation has no license currently

Location:
/var/log/asm

Conditions:
This error message originates from the iprepd daemon.
This error indicates that there is no valid license for the IP Intelligence feature.

Impact:
IP Intelligence feature cannot be used.

Recommended Action:
Update IP Intelligence license.


015c0010 : Initial load of IP Reputation database has been completed

Location:
/var/log/ltm

Conditions:
The IP Reputation database has been downloaded for the first time by the BIG-IP device from the BrightCloud server.

Impact:
From now on, the BIG-IP device can use the IP Reputation database.

Recommended Action:
This message indicates when the IP Intelligence feature starts to work.


015e0002 : [pg:%d pu:%d] %s: %s

Location:
/var/log/ltm
/var/log/tmm

Conditions:
Examples:
015e0002:5: [pg:0 pu:0] Acquired lock on new blob: pktclass1
015e0002:5: [pg:0 pu:0] Loaded blob: pktclass1
015e0002:5: [pg:0 pu:0] Activated blob: pktclass1

This log is a notification of the new security firewall blob being loaded and activated on TMM when there's a new security firewall rule/policy change.

Impact:
No impact on the BIG-IP operation. This log is just a notification that security firewall blob is been updated successfully.

Recommended Action:
None.


015e0004 : [pg:%d pu:%d] %s: %s

Location:
/var/log/tmm, /var/log/ltm

Conditions:
The TMM process failed to load information from the PCCD service. This can occur when there is a problem accessing one of PCCD's files.

Impact:
None of the L2-L4 firewall policies will be enforced.

Recommended Action:
From the Advanced Shell (also known as "bash"), run the following two commands:
# rm -f /var/pktclass/*
# tmsh restart sys service pccd


01630002 : (%s) (%s)

Location:
/var/log/ltm

Conditions:
Log template is used for several different messages:
 1. "(Failed to open new read-only trans for query) (listener_name)"
 2. "(Failed to close transaction) (listener_name)"
 3. "(Failed to allocate for sflow_data_source_ctx) (listener_name)"
 4. "(context_owner) (Failed to connect. len(number).)"
 5. "(context_owner) (Last sample yet to be sent. size(number).)"
 6. "(context_owner) (Datagram too big. size(number) max(number).)"
 7. "(context_owner) (Unable to clone xb(length) to ctx->xb(length).)"
 8. "(context_owner) (Failed to send data down. len(%d).)"
 9. "(context_owner) (Failed to construct records for this sample id(0x%x).)"
 10. "(context_owner) (Unable to find datasource ctx for id=%d.)"

Impact:
1. An internal database and/or system memory issue occurred that can affect other system functions.
2. An internal database issue (transaction leak) occurred that can slow performance over time.
3. System is out of memory.
4. SFlow connection failure results in no response to client query.
5. Connectivity issues delaying sflow response.
6. Illegally formatted datagram was encountered and dropped.
7. Object pool exhaustion. Will affect sflow stats if condition persists.

Recommended Action:
1. Reboot Big-IP blade/system.
2. Reboot Big-IP blade/system.
3. Reboot Big-IP blade/system.
4. No workaround.
5. Troubleshoot network connectivity.
6. No workaround.
7. No workaround.
8. No workaround.
9. Reboot Big-IP blade/system.
10. No workaround.


01660004 : %s

Location:
/var/log/ltm

Conditions:
The Pfmand device monitor has lost a connection to mcpd. The pfmand (Physical Function Manager daemon) is responsible for tracking the state of SR-IOV physical functions on the Stratos platforms.

Impact:
Pfmand cannot run without a connection to mcpd. It is expected that pfmand will be restarted when mcpd is restarted.

Recommended Action:
None.


01660009 : %s

Location:
/var/log/ltm

Conditions:
An external interface on a BIG-IP 2000/2200/4000/4200 has experienced a change in link status. For example, when plugging or unplugging the network cable, the remote side device has gone offline or come online.

Impact:
As per the INFO log level, this is not an error. If a port has an unexpected link change event (not caused by manually enabling, disabling, plugging, unplugging, changing port, link configuration, or powering the local or remote device on or off), check for accidentally unplugged cables and the like.

Recommended Action:
None.


01660010 : %s

Location:
/var/log/ltm

Conditions:
Messages will look like the following for a 40G/100G interface:
- DDM interface:5.0 transmit power too high warning.Transmit power(mWatts) 1.2940 1.2418 1.2640 0.9623
- 1G/10G interface errors will only show one one lane of laser power:
- DDM interface:6.0 receive power too low alarm. Received power:0.0000 mWatts

DDM (Digital Diagnostic Monitoring) Warning messages are written for 4 conditions when laser power exceeds the optical transceiver's manufacturing specifications. Warnings are less serious than DDM alarms.
- Transmit optical laser power too low
- Transmit optical laser power too high
- Receive optical laser power too low
- Receive optical laser power too high

Impact:
These warnings are for informational purposes, indicating an optical transceiver has laser levels outside the optical transceiver manufacturer recommended range. This does not indicate any specific functional failure.

Recommended Action:
The AskF5 knowldege article "Monitoring BIG-IP System Traffic with SNMP" provides these recommended actions for each of these DDM conditions.

Refer to the text of the alert: is it a low or high alarm? Is it a transmit or receive alarm? The action to take for F5 branded optics (the following troubleshooting steps) depends on a condition derived from the two states (low/high and transmit/receive):

Low (Alarm)/Transmit (Alarm): See if the BCM port is enabled. If not, then enable it.
High (Alarm)/Transmit (Alarm): Hot swap extract and insert F5 Optics multiple times. Check to see if a link comes up without a DDM error after each insertion. If a problem persists, then it is a bad F5 Optic.
Low (Alarm)/Receive (Alarm): Verify F5 optics module with local loopback cable. Verify that the transmission power on the other end of the cable is correct. Recheck the optical link budget calculations. Clean the optical cables, connectors, and/or lens. For any receive problem, look at the transmitter to make sure it is okay and the correct protocol.
High (Alarm)/Receive (Alarm): Check the protocol setting on both link partners and make sure they are compatible. Verify the transmission power on the other end is okay. Recheck the optical link budget calculations. For any receive problem, look at the transmitter to make sure it is okay and the correct protocol.


01660011 : %s

Location:
/var/log/ltm

Conditions:
Messages will look like the following for a 40G/100G interface:
- DDM interface:5.0 transmit power too high alarm.Transmit power(mWatts) 1.2940 1.2418 1.2640 0.9623
- 1G/10G interface errors will only show one one lane of laser power:
- DDM interface:6.0 receive power too low alarm. Received power:0.0000 mWatts

DDM (Digital Diagnostic Monitoring) Alarm messages are written for 4 conditions when laser power exceeds the optical transceiver's manufacturing specifications. Alarms are more serious than DDM warnings.
- Transmit optical laser power too low
- Transmit optical laser power too high
- Receive optical laser power too low
- Receive optical laser power too high

Impact:
These alarms are for informational purposes, indicating an optical transceiver has laser levels outside the optical transceiver manufacturer recommended range. This does not indicate any specific functional failure.

Recommended Action:
The AskF5 knowldege article "Monitoring BIG-IP System Traffic with SNMP" provides these recommended actions for each of these DDM conditions.

Refer to the text of the alert: is it a low or high alarm? Is it a transmit or receive alarm? The action to take for F5 branded optics (the following troubleshooting steps) depends on a condition derived from the two states (low/high and transmit/receive):

Low (Alarm)/Transmit (Alarm): See if the BCM port is enabled. If not, then enable it.
High (Alarm)/Transmit (Alarm): Hot swap extract and insert F5 Optics multiple times. Check to see if a link comes up without a DDM error after each insertion. If a problem persists, then it is a bad F5 Optic.
Low (Alarm)/Receive (Alarm): Verify F5 optics module with local loopback cable. Verify that the transmission power on the other end of the cable is correct. Recheck the optical link budget calculations. Clean the optical cables, connectors, and/or lens. For any receive problem, look at the transmitter to make sure it is okay and the correct protocol.
High (Alarm)/Receive (Alarm): Check the protocol setting on both link partners and make sure they are compatible. Verify the transmission power on the other end is okay. Recheck the optical link budget calculations. For any receive problem, look at the transmitter to make sure it is okay and the correct protocol.


01660012 : %s

Location:
/var/log/ltm

Conditions:
Messages will look like the following:
- DDM interface:2.0 transmit power too low warning cleared
- DDM interface:2.0 receive power too low warning cleared

A warning condition detected by Digital Diagnostic Monitoring (DDM) has been cleared.
Warnings can be cleared for transmit or receive, high or low optical laser power levels.

Impact:
None.

Recommended Action:
None.


01660013 : %s

Location:
/var/log/ltm

Conditions:
Messages will look like the following:
DDM interface:2.0 transmit power too low alarm cleared
DDM interface:2.0 receive power too low alarm cleared

An alarm condition detected by Digital Diagnostic Monitoring (DDM) has been cleared.
Alarms can be cleared for transmit or receive, high or low optical laser power levels.

Impact:
None.

Recommended Action:
None.


01660014 : %s

Location:
/var/log/ltm, LCD

Conditions:
Unsupported optic in interface:<InterfaceName> See support.f5.com SOL8153 for restrictions on third-party hardware components.

When a non-F5 100G optic is detected.

Impact:
Non-F5 100G optics will not have the proper tuning values applied and will not function.

Recommended Action:
Use an F5 100G optical transceiver.


01660015 : Interface %s. Non-F5 branded optics are not supported

Location:
/var/log/ltm

Conditions:
This is an obsolete error message that will never appear.

Impact:
None.

Recommended Action:
None.


01660016 : %s

Location:
/var/log/ltm, LCD

Conditions:
The BIG-IP system has detected that the wrong speed optic is in an interface on an i2000 or i4000 series appliance. Two different messages are possible: one for the 1GbE optic in a 10G interface, and one for a 10GbE optic in a 1G interface:

 err pfmand[6082]: 01660016:3: Interface 3.0 detected a non 1GbE optic
 err pfmand[6082]: 01660016:3: Interface 6.0 detected a non 10GbE optic

Impact:
The optic will not function.

Recommended Action:
Move the optic to an interface of the correct speed.


01670003 : Inbound entry %A,%d,%A,%A found

Location:
/var/log/ltm

Conditions:
This is a debug message, enabled by setting sys db variable log.lsn.level to "Debug". This debug message is logged when an LSN inbound connection is received and the inbound entry is found in the TMM internal database. During normal operation, log.lsn.level must be set to "Error". This debug message only exists in 11.x.x releases.

Impact:
None.

Recommended Action:
Set sys db log.lsn.level to "Error".


01670006 : [%u.%u] DNAT Picked :%A,%d

Location:
/var/log/ltm

Conditions:
DNAT has chosen a translation endpoint, and debug logging is enabled.

Impact:
None.

Recommended Action:
None.


01670009 : Inbound connection :%A,%d is active

Location:
/var/log/ltm

Conditions:
This is a debug message, enabled by setting sys db variable log.lsn.level to "Debug". This message is logged when we fail to add an inbound entry because the entry already exists. If this happens, TMM will try to pick a different translation IP:port. During normal operation log.lsn.level must be set to "Error". This debug message only exists in 11.x.x releases.

Impact:
None.

Recommended Action:
Set sys db log.lsn.level to "Error".


01670010 : Inbound entry:%A%%%d:%d, ds-lite remote:%A local:%A timeout:%d for key:%A%%%d:%d proto:%d added. ha mirrored: %s

Location:
/var/log/ltm

Conditions:
This is a debug message, enabled by setting sys db variable log.lsn.level to "Debug". This debug message is loggeed when an inbound entry is added to the TMM internal database for an outbound connection. During normal operation, log.lsn.level must be set to "Error". This debug message only exists in 11.x.x releases.

Impact:
None.

Recommended Action:
Set sys db log.lsn.level to "Error".


01670016 : No inbound entry found for %A%%%u:%u proto:%u

Location:
/var/log/ltm

Conditions:
This debug message can be enabled by setting sys db variable log.lsn.level to "Debug". This debug message is logged when an LSN inbound connection is received, and the inbound entry is not found in the TMM internal database. During normal operation, log.lsn.level must be set to "Error".

Impact:
None.

Recommended Action:
Set sys db log.lsn.level to "Error".


01670019 : "DNAT configuration: %s"

Location:
/var/log/ltm

Conditions:
A CGNAT Deterministic NAT LSN Pool is configured and attached to an active virtual server. This log entry records the state information used by the dnatutil to reverse map LSN translations.

Impact:
Log entries are for information only.

Recommended Action:
None.


01670020 : DNAT connection: %s

Location:
/var/log/ltm

Conditions:
This error is logged if the mode in the LSN pool/AFM NAT source translation object is set to "Deterministic", and the config is changed while flows using these objects are active.

Impact:
This log message has no negative impacts. This log message is used by the "dnatutil" to reverse map the subscriber.

Recommended Action:
None.


01670021 : [%u.%u] LSN Pool %s has no usable translation address for DNAT

Location:
/var/log/ltm, /var/log/tmm

Conditions:
The deterministic NAT pool on the indicated TMM has no usable address.

Impact:
Source address translation for the virtual server using the LSN pool will fail, when client connections use the designated TMM.

Recommended Action:
Increase the number of translation addresses for the LSN Pool.


01670028 : LSN pool(%s) inbound route domain id %d\n

Location:
/var/log/ltm

Conditions:
A debug message only in the logs when the Sys DB variable log.lsn.level is set to Debug.
Displays when inbound connections are enabled on an LSN pool and the inbound route domain changes.

Impact:
There is no error condition, but the message may be useful in configurations with complex route domain relationships where the inbound route domain is not obvious.

Recommended Action:
None.


01690000 : SAMPLE: evrouted - shutdown cleanly

Location:
/var/log/ltm

Conditions:
A daemon is shutting down under expected conditions (that is, the device is being powered down or rebooted).

Impact:
This is not an error message and does not indicate a problem.

Recommended Action:
None.


016b0002 : Rewrite: %s

Location:
/var/log/ltm

Conditions:
These are informational level messages from rewrite filter:

"Initialized rewrite subsystem"
"Initialized rewrite filter"
"Uninitialized rewrite filter"
"No Content-Type header in response"
"Selected type CSS by matching Content-Type header"
"Selected type HTML by matching Content-Type header"

Normal control flow.

Messages can be obtained when log.rewrite.level is set to Informational by:

tmsh modify /sys db log.rewrite.level {value Informational}

Impact:
None.

Recommended Action:
None.


016e0002 : Execution of action '%.*s' failed, error %E

Location:
/var/log/ltm

Conditions:
This error occurs when a TMM fails to execute an LTM policy action. This condition can occur when the TMM connection flow is aborted for unknown or unforeseen reasons (for example, out of memory or extreme load), and the related tear-down workflow transitions through a temporary stale state, while running LTM policy actions that involve the workflows being disposed.

Impact:
This error often indicates a deeper problem, possibly affecting multiple subsystems within the TMM. In this instance, the execution of some LTM policy actions fail, and the underlying LTM traffic or connection cannot be shaped.

Recommended Action:
Open a support ticket.


016e0005 : Unable to resume pending policy event on connflow %F

Location:
/var/log/ltm

Conditions:
A policy event is triggered while another event is executing. The flow is then terminated, for another reason, before the pending policy event is executed.

Impact:
The policy event is not executed due to the corresponding traffic flow no longer existing. Actions triggered in that event (example: logging) will not execute.

Recommended Action:
None.


016e0006 : Pending policy event missmatch found for %F

Location:
/var/log/ltm

Conditions:
A parked policy event is attempting to resume. However, the corresponding traffic flow information disagrees with the saved state. This internal inconsistency should never occur, but if detected, the policy event will abort.

Impact:
An unknown issue is causing parked policy events to resume incorrectly. This will cause the actions triggered in that policy to not occur. The incorrect resuming flow will also be terminated.

Recommended Action:
None.


01700000 : PPTP CALL-REQUEST id;%d from;%A%%%u to;%A nat;%A%%%u ext-id;%d

Location:
/var/log/ltm

Conditions:
The client has sent an outgoing call request.

Impact:
This log entry is for information purposes only.

Recommended Action:
None.


01700001 : PPTP CALL-START id;%d from;%A%%%u to;%A nat;%A%%%u ext-id;%d

Location:
/var/log/ltm

Conditions:
The server has responded with an outgoing call reply indicating that the call was successful.

Impact:
This log entry is for information purposes only.

Recommended Action:
None.


01700002 : PPTP CALL-END id;%d reason;%d from;%A%%%u to;%A nat;%A%%%u ext-id;%d

Location:
/var/log/ltm

Conditions:
The control channel was terminated.

Impact:
This log entry is for information purposes.

Recommended Action:
None.


01700005 : Error creating PPTP-GRE local flows, error %E.

Location:
/var/log/ltm

Conditions:
Creating a GRE flow, and error conditions such as low memory, internal database error, or software bug.

Impact:
GRE flow cannot be created, so the connection cannot complete.

Recommended Action:
If there are no other errors about low memory conditions, then contact support.


01700009 : Unable to locate flow %F.

Location:
/var/log/ltm

Conditions:
Unable to look up PPTP flow that the Application Level Gateway expects to be in the system.
The flow has been removed from the system, for example deleted from the connection table in tmsh, or expired.

Impact:
This message does not indicate an error.

Recommended Action:
None.


0170000a : Received an unexpected PPTP Control Message(%s) while processing connflow %F. Reason: %s.

Location:
/var/log/ltm

Conditions:
A call-clear-request message was received but there was no existing GRE tunnels or pending calls.

Impact:
A call-clear-request will have no impact since there are no tunnels to terminate.

Recommended Action:
None.


0170000b : Connflow(%F) has no peer, ignoring.

Location:
/var/log/ltm

Conditions:
No peer is found for the GRE flow. The peer flow may have already been removed from the flow table.

Impact:
The GRE flow is not processed.

Recommended Action:
None.


01700020 : Unable to locate PPTP GRE flow with %s key %d while processing connflow %F.

Location:
/var/log/ltm

Conditions:
Unable to look up a call-id for a GRE flow that the system expects to exist. This is an internal software error.

Impact:
Packet is dropped and drop count is incremented.

Recommended Action:
If the PPTP Application Level Gateway is not functioning correctly, then contact support. Otherwise, it is safe to ignore the error.


01700021 : Unable to retrieve layer 3 header from packet while processing connflow %F.

Location:
/var/log/ltm

Conditions:
The layer 3 header could not be found in the GRE packet.

Impact:
The packet with the missing header will be dropped.

Recommended Action:
None.


01700023 : Connflow (%F) ignoring an unexpected MPI remote flow response.

Location:
/var/log/ltm

Conditions:
An MPI response was received when one was not expected.

Impact:
None.

Recommended Action:
None.


01700028 : Unable to find serverside PPTP flow for clientside flow %F.

Location:
/var/log/ltm

Conditions:
GRE flows have expired, and an attempt was made to remove the PPTP serverside flow, but it could not be found. This probably occurred because the PPTP serverside flow had already been removed.

Impact:
None.

Recommended Action:
None.


01700029 : PPTP DSLITE-CALL-REQUEST id;%d from;%A%%%u,%A%%%u to;%A nat;%A%%%u ext-id;%d

Location:
/var/log/ltm

Conditions:
The DSLITE client has sent an outgoing call request.

Impact:
This log entry is for information purposes only.

Recommended Action:
None.


01700030 : PPTP DSLITE-CALL-START id;%d from;%A%%%u,%A%%%u to;%A nat;%A%%%u ext-id;%d

Location:
/var/log/ltm

Conditions:
The server has responded with an outgoing call reply indicating that the call was successful.

Impact:
This log entry is for information purposes only.

Recommended Action:
None.


01700031 : PPTP DSLITE-CALL-END id;%d reason;%d from;%A%%%u,%A%%%u to;%A nat;%A%%%u ext-id;%d

Location:
/var/log/ltm

Conditions:
The DSLITE client control channel was terminated.

Impact:
This log entry is for information purposes only.

Recommended Action:
None.


01700032 : PPTP DSLITE-CALL-FAILED id;%d reason;%d from;%A%%%u,%A%%%u to;%A nat;%A%%%u ext-id;%d

Location:
/var/log/ltm

Conditions:
The DSLITE tunnel client outgoing call request failed.

Impact:
This log entry is for information purposes only.

Recommended Action:
None.


01740018 : Profile PCP error: Invalid operation for %s.

Location:
/var/log/ltm

Conditions:
An invalid operation was attempted on a PCP profile.

Impact:
This operation will not be performed.

Recommended Action:
None.


01740023 : Profile PCP error: PCP %s missing from message.

Location:
/var/log/ltm

Conditions:
A name was not provided for the PCP profile or prefix.

Impact:
You will need to provide a name for the PCP profile or prefix.

Recommended Action:
None.


01740036 : PCP: Invalid %s Option length, Expected %lu, Found %d - Client %A rtid %d

Location:
/var/log/ltm

Conditions:
Incorrect length of PCP filter, third party, or prefer failure, options.

Impact:
A PCP error response packet will be sent.

Recommended Action:
None.


01740039 : PCP Request: Client %A - OpCode %s(%d), Lifetime:%u, Packet Length:%lu

Location:
/var/log/ltm

Conditions:
A PCP request packet was received.

Impact:
None.

Recommended Action:
None.


017b0009 : IVS (connecting from parent %F): Internal virtual server %s received injected message %s with data %#x

Location:
/var/log/ltm

Conditions:
An unusual event occurred, indicating some kind of corner case was triggered (not necessarily an error).

Impact:
The internal virtual server received an internal message that did not originate in the parent virtual server, but was injected directly by TMM infrastructure. The message and an associated value are reported.

Recommended Action:
This is a debug message that is useful for debugging issues with an internal virtual server (IVS). If you were asked by F5 Support to set log.ivs.level to "debug" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.ivs.level below the "debug" level.


01810004 : %s

Location:
/var/log/ltm

Conditions:
This is a generic error message that could indicate a variety of error conditions related to the guestagentd daemon, which runs on vCMP guests.

Impact:
Impact varies depending on the specified error string. The error string itself will provide additional information about impact. In general the impact of guestagentd errors will be that host<->guest stat channel communication might not work properly, and host mounted ISOs might not show up in the guest.

A few examples:
"Error on vmchannel respawn. Vmchannel will be unavailable."
"Failed to initialize REST server."
"Failure getting lock on vcmp shared memory prompt block while attempting to pass token to host:"
"error forking vmchannel proxy process: "

Recommended Action:
Workaround varies depending on the specified error string. The error string itself might provide information about possible workaround.

Restarting guestagentd in the guest (bigstart restart guestagentd) might help resolve the errors. A full restart of the guest might also resolve the issues.


01810007 : "%s"

Location:
/var/log/ltm

Conditions:
This message can appear under a few different conditions.

"Constructing a new GuestAgentDHeartbeat"
This informational log means that guestagentd is setting up its heartbeat.

"Exit flags for PID 9676: 0x500"
This informational log means that one of the child processes called by guestagentd has exited, and outputs the PID and exit flags of that process.

"Rest request failed: {"code":400,"message":"Duplicate item. Key already exists: name : auth-token-admin","originalRequestBody":"{\"uuid\":\"bc6a86e0-c285-46dd-9c77-d5ed85436f67\",\"user\":{\"link\":\"https://localhost/mgmt/shared/authz/users/admin\"},\"timeout\":300,\"address\":\"127.0.0.1\",\"generation\":1,\"lastUpdateMicros\":1401988953031700,\"kind\":\"shared:authz:tokens:authtokenitemstate\",\"selfLink\":\"https://localhost/mgmt/shared/authz/tokens/bc6a86e0-c285-46dd-9c77-d5ed85436f67\"}","referer":"/127.0.0.1:38280","restOperationId":145308,"errorStack":["java.lang.IllegalArgumentException: Duplicate item. Key already exists: name : auth-token-admin","at com.f5.rest.common.RestCollectionWorker.onRequest(RestCollectionWorker.java:533)","at com.f5.rest.common.RestServer.trySendInProcess(RestServer.java:234)","at com.f5.rest.common.RestRequestSender.send(RestRequestSender.java:498)","at com.f5.rest.common.RestRequestSender.sendRequest(RestRequestSender.java:430)","at com.f5.rest.common.RestRequestSender.s"
This log indicates an error condition means that a REST request used by the host-guest stat communication channel has failed for the reason specified.

"Unable to open prompt status device. It may not be supported by current hypervisor"
This error log means the guest prompt status might not work due to an unsupported hypervisor.

Impact:
Most of these messages just provide information. The rest of the request failed messages might indicate a problem with the host/guest stats communication, the sharing of host and guest statistics, and the use of block-device-images in the guest. A prompt status message means that the status of the guest prompt will not show up in the hypervisor.

Recommended Action:
None.


01810008 : %s

Location:
/var/log/ltm

Conditions:
These messages provide supplementary information when guestagentd debug logging is enabled. They do not indicate an error condition.

"Registering child callback for PID: X"
"X seconds elapsed since last hb"
"Primary slot ID: X"
"Got token: "
"Receiving update for image from a different slot (0), or we don't know our slot yet. Ignoring..."
"Software block device image deleted by MCP: "
"Removal of software block device image"
"Software block image from MCP added: "
"Receiving update for hotfix from a different slot"
"Software block device hotfix deleted by MCP: "
"Removal of software block device hotfix"
"Software block hotfix from MCP added: "
"Deleting the Heartbeat object"

Impact:
None.

Recommended Action:
None.


01820004 : %s

Location:
/var/log/ltm

Conditions:
This message can indicate a few different issues related to the host/guest communication channel.

Impact:
"Pending guest rest request count exceeds threshold.Clearing pending request queue."
This informational log indicates that there are too many REST requests for the host/guest communication, and that the queue is being cleared.

"Unable to copy from hal token segment: "
This error log indicates that hostagentd was unable to read the hal token in order to read guest stats. Guest stats might not be visible on the hypervisor.

"Unable to subscribe to stats directory: cluster"
This message indicates that hostagentd was unable to subscribe to the specified stat directory, and that it will try again. Stats from the specific directory might not be available.

Recommended Action:
None.


01830003 : Unable to find a flow for remote vtep %A%%%u, tunnel name = %s.

Location:
/var/log/ltm

Conditions:
A network virtualization tunnel (for example, VXLAN, NVGRE) is unable to find a suitable flow to send packets to a remote endpoint.

Impact:
The packets for a remote endpoint are dropped.

Recommended Action:
The recommendation is to check the configurations of a network virtualization tunnel and make sure that the corresponding tunnel FDB records are configured properly.


01830004 : Tunnel output has a potential loop for remote endpoint %A%%%u, tunnel name = %s.

Location:
/var/log/ltm

Conditions:
A tunnel output has a potential loop inside the TMM for a remote endpoint.

Impact:
The packets for a remote endpoint are dropped.

Recommended Action:
The recommendation is to check the configurations (for example, tunnel's remote-address, route settings) and make sure that there is no ill-formed routing loop inside the TMM caused by the configurations.


01850027 : MR: Proxy missing for %s %s

Location:
/var/log/ltm

Conditions:
When attempting to create an outgoing connection, a preloaded proxy was not found (for the specified virtual or transport-config).

Impact:
The system is unable to create an outgoing connection for forwarding a route to the specified endpoint. The message will fail routing and be returned to the originating connection.

Recommended Action:
None.


01850028 : MR: Message drop due to wrong Hop-by-Hop ID (%u)

Location:
/var/log/ltm

Conditions:
The wrong Hop-by-Hop ID is returned by the peer.

Impact:
Peer response is dropped.

Recommended Action:
Check the peer that sends the wrong Hop-by-Hop ID.


01860000 : MR SIP: %s returned error: %lE

Location:
/var/log/ltm. May be changed by user

Conditions:
SIP processing issued a debugging log message.

Impact:
None.

Recommended Action:
None.


01860001 : MR SIP: %s

Location:
/var/log/ltm. May be changed by user

Conditions:
SIP encountered a major error.

Impact:
The system might not be processing SIP traffic.

Recommended Action:
Restart the system if SIP traffic is not being processed. Please contact F5 Support for assistance with this error if it occurs again.


01860002 : MR SIP: Missing header %s in the message

Location:
Defaults to /var/log/ltm. May be changed by user

Conditions:
A SIP message was encountered that was missing the specified required header.

Impact:
The SIP message will not be processed.

Recommended Action:
Remove the source of defective SIP messages.


01860003 : MR SIP: Decrypt branch parameter failed with error : %lE

Location:
/var/log/tmm

Conditions:
The BIG-IP system encountered an error while decrypting a branch paramater in a via to a SIP message.

Impact:
The message will not be processed.

Recommended Action:
None.


01860004 : MR SIP: Encrypt branch parameter failed with error : %lE

Location:
/var/log/tmm

Conditions:
The BIG-IP encountered an error while encrypting a branch paramater to add a via to a SIP message.

Impact:
The SIP Message will not be sent out of the BIG-IP system.

Recommended Action:
None.


01860005 : MR SIP: %s

Location:
Defaults to /var/log/ltm. May be changed by user

Conditions:
This is not currently used.

Impact:
None.

Recommended Action:
None.


01860006 : MR SIP: Invalid config attribute %s in profile %s

Location:
/var/log/ltm. May be changed by user

Conditions:
An invalid setting for the specified configuration item has been found in the profile.

Impact:
The part of the configuration that is noted as invalid and will not be functional.

Recommended Action:
Correct the invalid part of the configuration.


01860007 : MR SIP: Generated response was not sent '%d - %s' (%F)

Location:
/var/log/tmm

Conditions:
While processing a SIP Request, a SIP Protocol error response condition was encountered in the BIG-IP system. An error response was not sent, either due to the configuration or the error is unrecoverable.

Impact:
The SIP request will not be sent out of the BIG-IP system.

Recommended Action:
Check the status of the configuration item generate response on error.


01860008 : MR SIP: Generated response SENT '%d - %s' (%F)

Location:
/var/log/tmm

Conditions:
While processing a SIP Request, a SIP Protocol error response was generated by the BIG-IP system and sent to the requestor.

Impact:
The SIP request will not be sent out of the BIG-IP system.

Recommended Action:
Rectify the issue that caused the issue.


01860009 : MR SIP: Media flow creation (%F)<->(%F) failed due to collision

Location:
/var/log/tmm

Conditions:
The desired media flow endpoints are in use.

Impact:
The media flow was not created.

Recommended Action:
Try to establish the media flow again.


0186000a : MR SIP: Parse error reading number for %s value near %d. Status Code %d

Location:
/var/log/ltm. May be changed by user

Conditions:
MRF SIP parser encountered a invalid number when parsing a SIP message.

Impact:
The invalid SIP message will not be processed. If the message is a SIP Request, an error response will be sent if configured.

Recommended Action:
Remove the source of the invalid SIP messages.


0186000b : MR SIP: Parse error bad sip protocol version in headline near %d. Status Code %d

Location:
/var/log/ltm. May be changed by user

Conditions:
The SIP parser encountered a message with an invalid or unsupported SIP protocol version in a message Headline.

Impact:
The message will not be processed.

Recommended Action:
Eliminate the messages containing invalid or unsupported SIP protocol version in a message Headline.


0186000c : MR SIP: Parser error invalid or malformed uri in headline near %d. Status Code %d

Location:
/var/log/ltm. May be changed by user

Conditions:
SIP Parser parses a SIP message containing a URI that can not be handled.

Impact:
The message will not be processed. If the message is a SIP Request, a 416 error response message will be sent if configured.

Recommended Action:
Eliminate the source of SIP messages that have URI's that cannot be handled.


0186000d : MR SIP: Parser error invalid headline near %d. Status Code %d

Location:
/var/log/tmm

Conditions:
SIP Parser encountered a SIP message with an invalid headline.

Impact:
The SIP message will not be processed.

Recommended Action:
Eliminate the source of invalid SIP messages.


0186000e : MR SIP: Parser error too many header near %d. Status Code %d

Location:
/var/log/ltm. May be changed by user

Conditions:
MR SIP parser encountered a message with more header lines than the configured maximum.

Impact:
The message will not be processed. If the message is a request, a 413 error response will be sent if configured.

Recommended Action:
Increase the limit on number of headers or eliminate the source of messages with too many headers.


0186000f : MR_SIP: Parser error extraneous header field near %d. Status Code %d

Location:
/var/log/tmm

Conditions:
SIP Parser encounters a header that has too many fields.

Impact:
The message will not be processed. If the message is a request, a 400 error response will be sent if configured.

Recommended Action:
Eliminate the source of the defective SIP messages.


01860010 : MR_SIP: Parser error header too large near %d. Status Code %d

Location:
/var/log/tmm

Conditions:
MR SIP Parser encounter a message with a header line that is too long.

Impact:
The defective message will not be processed. If the message is a request, a 413 error response will be sent if configured.

Recommended Action:
Eliminate the source of the message with overly long header lines. The max header size and max message size can be increased.


01860011 : MR_SIP: Parser error missing header code %d. Status Code %d

Location:
/var/log/ltm. May be changed by user

Conditions:
The SIP parser has encountered a message that is missing a required header.

Impact:
SIP will not process the faulty message. A 400 error response will be sent if the message is a request and this option is configured.

Recommended Action:
Eliminate the source of the defective messages.


01860012 : MR_SIP: Parser error CSEQ method does not match headline tag %s : %s. Status Code %d

Location:
/var/log/ltm. May be changed by user

Conditions:
The BIG-IP system parses a SIP Request where the method in the CSEQ line does not match.

Impact:
The BIG-IP system does not process the faulty SIP Request.

Recommended Action:
None.


01860013 : MR_SIP: Parser max-forwards value has reached zero. Status Code %d

Location:
/var/log/ltm. May be changed by user

Conditions:
A SIP Request message is parsed that has has exceeded the allowed number of max-forwards.

Impact:
The Request will not be processed. If configured, a 483 Response message will be generated and returned to the Request Sender.

Recommended Action:
Do not send SIP Requests that exceed the allowed number of max-forwards.
Reconfigure the BIG-IP system to disable the max-forwards check.


01860014 : MR_SIP: Server in maintence mode. Status Code 503

Location:
/var/log/ltm. May be changed by user

Conditions:
A SIP Message was received when maintenance mode was configured.

Impact:
The SIP Message will not be processed. If configured, a 503 response will be generated.

Recommended Action:
Reconfigure the BIG-IP system and remove the maintenance mode setting.


01860015 : MR_SIP: Loop detected. Status code 482

Location:
/var/log/ltm. May be changed by user

Conditions:
The SIP message processing detected a loop in SIP network routing.

Impact:
The SIP Request will not be processed. If configured, a 482 response will be generated.

Recommended Action:
Correct the SIP network topology to eliminate routing loops.


01860016 : MR_SIP: Missing Media Connection atributes. Status Code 488

Location:
/var/log/ltm. May be changed by user

Conditions:
A SIP Message containing SDP lacking connection attributes was encountered.

Impact:
The SIP message will not be processed. If configured, a 488 response will be generated.

Recommended Action:
Do not allow invalid SIP messages to flow into the BIG-IP system.


01860017 : MR_SIP: Too many media sessions %d / %d. Error Code %d

Location:
/var/log/ltm. May be changed by user

Conditions:
Too many SIP media sessions have been established for the current configuration.

Impact:
SIP media session will be denied. A 488 SIP response message will be sent if configured.

Recommended Action:
Wait for media session load to decrease or modify the configuration to increase the allowed SIP media sessions.


01860018 : MR_SIP: Ingress message queue full, current message dropped (flow %F)

Location:
/var/log/ltm

Conditions:
Messages are being received faster than they can be processed. There is asynchronous iRule processing occurring during a SIP or MR iRule event, and while the iRule script is running, additional messages are received.

Impact:
Once the queue exceeds the limit, additional messages are dropped.

Recommended Action:
Rewrite the iRule script to avoid asynchronous operations.


01860019 : MR_SIP: Ingress message queue full, closing TCP window (flow %F)

Location:
/var/log/ltm

Conditions:
Messages are being received faster than they can be processed. There is asynchronous iRule processing occurring during a SIP or MR iRule event, and while the iRule script is running, additional messages are received.

Impact:
Once the queue exceeds the limit, the TCP window begins to close.

Recommended Action:
Rewrite the iRule script to avoid asynchronous operations.


0186001a : MR_SIP: Ingress message queue draining, opening TCP window (flow %F)

Location:
/var/log/ltm

Conditions:
Messages are being processed faster than they are being received.

Impact:
The TCP window is reopened.

Recommended Action:
None.


01860026 : MR SIP: invalid address: %A

Location:
/var/log/ltm

Conditions:
Traffic has been sent to an invalid address.

Impact:
Traffic cannot be sent to an invalid address.

Recommended Action:
None.


01860027 : MR SIP: Rejecting SIP registration request due to PBA Block timeout blackout. %d seconds left in block, %d-second blackout period

Location:
/var/log/tmm

Conditions:
A SIP ALG is configured with an LSN pool in PBA mode with a block timeout. A registration request is received by the BIG-IP system when the timeout of the active PBA block is too close.

Impact:
The SIP registration request is rejected by the BIG-IP system. A SIP failure response will be generated by the BIG-IP system, if configured. This message is logged if the log is configured to do so.

Recommended Action:
Reconfigure the BIG-IP system so that there is not an LSN pool in PBA mode with a block timeout being used by a SIP ALG.


01860028 : MR SIP: Backdown of SIP registration request expiry due to PBA Block timeout. %d -> %d in message

Location:
/var/log/tmm

Conditions:
A SIP ALG is configured with an LSN pool in PBA mode with a block timeout. A registration request is received by the BIG-IP system when the remaining timeout of the active PBA block is less than the requested expiration time of the registration.

Impact:
The SIP register request will be re-written so that the expiration is less than the remaining timeout of the active PBA block.

Recommended Action:
Reconfigure the BIG-IP system so that there is not an LSN pool in PBA mode with a block timeout being used by a SIP ALG.


01860029 : MR SIP: Re-writing SIP REGISTER response expiration value from registrar due to PBA Block timeout. %d -> %d

Location:
/var/log/tmm

Conditions:
A SIP ALG is configured with an LSN pool in PBA mode with a block timeout. A registration response is received by the BIG-IP system when the timeout of the active PBA block is less then the expiration value of the registration response.

Impact:
The SIP register response will be re-written so the expiration is less than the remaining timeout of the active PBA block.

Recommended Action:
Reconfigure the BIG-IP system so that there is not an LSN pool in PBA mode with a block timeout being used by a SIP ALG.


0186002a : MR_SIP: Non-SIP message received. Client connection %F is in fail_open_enabled state

Location:
/var/log/ltm

Conditions:
The fail-open configuration in SIP ALG virtual is turned on, and the first message is a non-SIP message.

Impact:
The client side's connection is in fail-open mode. The non-SIP traffic will pass-through this connection.

Recommended Action:
Turn off the fail-open mode configuration in the SIP ALG session profile.


0186002b : MR_SIP: Server side connection %F is established and in fail_open_enabled state

Location:
/var/log/ltm

Conditions:
The fail-open configuration is turned on in SIP ALG session profile, and the first message is a non-SIP message.

Impact:
The fail-open mode server side connection will be established.

Message is informational only

Recommended Action:
None.


0186002c : MR_SIP: Fail_open_enabled state %s side connection: %F is torn down or aborted, reason: %lE

Location:
/var/log/ltm

Conditions:
The fail-open configuration is turned on in ALG SIP virtual and the fail-open is turned on in SIP session profile.

Impact:
The fail-open connection is torn down or aborted, with the reason specified in the log.

Recommended Action:
None.


01890008 : Postgres stopped with a non-zero status (%d).

Location:
/var/log/ltm

Conditions:
When pgadmind shuts down postgres with errors, the following message will be logged:
"Postgres stopped with a non-zero status (<postgres_exit_code>)"

Exit code = 1 means a fatal error occurred, which could be caused by errors like "out of memory", "no space left on device", etc.

Refer to postgres documentation to get more information about exit codes.

Impact:
Modifying a firewall-related configuration in mcpd database could be a problem.

Recommended Action:
1. Execute bigstart restart pgadmind mcpd.
2. Inspect /var/log/ltm file for messages from postgres.


0189000b : Shutting down postgres.

Location:
/var/log/ltm

Conditions:
When postgres is shutting down by pgadmind, the following notice message will be logged.

"pgadmind: 0189000b:5 Shutting down postgres."

Impact:
None.

Recommended Action:
None.


018e0002 : %s

Location:
/var/log/ltm

Conditions:
This message is generated when the sdmd daemon exits normally, for example, by using "bigstart restart sdmd", or, when the ILX feature changes from the state of being provisioned to not being provisioned.

Impact:
The sdmd daemon manages Node.js processes for the iRulesLX feature. If sdmd is not running, then the iRulesLX feature is not operational.

Recommended Action:
If ILX is provisioned, and sdmd is not running, from the BIG-IP shell, enter "bigstart start sdmd".


018e0005 : Exiting, received shutdown signal

Location:
/var/log/ltm

Conditions:
This message is generated when the sdmd daemon receives a sigint, sigterm, or sigquit signal. This will happen normally when the sdmd daemon is stopped or restarted by using the bigstart command, bigstart restart sdmd, bigstart stop sdmd, or when the ILX feature is unprovisioned. The sdmd daemon logs this message during a normal shutdown.

Impact:
The sdmd daemon supports the iRulesLX feature. If the sdmd daemon is not running, iRulesLX is not operational.

Recommended Action:
If ILX is provisioned and the sdmd deamon is not running, from the BIG-IP shell enter "bigstart start sdmd".


018e0017 : %s

Location:
/var/log/ltm
If the ILX plugin extension is configured with ilx-logging enabled, the log message goes to /var/log/ilx/<partition>.<Plugin>.<extension>.

Conditions:
This is a log message generated by an iRulexLX Node.js plugin process that writes to stdout, using the Node.js console.log() API. The F5 sdmd daemon captures all stdout from the Node.js process, and logs it using the BIGIP_SDMD_SDMD_PLUGIN_LOG_MSG_INFO message.

Impact:
User defined.

Recommended Action:
User defined.


018e001d : %s

Location:
/var/log/ilx/<Partition>.<plugin>.<extension>, /var/log/ltm

Conditions:
Error: Out of sync with MCPD. Datagroup [DG-NAME] is not in local storage

The error message will trigger if SDMD local version of ILX configuration (data-groups) goes out of sync with MCPD.

If this happens, there is likely a bug in SDMD (or MCPD) that resulted in SDMD local configuration storage go out of sync with MCPD.

Impact:
When the "OUT OF SYNC" issue happens, the SDMD will be aborted, which in turn will cause all ILX plugins to be restarted (and all active connections stalled or terminated).

Recommended Action:
None.


018e001e : %s

Location:
/var/log/ltm

Conditions:
The files in /var/run/tmm.mp.* are used to create shared memory keys, which are used by the tmm and plugins for the purpose of a shared memory rendezvous. This allows the tmm and plugins to communicate using shared memory. The error message indicates that either a file in /var/run/ with the prefix tmm.mp.ilx could not be removed or the associated shared memory could not be removed. The files and shared memory are removed when sdmd starts and shuts down.

Impact:
The files are zero length in size, but if they were to accumulate indefinitely they could exhaust available inodes in the file system. If the shared memory cannot be removed then the BIG-IP could run out of host memory or shared memory kernel resources.

Recommended Action:
If the error message indicates that files cannot be removed, stop the sdmd daemon using "bigstart stop sdmd", then examine the files in /var/run/tmm.mp.ilx* to determine why they cannot be removed. If the error message indicates there was a problem removing a shared memory segment, then reboot the BIG-IP System.


01900006 : Profile SCTP error: SCTP %s missing from message.

Location:
/var/log/ltm

Conditions:
The SCTP profile name is missing when the control plane sent the multi-homing addresses for SCTP profile.

Impact:
The multi-homing SCTP profile won't be set correctly for the virtual server.

Recommended Action:
None.


01900020 : SCTP %s association (%F) confirmed peer transport address %la.

Location:
/var/log/ltm

Conditions:
When the TMM has successfully received heartbeat ACK from peer.

Impact:
The heartbeat ack has been successfully received by TMM. This indicates that the heartbeat to the peer is working.

Recommended Action:
None.


01900021 : SCTP %s association (%F) peer transport address %la not confirmed, path %F inactive.

Location:
/var/log/ltm

Conditions:
The association to the remote peer is not working. The path to the remote peer is not working and is inactive.

Impact:
The path to the destination peer is inactive, and the association to the remote peer is not working. The following message is logged: The SCTP clientside or serverside association <flow-key> peer transport adddress <remote-address> not confirmed, the path <dst-flow-key> inactive.

Recommended Action:
None.


01900022 : SCTP %s association (%F) %s path %F failed (path-retransmit-exceeded).

Location:
/var/log/ltm

Conditions:
When sending SCTP data or heartbeat through the path, but a response is not received, and retransmission of the data exceeds the maximum retransmit number.

Impact:
The maximum retransmit through the path has been exceeded. This could happen when TMM sent the SCTP data or heartbeat through the path, but did not get response and the retransmit time has exceeded the maximum retransmit number.

Recommended Action:
None.


01900023 : SCTP %s association (%F) %s path %F failed (destination unreachable).

Location:
/var/log/ltm

Conditions:
An ICMP error is received that indicated that the association's primay/backup path to the destination failed (destination unreachable).

Impact:
The primay/backup path to the destination is unreachable.

Recommended Action:
None.


01900024 : SCTP %s association (%F) path %F restored.

Location:
/var/log/ltm

Conditions:
TMM has received data or heartbeat ack from peer.

Impact:
SCTP clientside or serverside association path has been restored.

Recommended Action:
None.


01900025 : SCTP %s association (%F) primary path changed to %F.

Location:
/var/log/ltm

Conditions:
The association's old primary path is not working, and then changed the primary path to another.

Impact:
The association's primary path changed to a new one.

Recommended Action:
None.


01900026 : SCTP %s association (%F) path %F usable.

Location:
/var/log/ltm

Conditions:
TMM has received SCTP data or Heartbeat Ack through the association's path and determines that the path is usable.

Impact:
TMM has determines that the association's path is usable.

Recommended Action:
None.


01900027 : SCTP %s association (%F) %s path %F not usable (path-retransmit-exceeded).

Location:
/var/log/ltm

Conditions:
Either the data or the Heartbeat has been sent the the destination, but never got a response, and the retransmit exceeded the maximum allowed.

Impact:
The path is unusable for the association because that path's retransmit has exceeded the maximum allowed.

Recommended Action:
None.


01900028 : SCTP %s association (%F) %s path %F not usable (destination unreachable).

Location:
/var/log/ltm

Conditions:
TMM detects that the SCTP association's path to the destination is unreachable.

Impact:
Logs a message to indicate that the SCTP association to the destination through the path is unreachable.

Recommended Action:
None.


01900029 : SCTP %s association (%F) failed (association-retransmit-exceeded).

Location:
/var/log/ltm

Conditions:
Retransmit exceeded the maximum allowed in the following cases when sent through the association:
case 1: Sent SCTP SHUTDOWN or SCTP SHUTDOWN ACT to destination.
case 2: Retransmit data.
case 3: Sent Heartbeat through the association, expected heartbeat ACK.
case 4: Sent zero-window probe through the association.

Impact:
The SCTP association failed due to the retransmission through the association exceeding the maximum allowed.

Recommended Action:
None.


01900030 : SCTP %s association (%F) initialization failed (init-retransmit-exceeded).

Location:
/var/log/ltm

Conditions:
The SCTP association's initialization failed because the sending of the INIT chunk exceeded the max retransmission allowed.

Impact:
The SCTP association's initialization failed.

Recommended Action:
None.


01900031 : SCTP %s association (%F) aborted by peer.

Location:
/var/log/ltm

Conditions:
Either the ABORT chunk type or an ICMP protocol unreachable message was received from a peer.

Impact:
The peer aborted the SCTP association.

Recommended Action:
None.


01900032 : SCTP %s association (%F) aborted (%s).

Location:
/var/log/ltm

Conditions:
When CHUNK data is received and the stream ID is found to be out of range, or when sending SCTP data and the stream ID is found to be out of range.

Impact:
The SCTP association is aborted.

Recommended Action:
None.


01910001 : Tmrouted starting.

Location:
/var/log/ltm

Conditions:
Startup of the tmrouted daemon. Typically this occurs when dynamic routing is first enabled, and whenever the BIG-IP system restarts with dynamic routing is enabled. It will also be seen anytime the tmrouted is restarted.

Impact:
This is a notice that the tmrouted daemon is starting up. Usually no action is required.
Unexpected tmrouted restarts indicate an issue with tmrouted that might cause interruptions in routing, and loss of dynamic routes.

Recommended Action:
When unexpected tmrouted restarts occur, examine the logs for other tmrouted messages that might indicate the cause of the restart. Also look for tmrouted cores in /shared/cores.


01910014 : FATAL error: non_initial state (%d) and some state vars are unknown (cluster: %d, primary: %d)

Location:
var/log/ltm

Conditions:
Message logged by tmrouted daemon.
License state is unknown, or when routing license expired on the standby.

Impact:
Tmrouted will shutdown, but should be restart by SOD. This should only happen on the standby.

Recommended Action:
Renew licenses before they expire.


01910030 : FATAL error: failed to set timer %p at %s:%d

Location:
/var/log/ltm

Conditions:
tmrouted fails to set a heartbeat timer.

Impact:
The timer is not set.

Recommended Action:
Restart tmrouted.


01910031 : FATAL error: failed to clear timer %p at %s:%d

Location:
/var/log/ltm

Conditions:
tmrouted fails to clear a heartbeat timer.

Impact:
Timer is not cleared.

Recommended Action:
Restart tmrouted.


01910032 : FATAL error: attempt to set already active timer %p at %s:%d

Location:
/var/log/ltm

Conditions:
tmrouted attempts to set a timer which is already active.

Impact:
The timer will not be set.

Recommended Action:
Restart tmrouted.


01910033 : FATAL error: attempt to clear inactive timer %p at %s:%d

Location:
/var/log/ltm

Conditions:
tmrouted attempts to clear an inactive timer.

Impact:
The timer does not clear.

Recommended Action:
Restart tmrouted.


01910034 : FATAL error: attempt to clear wrong timer %p at %s:%d

Location:
/var/log/ltm

Conditions:
tmrouted attempts to clear the wrong timer.

Impact:
The timer does not be clear.

Recommended Action:
Restart tmrouted.


01910035 : FATAL error: timer array exceeded

Location:
/var/log/ltm

Conditions:
tmrouted attempts to set a new timer, but the maximum allowed number of timers has already been reached.

Impact:
The timer is not set.

Recommended Action:
Restart tmrouted.


01910036 : FATAL error: RHI failed to send %s request.

Location:
/var/log/ltm

Conditions:
The MCP and tmrouted daemon communication channel is not properly established.

Impact:
If the MCP channel is broken, the MCP request to get the FW NAT objects/addresses is not sent to mcpd. Therefore, the tmrouted daemon might not advertise FW NAT-related addresses (source or destination) on restart.

Recommended Action:
None.


01910050 : error on cluster socket %d in state %d: %s

Location:
/var/log/ltm

Conditions:
The tmrouted daemon encountered a socket error when trying to connect to the primary blade.

Impact:
Functionality of tmrouted could be affected.

Recommended Action:
Restart tmrouted, file a bug, and document the condition of the error.


01910202 : failed to add attribute %u to NETLINK message. got: %d need: %zu

Location:
/var/log/ltm, tmrouted reports

Conditions:
Example:
failed to add attribute <name> to NETLINK message. got: <length> need: <length>

tmrouted failed to add attribute to the netlink message. If this happens, it could mean that the netlink message attribute was incorrectly constructed, or corrupted.

Impact:
tmrouted will fail to construct the netlink message, impacting routing.

Recommended Action:
Consider running tmrouted in debug mode, and capture the offending attribute, correct the offending attribute as appropriate, and file a bug.


01910204 : memory allocation failed for %s: trying %zu bytes

Location:
/var/log/ltm, tmrouted reports

Conditions:
When tmrouted failed to allocate memory for netlink messages. If this happens, the box is probably out of memory and the problem is elsewhere.

Impact:
Route changes will fail.

Recommended Action:
Use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting these process(es), saving the core(s), and filing a bug.


01910300 : HA daemon heartbeat disabled. Last value is %u.

Location:
/var/log/ltm

Conditions:
The tmrouted daemon is only registered with the HA failover subsystem when dynamic routing protocols are configured. When disabling the last routing protocol, the tmrouted daemon will deregister with the HA system and log this message.

Impact:
None.

Recommended Action:
None.


01910301 : HA daemon heartbeat enabled with %us period. Last value is %u.

Location:
/var/log/ltm

Conditions:
The tmrouted daemon is only registered with the HA failover subsystem when dynamic routing protocols are configured. When the first routing protocol is enabled, the tmrouted daemon will register with the HA system, and log this message.

Impact:
None.

Recommended Action:
None.


01910600 : Suppressing route %s matching admin network.

Location:
/var/log/ltm

Conditions:
Log as informational when the admin ip network matches an incoming dynamic route, and the BIG-IP system is suppressing the update of the dynamic route to the kernel, so that the admin network is not replaced with the dynamic route.

Impact:
None.

Recommended Action:
None.


01910601 : Unsuppressing route %s matched previous admin network.

Location:
/var/log/ltm

Conditions:
When the admin ip network changed, and the BIG-IP system is putting previously suppressed dynamic route back into the kernel.

Impact:
None.

Recommended Action:
None.


01910602 : Failed to suppress route %s matching admin network.

Location:
/var/log/ltm

Conditions:
When a BIG-IP system attempts to remove the kernel route that matches an admin ip network, and unspecific failure occurs.

Impact:
It is possible the admin ip network was replaced in the kernel.

Recommended Action:
Check that the admin ip network is in the kernel, and add it back if necessary.


01910603 : Withdrawing route %s matching admin network not suppressed.

Location:
/var/log/ltm

Conditions:
When a BIG-IP system tries to remove a route from the kernel that matched the admin ip network, and it should be suppressed, but was not.

Impact:
Informational.

Recommended Action:
Verify that the admin ip network route is on the BIGIP system.


01910604 : New route %s matching admin network already suppressed.

Location:
/var/log/ltm

Conditions:
When a BIG-IP system attempts to suppress a incoming dynamic route that matches the admin network, but the route is already suppressed.

Impact:
None.

Recommended Action:
None.


01940007 : "Failed to allocate the errdefs tmconf handle!"

Location:
/var/log/ltm

Conditions:
The errdefsd daemon is out of memory. This memory allocation occurs during the daemon's startup. If you see this error, the system has a critical issue.

Impact:
The errdefsd daemon attempts to restart. If the same conditions exist, the daemon restart will fail. This series of events should be impossible.

Recommended Action:
Use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


0194000b : "errdefs: error adding local syslog destination %s; check the configuration for missing elements."

Location:
/var/log/ltm

Conditions:
The system is out of memory and therefore affecting the errdefs daemon. Possible reasons are:

1. One or more processes running on the system are using an excessive amount of memory.

2. The logging configuration is excessively large (several hundred publishers, destinations, and/or filters)

3. A validation issue in the mcpd daemon is allowing the creation of an incomplete logging configuration.

Impact:
The errdefsd daemon never publishes an incomplete logging configuration. Therefore, all daemons continue to use the previous logging configuration. If the previous logging configuration is the default configuration, then the configuration might only include local syslog logging.

Recommended Action:
Check the configuration. If all of the parts are present, and it is not overly large, use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


0194000c : "errdefs: error adding remote syslog destination %s; check the configuration for missing elements."

Location:
/var/log/ltm

Conditions:
The system is out of memory and therefore affecting the errdefs daemon. Possible reasons are:

1. One or more processes running on the system are using an excessive amount of memory.

2. The logging configuration is excessively large (several hundred publishers, destinations, and/or filters)

3. A validation issue in the mcpd daemon is allowing the creation of an incomplete logging configuration.

Impact:
The errdefsd daemon never publishes an incomplete logging configuration. Therefore, all daemons continue to use the previous logging configuration. If the previous logging configuration is the default configuration, then the configuration might include local syslog logging only.

Recommended Action:
Check the configuration. If all of the parts are present, and it is not overly large, use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


0194000d : "errdefs: error adding remote hsl destination %s; check the configuration for missing elements."

Location:
/var/log/ltm

Conditions:
The system is out of memory and therefore affecting the errdefs daemon. Possible reasons are:

1. One or more processes running on the system are using an excessive amount of memory.

2. The logging configuration is excessively large (several hundred publishers, destinations, and/or filters)

3. A validation issue in the mcpd daemon is allowing the creation of an incomplete logging configuration.

Impact:
The errdefsd daemon never publishes an incomplete logging configuration. Therefore, all daemons continue to use the previous logging configuration. If the previous logging configuration is the default configuration, then the configuration might include local syslog logging only.

Recommended Action:
If the configuration is not overly large, use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


0194000e : "errdefs: error adding fslog destination %s; check the configuration for missing elements."

Location:
/var/log/ltm

Conditions:
The system is out of memory and therefore affecting the errdefs daemon. Possible reasons are:

1. One or more processes running on the system are using an excessive amount of memory.

2. The logging configuration is excessively large (several hundred publishers, destinations, and/or filters)

3. A validation issue in the mcpd daemon is allowing the creation of an incomplete logging configuration.

Impact:
The errdefsd daemon never publishes an incomplete logging configuration. Therefore, all daemons continue to use the previous logging configuration. If the previous logging configuration is the default configuration, then the configuration might include local syslog logging only.

Recommended Action:
Check the configuration. If all of the parts are present, and it is not overly large, use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


0194000f : "errdefs: error adding alertd destination %s; check the configuration for missing elements."

Location:
/var/log/ltm

Conditions:
The system is out of memory and therefore affecting the errdefs daemon. Possible reasons are:

1. One or more processes running on the system are using an excessive amount of memory.

2. The logging configuration is excessively large (several hundred publishers, destinations, and/or filters)

3. A validation issue in the mcpd daemon is allowing the creation of an incomplete logging configuration.

Impact:
The errdefsd daemon never publishes an incomplete logging configuration. Therefore, all daemons continue to use the previous logging configuration. If the previous logging configuration is the default configuration, then the configuration might include local syslog logging only.

Recommended Action:
Check the configuration. If all of the parts are present, and it is not overly large, use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


01940010 : "errdefs: failed to add splunk destination %s -- the delivering destination %s probably doesn't exist or contains errors."

Location:
/var/log/ltm

Conditions:
The system is out of memory and therefore affecting the errdefs daemon. Possible reasons are:

1. One or more processes running on the system are using an excessive amount of memory.

2. The logging configuration is excessively large (several hundred publishers, destinations, and/or filters)

3. A validation issue in the mcpd daemon is allowing the creation of an incomplete logging configuration.

Impact:
The errdefsd daemon never publishes an incomplete logging configuration. Therefore, all daemons continue to use the previous logging configuration. If the previous logging configuration is the default configuration, then the configuration might include local syslog logging only.

Recommended Action:
Check the configuration. If all of the parts are present, and it is not overly large, use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


01940011 : "errdefs: error adding IPFIX destination %s; check the configuration for missing elements."

Location:
/var/log/ltm

Conditions:
The system is out of memory and therefore affecting the errdefs daemon. Possible reasons are:

1. One or more processes running on the system are using an excessive amount of memory.

2. The logging configuration is excessively large (several hundred publishers, destinations, and/or filters)

3. A validation issue in the mcpd daemon is allowing the creation of an incomplete logging configuration.

Impact:
The errdefsd daemon never publishes an incomplete logging configuration. Therefore, all daemons continue to use the previous logging configuration. If the previous logging configuration is the default configuration, then the configuration might include local syslog logging only.

Recommended Action:
Check the configuration. If all of the parts are present, and it is not overly large, use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


01940012 : "errdefs: failed to add splunk destination %s -- the delivering destination %s probably doesn't exist or contains errors."

Location:
/var/log/ltm

Conditions:
The system is out of memory and therefore affecting the errdefs daemon. Possible reasons are:

1. One or more processes running on the system are using an excessive amount of memory.

2. The logging configuration is excessively large (several hundred publishers, destinations, and/or filters)

3. A validation issue in the mcpd daemon is allowing the creation of an incomplete logging configuration.

Impact:
The errdefsd daemon never publishes an incomplete logging configuration. Therefore, all daemons continue to use the previous logging configuration. If the previous logging configuration is the default configuration, then the configuration might include local syslog logging only.

Recommended Action:
Check the configuration. If all of the parts are present, and it is not overly large, use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


01940019 : "Unable to connect to MCPD, will try again in 30 seconds."

Location:
/var/log/ltm

Conditions:
This message typically occurs on system startup when the errdefsd daemon starts up before the mcpd daemon. In this case, errdefsd must wait until mcpd begins accepting connections. The message is logged every 30 seconds until a connection between errdefsd and mcpd is established. Once errdefsd connects with mcpd, logging of the message stops.

Impact:
The errdefsd daemon normally communicates the logging configuration to the rest of the system. However, during the time that errdefsd is unable to connect to mcpd, the rest of the system uses the most recently-communicated logging configuration instead. An exception to this behavior is if the message occurs on boot-up; in this case, the system logs locally.

Recommended Action:
Ignore these messages whenever the system is logging them occasionally on startup; in this case, the messages are benign. If the messages persist, consult the MCP logs for more information because there is likely a problem with the mcpd daemon.


0194001d : Errdefsd is starting.

Location:
/var/log/ltm

Conditions:
Generated by the errdefsd daemon, this message appears whenever the machine is rebooted or errdefs restarts. The message typically occurs when errdefsd has not yet established
connectivity with the mcpd daemon.

Impact:
There is no immediate change to the system when this message appears. The message is generated at the NOTICE level, but should be generated at the INFO level instead. Because the errdefsd daemon must be running for changes to log filters, publishers, and destinations to be communicated from mcpd to the processes that are actually generating logs, this message simply indicates that errdefsd has been (re)started and will be publishing a new logging configuration (to a new shared memory segment). The old "deprecated" segment might continue to exist for some time because daemons only notice the change and switch to the new segment when they attempt to log.

Recommended Action:
No corrective action is needed. This log message is part of normal startup and is not an error.


01940022 : errdefs: error adding management port destination %s; check the configuration for missing elements.

Location:
/var/log/ltm

Conditions:
The system is out of memory and therefore affecting the errdefs daemon. Possible reasons are:

1. One or more processes running on the system are using an excessive amount of memory.

2. The logging configuration is excessively large (several hundred publishers, destinations, and/or filters)

3. A validation issue in the mcpd daemon is allowing the creation of an incomplete logging configuration.

Impact:
The errdefsd daemon never publishes an incomplete logging configuration. Therefore, all daemons continue to use the previous logging configuration. If the previous logging configuration is the default configuration, then the configuration might only include local syslog logging.

Recommended Action:
Check the configuration. If all of the parts are present, and it is not overly large, use 'top -a' or 'ps v | sort -k 8 -g -r | head' to look for processes occupying excessively large amounts of memory. Consider restarting said process(es), saving the core(s), and filing a bug.


01960002 : netHSM: Failed to login to network HSM with login_status[%lu].

Location:
/var/log/ltm

Conditions:
This occurs when the BIG-IP is unable to login to the network HSM. There are multiple possible reasons why the HSM would not let the BIG-IP login (eg an incorrect, invalid, or expired password or a locked HSM). The BIG-IP logs the specific error returned by the HSM, so that the user can look for more specific info in the HSM documentation, but a good place to start is verifying that the password is correctly entered on the BIG-IP and matches the password on the HSM.

Impact:
All HSM keys will be unable to be used (as well as any configurations depending on them) until the issue preventing the BIG-IP system from logging in to the HSM is resolved.

Recommended Action:
There is no workaround, but the issue is that the password that the BIG-IP is using to log in to the HSM is not what the HSM is expecting.


01960004 : netHSM: Failed login: password[%s]. Error[%lu].

Location:
/var/log/ltm

Conditions:
This occurs when the BIG-IP system is unable to log in to the network HSM. There are multiple possible reasons why the HSM would not let the BIG-IP log in (for example, an incorrect, invalid, or expired password, or a locked HSM). The point of this message is to provide feedback as to what type of issue the HSM reports to the BIG-IP system for why the login failed. The BIG-IP system logs the specific error returned by the HSM, so that the user can look for more specific information in the HSM documentation, but a good place to start is verifying that the password is correctly entered on the BIG-IP system and matches the password on the HSM.

Impact:
All HSM keys will be unable to be used (as well as any configurations depending on them) until the issue preventing the BIG-IP from logging into the HSM is resolved.

Recommended Action:
There is no hard and fast workaround, but the ultimate issue is that the password that the BIG-IP system is using to log in to the HSM is not what the HSM is expecting.


01960005 : netHSM: The session with the network-hsm is invalid.

Location:
/var/log/ltm

Conditions:
This happens when the BIG-IP system is unable to open a session with the network HSM. This most likely indicates that there is an issue with the network connecting the BIG-IP system to the network HSM, or the network HSM is unable to allow connections from the BIG-IP system.

Impact:
All HSM keys will be unable to be used (as well as any configurations depending on them) until the issue preventing the BIG-IP system from logging in to the HSM is resolved.

Recommended Action:
There is no temporary workaround. The solution is to determine why the BIG-IP system cannot communicate with the network HSM and restore communications between the BIG-IP system and the network HSM


01960005 : netHSM: The session with the network-hsm is invalid.

Location:
/var/log/ltm

Conditions:
If this occurs, it means HSM returns error at the request of C_OpenSession.

Impact:
This is the initial HSM operation. Pkcs11d will try to re-run in order to recover. If it cannot be recovered, it normally indicates a severe HSM networking issue or integration issue.

Recommended Action:
Check the availability of HSM and try reinstall HSM.


01960006 : netHSM: Failed to open file [%s].

Location:
/var/log/ltm

Conditions:
The pkcs11d service doesn't exist or the user is not logged on with the root account. If this happens, try to start/restart the pkcs11d service or reinstall the HSM client with root privilege.

Impact:
If this happens, most HSM functions will be unavailable. In particular, key generation and the SSL handshake through the HSM will fail.

Recommended Action:
Try to add, start, or restart the pkcs11d service or reinstall the HSM client, using the root user account.


01960007 : netHSM: Unknown client [%d].

Location:
/var/log/ltm

Conditions:
The pkcs11d process has received requests from TMM and the requests were not named "PKCS11D_CLIENT_TMM".

Impact:
All netHSM related operations, for example, key creation/sign/decrypt, will not work.

Recommended Action:
Use the TMSH command "restart sys service tmm" to restart TMM. This will interrupt traffic processing during the restart. If the error continues to occur, reinstall the NetHSM client software at BigIP.


01960008 : netHSM: Thales RFS error [%s].

Location:
/var/log/ltm

Conditions:
"rfs-sync" (which is Thales's utility) is missing or not working properly.

Impact:
Thales key cannot be uploaded to its RFS server, and consequently, other BIG-IP systems can't get it. For example, at HA setup, the key won't be able to get sync'ed to the standby BIG-IP system.

Recommended Action:
Reinstall the Thales client. This might cause TMM to be restarted, which will interrupt tmm services.


01960009 : netHSM: Failed to allocate space [%u] for [%s].

Location:
/var/log/ltm

Conditions:
The BIG-IP system memory is nearly or already exhausted, possibly due to a memory leakage.

Impact:
The pkcs11d daemon does not work properly, and key generation and other operations (example: netHSM SSL key signing) fail.

Recommended Action:
Reboot the system to clean up the used memory.


01960010 : netHSM: Unknown HSM vendor [%s].

Location:
/var/log/ltm

Conditions:
This error occurs when the HSM client is not installed properly or when a user manually changes the external_hsm.vendor's name. You can check the vendor name with this tmsh command:
     
     tmsh list sys crypto fips external-hsm vendor

Impact:
This error indicates a problem with the HSM installation.

Recommended Action:
Reinstall the HSM client on the BIG-IP system.


01960011 : netHSM: BigDB error [%d][%s].

Location:
/var/log/ltm

Conditions:
This error can occur when bigdb is not functioning properly.

Impact:
The pkcs11d service cannot retrieve the DB variable.

Recommended Action:
Restart the bigdbd service or issue the "bigstart restart" command.


01960012 : netHSM: PKCS11d (re)initialization is not complete.

Location:
/var/log/ltm

Conditions:
A pkcs11d is at reinitialization or initialization stage.

This might happen too soon after a pkcs11d restart. This might also happen when the network connectivity between the BIG-IP system and hsm are being restored from a network disruption.

Impact:
If this happens, pkcs11d operations, such as key creation, won't be able to finish.

Recommended Action:
Wait for some time and issue key creation command again.


01960013 : netHSM: PKCS11d stopped. Verify password, and restart PKCS11d.

Location:
/var/log/ltm, console, GUI

Conditions:
This message will appear anytime the BIG-IP system realizes that the nethsm password it uses to log into the netHSM is incorrect. This could be because the user changed the password on the netHSM itself, or it could be because the BIG-IP system was configured with the wrong password.

Impact:
Any configuration that depends on nethsm keys will fail to work until this issue is resolved, and PKCS11d is restarted. There is no way to automatically recover from the BIG-IP system having the wrong password.

Recommended Action:
Either change the HSM password to match the BIG-IP system's stored password, or change the password on the BIG-IP system to the one the netHSM is using.

There is no workaround for this issue.


01960014 : netHSM: Error: %s.

Location:
/var/log/ltm

Conditions:
Sys calls from tmm are received, which should not occur.

Impact:
Some unexpected results might occur. For example, the prolonged tmm sync call will make tmm crash.

Recommended Action:
Report to F5 Networks developers for resolution.


01a40000 : Failed to create IVS (%s).

Location:
/var/log/tmm

Conditions:
When a certificate is associated with an OCSP object, the configuration from the OCSP object is used to create an Internal Virtual Server that fetches OCSP response corresponding to the certificate. This error messages is seen when there is a failure in creating the Internal Virtual Server.

Impact:
OCSP response(s) for certificates(s) can't be fetched, and certificate monitoring is not functional.

Recommended Action:
The error is an internal error that can't be recovered from by user actions. However, user can disassociate OCSP monitoring from certificate, and re-associate it back to re-trigger internal initialization for fetching OCSP response.


01a40001 : Failed to create OCSP context - %s, with error: %E.

Location:
/var/log/tmm

Conditions:
When a certificate is associated with an OCSP object, the configuration from the OCSP object is used for context initialization for fetching OCSP response. This error indicates failure to do the necessary initialization.

Impact:
OCSP response(s) for certificates(s) can't be fetched, and certificate monitoring is not functional.

Recommended Action:
The error is an internal error that can't be recovered from by user actions. However, user can disassociate OCSP monitoring from certificate, and re-associate it back to re-trigger internal initialization for fetching OCSP response.


01a40002 : Failed to create OCSP request with OCSP object(%s), certificate(%s).

Location:
/var/log/tmm

Conditions:
When a certificate is associated with an OCSP object, the configuration from the OCSP object is used for context initialization for fetching OCSP response. This error indicates failure to do the necessary initialization.

Impact:
OCSP response(s) for certificates(s) can't be fetched, and certificate monitoring is not functional.

Recommended Action:
The error is an internal error that can't be recovered from by user actions. However, user can disassociate OCSP monitoring from certificate, and re-associate it back to re-trigger internal initialization for fetching OCSP response.


01a40003 : HTTP status code of OCSP response(%d) indicates failure to obtain the response for certificate(%s).

Location:
/var/log/tmm

Conditions:
This indicates that the unsatisfactory HTTP status code returned by the OCSP responder. If the status code is 503, it could indicate other issues such as failure in DNS resolution of the OCSP responder URL, or other network issues.

Impact:
OCSP response can't be obtained for a certificate and the monitoring status indicates an error.

Recommended Action:
For 503 status code, examine tcpdump and tmctl stats for the TCP profile, and HTTP profiles with a name starting with the prefix of "_km_ocsp" for debugging connection errors.

Other status codes are returned from the OCSP responder, and might be temporary errors indicating OCSP responder downtime etc.


01a40004 : OCSP validation result of certificate(%s): OCSP response - (%s), certificate status - (%s), lifetime - %u.

Location:
/var/log/tmm

Conditions:
This log is seen when OCSP validation is enabled on the certificate. The log is informational and indicates the OCSP response, certificate status and the calculated cache lifetime of the OCSP response.

Impact:
None.

Recommended Action:
None.


01a50024 : Node to corrupt %s is invalid

Location:
/var/log/ltm

Conditions:
This condition only happens during a debug session where the debug parameters are invalid.

Impact:
The debugging operation does not work properly.

Recommended Action:
Supply the correct node name during the corrupt node debugging operation.


01a50027 : The revoke option is only available on VE platforms.

Location:
/var/log/ltm, tmsh

Conditions:
User error by requesting a license being revoked on a non-VE system.

Impact:
This safeguard informs the user that this action is not possible and invalid license revocation is avoided.

Recommended Action:
The only workaround is to not attempt to revoke the license on a non-VE system.


01a50031 : Manifest created is larger than 512K: %u

Location:
/var/log/ltm

Conditions:
A huge manifest has been produced that prevents the data from being passed on to the receiving server. This is an unlikely event.

Impact:
A phone-home upload will not happen. This is informational data that is collected for statistics. By not sending this information (if it is indeed good data that exceeded 512k), the information will be lost. This impacts statistics collection by F5 only. Note that many systems do not send this either because they opted out or are not connected to the internet.

Recommended Action:
None.


01a50033 : Unable to parse the manifest with a json parser.

Location:
/var/log/ltm

Conditions:
This is not ever expected to happen unless there is an error condition caused by an unforeseen event. There is a bug in the creation of the manifest. In the past, the json has had this condition and it went unnoticed until the downstream process failed.

Impact:
If this error occurs, the manifest is marked as invalid and the calling function should stop and report this.

Recommended Action:
Corrective action in creating the manifest in proper json is needed.


01a50034 : Failed to get variables from mcpd: %s

Location:
/var/log/ltm

Conditions:
This error could happen if the mcpd is not active or there is an error condition not anticipated.

Impact:
The impact can vary depending on the variable in question. Most likely if the variable value is not obtained, the calling program will fail.

Recommended Action:
This could be a temporary condition where the mcpd daemon was down and the issue could go away should it be restarted. A possible workaround might be to try again later presumably when the mcpd is running.


01a50035 : Failed to to connect to mcpd.

Location:
/var/log/ltm

Conditions:
The usual case for this error is that the mcpd service is not running or is in the process of getting started and isn't communicating yet.

Impact:
The calling program usually throws an exception and stops. Unless obtaining the information from mcpd is not crucial to successful execution of the program, the calling application will fail. This most likely isn't an error in the application but indicates that there is a system condition (mcpd not running) that is causing this.

Recommended Action:
Once the mcpd is correctly working, perhaps simply restart the daemon if it was stopped due to some other need. If the mcpd cannot be started, then the system is in a failed state.


01a50100 : Error: Failed to store EULA in %s.

Location:
/var/log/ltm

Conditions:
An existing EULA file does not have permissions to be overwritten, thereby causing the system to write the file to another location.

Impact:
The EULA file is not written to the location requested. Since this is an informational file, there is only a cosmetic problem, although it might have legal consequences. The latter is doubtful because the EULA is not necessarily needed to be in the location specified.

Recommended Action:
Unless there is a specific legal need to have the EULA written to the file specified, this can usually be ignored since there is no direct impact on program function.


01a50101 : Error: Failed to install backup file %s to %s.

Location:
/var/log/ltm

Conditions:
The reason for failure can be varied: permissions, disk space, invalid name, missing directory.

Impact:
If writing a backup license file fails, the capability of reinstalling a replaced or expired license is no longer possible. Since this is a step of the licensing process, failing to write a backup will stop the licensing process and a new license will not get installed.

Recommended Action:
Through inspection of the file names in the error message, it might be possible to determine the reason for failure. The process of using the backup license is never done and probably would not work anyway. The backup license is used as a historical record of licensing only. In any case, the impact of not having a backup is non-existent or at most negligible.


01a50102 : Error: Failed when calling /usr/bin/chcon for %s.

Location:
/var/log/ltm, /var/log/auditd/audit.log

Conditions:
This call can fail if the selinux parameters being set are not correct.

Impact:
This call is currently only specific to installing the EULA in the /LICENSE.F5 file. If for some reason, this fails to have a selinux status set correctly, there will be warning messages in the secure logs.

Recommended Action:
It is safe to ignore the selinux warnings.


01a50111 : Error: Server busy, retry in %d seconds.

Location:
GUI

Conditions:
Communications with a license server can fail due to the server being inaccessible (busy). Sometimes, simply re-trying will succeed.

Impact:
If this occurs often, or if the license server cannot be contacted, a new BIG-IP license cannot be installed and the system could be inoperative.

Recommended Action:
There are other means of installing license files, should this error continue and prevent communications to the license server. The GUI copies dossier strings directly to the licensing server. It's possible that there is an IP resolve issue (domain-name resolution) that is preventing communications requiring intervention. Also, simply trying again might work in many situations.


01a60001 :

Location:
DPI HSL

Conditions:
When classificaion logging is enabled via security log profile.

Impact:
None.

Recommended Action:
None.


01a70121 : Error: Failed while getting the status, %s.

Location:
/var/log/ltm

Conditions:
The mcpd daemon is down or not communicating.

Impact:
Any program that uses f5-api-com interface will fail because it requires communications with the mcpd daemon to obtain current values of data base items.

Recommended Action:
Usually, one can retry application again after the mcpd daemon restarts or finishes coming up.


01a70122 : Error: Failed to obtain auto-check/auto-phonehome status.

Location:
/var/log/ltm

Conditions:
Most likely this is a runtime error where the mcpd deamon is stopped or not completely started.

Impact:
Since the phonehome_upload program runs periodically, the upload for this period will be lost. The upload provides F5 with useful feedback information such as provisioning and hardware usage. There is no other impact.

Recommended Action:
The next execution of the phonehome_upload will most likely work if the reason for the failure was a temporary issue involving the mcpd daemon being unavailable (down).


01aa0000 : ICAP (%F): Incomplete message body received from server

Location:
/var/log/ltm

Conditions:
An ICAP transaction with a body ended without a terminating zero-length chunk "0\r\n\r\n". For example, the connection was closed prematurely.

Impact:
The HTTP client or server receives a partial message body. There might be a delay because the incomplete response might not be detected until the ICAP server connection times out.

Recommended Action:
Try the transaction again, as there might have been a transient network issue. If it consistently occurs, verify by packet capture that the ICAP server is sending the complete chunked ICAP response body, in particular the terminating chunk is present. Verify preceding chunk headers have the correct chunk length in hexadecimal, as any error will throw off tracking.

If the cause cannot be determined, contact F5 Support and provide the complete log per their instructions. If it looks like a possible bug in BIG-IP, F5 will need a packet capture including all 3 connections (HTTP client, HTTP server, and ICAP server) for diagnosis. Providing this with your initial report will save time.


01aa0001 : ICAP (%F): Unexpected status code %u received from server

Location:
/var/log/ltm

Conditions:
The ICAP server returned an unexpected status code in the first line of its response. The status code is reported. Expected ICAP status codes are in the range 100-299, most commonly 100, 200 and 204, per RFC 3507. Codes >= 300 are unexpected and reported in this log message.

Impact:
The ICAP transaction on the internal virtual server is aborted. The parent virtual server performs the service-down-action configured in the request-adapt or response-adapt profile.

Recommended Action:
Investigate why the ICAP server is returning an unexpected status code.


01aa0002 : ICAP (%F): Server responded 204 beyond or without preview ('Allow: 204' is not supported)

Location:
/var/log/ltm

Conditions:
The ICAP server returned status code 204 "no content" outside the context of a preview (either there was no preview or the server previously responded to the preview). BIG-IP is unable to buffer content beyond a preview, therefore is unable to accept 204 beyond or without a preview. BIG-IP does not specify "Allow: 204" in its ICAP request header, therefore the server must not respond with 204 under these conditions.

Impact:
The ICAP transaction on the internal virtual server is aborted. The parent virtual server performs the service-down-action configured in the request-adapt or response-adapt profile.

Recommended Action:
Check that an iRule in the ICAP_REQUEST event (or elsewhere) is not inserting "Allow: 204" into the ICAP header. If it is, it is misleading the server, and is the cause of the problem. Otherwise, the ICAP server is in violation of RFC 3507.


01aa0003 : ICAP (%F): Parsing ICAP response headers failed

Location:
/var/log/ltm

Conditions:
The BIG-IP system was unable to parse all of the ICAP headers in the server response.

Impact:
The ICAP transaction on the internal virtual server is aborted. The parent virtual server performs the service-down-action configured in the request-adapt or response-adapt profile.

Recommended Action:
Check the ICAP response headers. Verify all headers required by RFC 3507 are present and correctly formatted. If the setup is experimental and uses a manually-constructed ICAP response (or the ICAP server is a casual script), it is likely there is an incorrect offset in the 'Encapsulated:' header.

If the cause cannot be discerned, contact F5 Support and provide the complete log and packet capture per their instructions.


01aa0004 : ICAP (%F): Parsing ICAP chunked response body failed

Location:
/var/log/ltm

Conditions:
The BIG-IP system was unable to parse the chunked body of the ICAP server response.

Impact:
The ICAP transaction on the internal virtual server is aborted. The parent virtual server performs the service-down-action configured in the request-adapt or response-adapt profile.

Recommended Action:
Verify by packet capture that the ICAP server is sending the ICAP response body in chunked form (required by RFC 3507). Verify all chunk headers have the correct chunk length in hexadecimal, as any error will throw off tracking. If the setup is experimental and uses a manually constructed ICAP response (or the ICAP server is a casual script), it is likely there is an incorrect size in a chunk header.

If the cause cannot be discerned, contact F5 Support and provide the complete log and packet capture per their instructions.


01aa0005 : ICAP (%F): Status code %u received from server

Location:
/var/log/ltm

Conditions:
The first line of the ICAP server response was received and successfully parsed. The status code is reported.

Impact:
This is a notification that is useful for analysis of an ICAP transaction.

Recommended Action:
If you were asked by F5 Support to set log.icap.level to "notice" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.icap.level below the "notice" level.


01aa0006 : ICAP (%F): Response completed after request completed - connection may be reused by 'oneconnect'

Location:
/var/log/ltm

Conditions:
An ICAP response completed normally, and not before the ICAP request completed. This indicates an ideal scenario in which the connection may be reused if the internal virtual server (IVS) has a 'oneconnect' profile (any abnormal or early termination prevents connection reuse).

Impact:
This is a notification that is useful for analysis of an ICAP transaction. If the internal virtual server (IVS) has a 'oneconnect' profile, the current TCP connection may be reused for a subsequent ICAP transaction.

Recommended Action:
If you were asked by F5 Support to set log.icap.level to "informational" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.icap.level below the "informational" level.


01aa0007 : ICAP (%F): Response completed before request - request truncated and oneconnect reuse disabled

Location:
/var/log/ltm

Conditions:
An ICAP response completed early, before the ICAP request completed. This occurs in normal operation when the ICAP response replaces (rather then modifies) the original ICAP request, such as a HTTP 302 redirect. In this case the outbound ICAP request body is truncated (server is no longer interested). Due to the truncation of the outbound request body, it is not possible to gaurantee the ICAP server will end up in a state that is ready to begin a new ICAP request. Therefore the connection is terminated and cannot be reused by a 'oneconnect' profile.

Impact:
This is a notification that is useful for analysis of an ICAP transaction. The ICAP connection is terminated and will not be reused, even if the internal virtual server (IVS) is configured with a 'oneconnect' profile.

Recommended Action:
If you were asked by F5 Support to set log.icap.level to "informational" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.icap.level below the "informational" level.


01aa0008 : ICAP (%F): An IVS result was imposed during iRule event %s - ICAP transaction terminated

Location:
/var/log/ltm

Conditions:
An iRule command "IVS_ENTRY::result <result>" executed in an event on the internal virtual server during an ICAP transaction. The event might be ICAP_REQUEST or ICAP_RESPONSE, or a non-ICAP event triggered by a command executed in one of those events. The ICAP event being executed at the time is reported. The result is communicated to the parent virtual server and determines its action.

Impact:
The imposition of an IVS result by an iRule overrides the ICAP transaction and places responsibility on the user's set of iRules to provide any HTTP headers and body to the parent virtual server. The ICAP transaction is aborted and has no further effect on the parent virtual server.

Recommended Action:
Check that the iRule executing "IVS_ENTRY::result <value>" is intended. If so, any issue must be resolved in the iRules. Generally use of this command on an internal virtual server (IVS) that has an active 'icap' profile is not recommended.

This is a notification that is useful for analysis of an ICAP transaction. If you were asked by F5 Support to set log.icap.level to "notice" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.icap.level below the "notice" level.


01aa0009 : ICAP (%F): An iRule parked at event %s

Location:
/var/log/ltm

Conditions:
An iRule in the ICAP_REQUEST or ICAP_RESPONSE event was not able to complete synchronously and has "parked" for later completion.

Impact:
Parking an iRule changes the timing and can affect system behavior, therefore this informational message is useful in debugging.

Recommended Action:
This is a notification that is useful for analysis of an ICAP transaction. If you were asked by F5 Support to set log.icap.level to "informational" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.icap.level below the "informational" level.


01aa0010 : ICAP (%F): Processing message %s failed: %s

Location:
/var/log/ltm

Conditions:
An error was encountered during processing of an internal message. The message and error code are reported.

Impact:
The ICAP connection is aborted. The parent virtual server performs the service-down-action configured in the request-adapt or response-adapt profile.

Recommended Action:
This is a notification that is useful for analysis of an ICAP transaction. If you were asked by F5 Support to set log.icap.level to "debug" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.icap.level below the "debug" level.


01aa0011 : ICAP (%F): Processing ingress from IVS failed: %s

Location:
/var/log/ltm

Conditions:
An error was encountered during processing of an outbound ICAP request body. The error code is reported.

Impact:
The ICAP connection is aborted. The parent virtual server performs the service-down-action configured in the request-adapt or response-adapt profile.

Recommended Action:
This is a notification that is useful for analysis of an ICAP transaction. If you were asked by F5 Support to set log.icap.level to "debug" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.icap.level below the "debug" level.


01aa0012 : ICAP (%F): Processing egress from server failed: %s

Location:
/var/log/ltm

Conditions:
An error was encountered during processing of an inbound ICAP response body. The error code is reported.

Impact:
The ICAP connection is aborted. The parent virtual server performs the service-down-action configured in the request-adapt or response-adapt profile.

Recommended Action:
This is a notification that is useful for analysis of an ICAP transaction. If you were asked by F5 Support to set log.icap.level to "debug" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.icap.level below the "debug" level.


01aa0013 : ICAP: Client-facing state transition %s -> %s

Location:
/var/log/ltm

Conditions:
The ICAP filter client-facing state machine transitioned from one state to another. The state names are reported. This state machine assembles outbound ICAP requests.

Impact:
None.

Recommended Action:
This is a notification that is useful for analysis of an ICAP transaction. If you were asked by F5 Support to set log.icap.level to "debug" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.icap.level below the "debug" level.


01aa0014 : ICAP: Server-facing state transition %s -> %s

Location:
/var/log/ltm

Conditions:
The ICAP filter server-facing state machine transitioned from one state to another. The state names are reported. This state machine parses and processes inbound ICAP responses.

Impact:
None.

Recommended Action:
This is a notification that is useful for analysis of an ICAP transaction. If you were asked by F5 Support to set log.icap.level to "debug" or above, please provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.icap.level below the "debug" level.


01ad0001 : Monitor Agent TMM %u: channel could not be opened: error %s(%s)

Location:
/var/log/ltm

Conditions:
An internal communication channel to the monitor agent in a TMM process failed an authentication check.

Impact:
The communication channel is closed by the TMM. In-TMM monitoring activity cannot take place in this TMM.

Recommended Action:
Report to F5 Support and provide the complete log.


01ad0003 : Monitor Agent TMM %u: channel could not be authenticated: error %s(%s)

Location:
/var/log/ltm

Conditions:
An attempt by the monitor daemon (bigd) to open a communication channel to the monitor agent in a TMM process is unsuccessful.

Impact:
In-TMM monitoring activity cannot take place in this TMM. The daemon may attempt to connect again.

Recommended Action:
Attempting to restart bigd may be successful if there is a transient issue. It is possible there is an internal network failure within the BIG-IP. Report to F5 Support and provide the complete log.


01ad0013 : Monitor Agent TMM %u: failed to handle %s message: MID %u, error %s(%s)

Location:
/var/log/ltm

Conditions:
An error occurrs in the in-TMM monitor agent when processing a message from the monitor daemon (bigd).

Impact:
The message is not processed.

Recommended Action:
In case it is a transient issue, disable then enable the monitor the message is associated with; if it still fails, turn up the log level as high as "debug" by means of tmsh modify sys db log.tma.level value debug. If you cannot discern the cause with the error code, contact F5 Support and provide the complete log.


01ad0014 : Monitor Agent TMM %u: created activity: proto %s, endpoint %A:%u, monitor %s

Location:
/var/log/ltm

Conditions:
A new in-TMM monitoring activity is created.

Impact:
Monitor probe messages begin going out to the endpoint at configured intervals, and responses are monitored.

Recommended Action:
Set log.tma.level to "notice" or above. Provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.tma.level below the "notice" level.


01ad0015 : Monitor Agent TMM %u: failed to create activity: proto %s, endpoint %A:%u, monitor %s

Location:
/var/log/ltm

Conditions:
A new in-TMM monitoring activity fails create.

Impact:
Monitor probe messages do not go out to the endpoint.

Recommended Action:
An error occurs in TMM that prevents the monitoring activity from establishing. Another log message may follow with an internal error code. In the monitor configuration, try to disable then enable the monitor, in case it is a transient issue. If it still fails, try turning up the log level as high as "debug" by means of: tmsh modify sys db log.tma.level value debug.

If you cannot discern the cause, contact F5 Support and provide the complete log.


01ad0016 : Monitor Agent TMM %u: deleted activity: MID %u

Location:
/var/log/ltm

Conditions:
In-TMM monitoring activity is deleted.

Impact:
Monitor probe messages stop going out for that monitoring activity, and any latent responses are ignored.

Recommended Action:
Notification is useful for analysis of in-TMM monitoring activity. Set log.tma.level to "notice" or above. Provide the qkview containing the log file to F5 for analysis. If not requiring this level of logging, set the system DB variable log.tma.level below the "notice" level.


01ad0017 : Monitor Agent TMM %u: sent probe: MID %u

Location:
/var/log/ltm

Conditions:
A monitor probe successfully initiates to the endpoint of a given in-TMM monitoring activity. The probe generates a protocol-specific in-TMM monitor backend, which reports success to the generic in-TMM monitor agent. Some backends may log more specific information.

Impact:
There is a probe action generated by an in-TMM monitor backend specific to the protocol of the stated in-TMM monitor activity. The TMM expects a protocol-specific response interpreted by the same backend.

Recommended Action:
A debug message is useful for debugging issues with in-TMM monitoring. Set log.tma.level to "debug" or above; provide the qkview containing the log file to F5 for analysis. If not requiring this level of logging, set the system DB variable log.tma.level below the "notice" level.


01ad0018 : Monitor Agent TMM %u: failed to send probe: MID %u

Location:
/var/log/ltm

Conditions:
A monitor probe was attempted to the endpoint of a given in-TMM monitoring activity, but could not be sent. The probe was attempted by a protocol-specific in-TMM monitor backend, which reported failure to the generic in-TMM monitor agent. The generic in-TMM monitor agent then logged the generic error message.

Impact:
The probe action was never initiated to the endpoint. The monitoring activity might attempt to probe again up to some number of times, depending on the protocol and how it is configured. Eventually without a successful probe, the monitored endpoint is marked as down.

Recommended Action:
In case it is a transient issue, disable then enable the monitor the message is associated with; If it still fails, try turning up the log level as high as "debug" by means of tmsh modify sys db log.tma.level value debug. The error code provides more detailed information; If the cause cannot be discerned, contact F5 Support and provide the complete log


01ad0019 : Monitor Agent TMM %u: received probe response: MID %u, reason %s(%s), info %#x

Location:
/var/log/ltm

Conditions:
The endpoint of a given in-TMM monitoring activity receives a monitor probe response.
The response from the endpoint interprets the protocol-specific in-TMM monitor backend, which reports it to the generic in-TMM monitor agent. The generic debug message is logged. A backend is free to ignore an invalid response without reporting it; the generic in-TMM monitor agent will eventually time out and decide that no response was received.
Some backends might log more specific information in separate messages.

Impact:
The generic in-TMM monitor agent determines the current monitor up/down status and notifies the monitor daemon (bigd) according to parameters given when the monitor activity was created. The parameters are logged by the TMALOG_MSG_CREATE informational message. The monitor daemon makes a final determination of the endpoint status.

Recommended Action:
A debug message is useful for debugging issues with in-TMM monitoring. Set log.tma.level to "debug" or above; provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.tma.level below the "debug" level.


01ad0020 : Monitor Agent TMM %u: probe response timeout: MID %u

Location:
/var/log/ltm

Conditions:
The TMM has not received a valid response to a monitor probe within the timeout associated with the monitoring activity. The timeout is specified when the monitor activity is created by the monitor daemon and logged by the TMALOG_MSG_CREATE informational message.

Impact:
The generic in-TMM monitor agent concludes that the endpoint has not responded to the probe and tells the protocol-specific in-TMM monitor backend to stop waiting for response. The backend closes any connection it had to the endpoint. The agent determines the current monitor up/down status and notifies the monitor daemon (bigd) according to parameters given when the monitor activity is created. (The parameters are logged by the TMALOG_MSG_CREATE informational message). A final determination of endpoint status is made by the monitor daemon (bigd).

Recommended Action:
A debug message that is useful for debugging issues with in-TMM monitoring. Set log.tma.level to "debug" or above; provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.tma.level below the "debug" level.


01ad0021 : Monitor Agent TMM %u: created/enlarged monitor table for %u entries

Location:
/var/log/ltm

Conditions:
There is a change to the size of TMM's table of monitoring activities. The TMM process and new table size are reported. The message displays once at TMM startup, once at TMM shutdown, and any time the table is enlarged.

Impact:
None.

Recommended Action:
Set log.tma.level to "informational" or above; provide the qkview containing the log file to F5 for analysis. If this level of logging is not required, set the system DB variable log.tma.level below the "informational" level.




*********************** NOTICE ***********************

For additional support resources and technical documentation, see:
******************************************************
Generated: 25/06/2018
Copyright F5 Networks (2018) - All Rights Reserved

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.

Additional Comments (optional)