| 225759 |
Master key is not synchronized when you upgrade a BIG-IP Global Traffic Manager synchronization group to version 10.1.0 or later, The master key is not synchronized to all members within the synchronization group. For step-by-step instructions to fix this known issue, see SOL11868: The master key may not be synchronized after upgrading a BIG-IP GTM synchronization group, available here: https://support.f5.com/kb/en-us/solutions/public/11000/800/sol11868. Upgrading synchronization group to 10.1.0 or later. Workaround: After upgrading an existing sync group to dnssec, manually run fipssync and f5mku. |
| 325318 |
If log level is set to info, the system logs in the zrd log RR add/delete changes. The system does not log which user performed the change, or any changes other than add/delete of RR. Audit logging for ZoneRunner. Workaround: None. |
| 358268 |
The system allows you to specify a DNS64 Prefix of up to 128 bits (a full IPv6 address). However, a valid prefix is only the first 96 bits. The system uses only the first 96 bits. This occurs when specifying a DNS64 prefix. Workaround: If you enter 64:ff9b::1234:1234 and provide message that last 32 bits (last 2 hex tuples) must be all zeros. For example, 64:ff9b:0:0:0:0:0:0. |
| 363134 |
[Link Controller] Links get auto-discovered when global Auto-Discovery is disabled and Link Discovery is on. Links get auto-discovered. This occurs when disabling Auto-Discovery in Link Controller. Workaround: Disabling Link Discovery is the only way to truly disable this option. |
| 363142 |
[Link Controller] Global Auto-Discovery can be disabled while there is a link with the bigip_link monitor. Global Auto-Discovery stays disabled. This occurs when using the bigip_link monitor. Workaround: Do not disable global Auto-Discovery while having a link with bigip_link monitor. |
| 411515 |
The editing of builtin objects is not compatible with incremental sync. Incremental sync does not work because the system cannot sync read-only/builtin objects. Editing of builtin objects and incremental sync. Note: It is not recommended to edit builtin objects; you should use inheritance when possible. For example, instead of editing a base profile you should create a new profile that inherits from the base profile using the defaults-from option; this profile can be synchronized over incremental sync. The same practice can be applied to monitors. For objects without inheritance (such as iApp templates) you must copy the builtin object into a new object. Workaround: To synchronize an edit to a builtin object you must temporarily enable the device group's full-load-on-sync option; this option can be disabled after synchronizing the changes. |
| 421139 |
GTM not probing all accessible links, marking some in other data centers as down when they are up. Incorrect traffic re-direction, status reporting and synced GTM systems reporting different object statuses. GTM systems 1 and 2 exist in two data centers, each with a different link, but both GTM systems can access both links. If on GTM1 Big3d goes down, GTM2 flags the link associated with GTM1 as down instead of trying to probe it. Workaround: Create a new GTM data center that contains the unprobed link and the GTM system that is up. |
| 425108 |
If you create or modify a GTM link in tmsh to include a monitor, and attempt to list the available monitors using tab completion, only monitors of type bigip-link or gateway-icmp are listed. If the user attempts to apply a transparent http, https, tcp, tcp-half-open, or udp monitor, to a link, it will not be listed by tab completion. This issue occurs when all of the following conditions are met: -- Custom transparent monitor. -- Monitor type is not Gateway ICMP. -- Use tab completion in tmsh to display all available custom transparent. Workaround: You can work around this issue when associating the monitor with a GTM link using the tmsh utility. To do so, you can manually type the name of a custom transparent monitor. |
| 439979 |
"big3d uses SSL ticket extension, which caused problems with servers running old versions of OpenSSL. This causes the customer's webserver, that doesn't support this option, to fail with (alert 21, decryption failure)." GTM Object is incorrectly marked down. GTM HTTPs monitor connecting to a webserver that doesn't support RFC 4507/RFC 5077 Workaround: To work around this issue, you can write an external script that you can import to the BIG-IP GTM system, and then configure the system to use that script instead of the GTM HTTPS health monitor: For detailed information about how to work around this issue, see SOL15053: The BIG-IP GTM system may incorrectly mark a resource down when using the GTM HTTPS health monitor, available at http://support.f5.com/kb/en-us/solutions/public/15000/000/sol15053.html. |
| 456047 |
When using the web user interface to add server IP addresses to an existing Global Server Load Balancing (GSLB) server, any existing server IP addresses that have an explicit link configured are lost. If a link goes down, everything on the link goes down, so it is possible that unexpected resources will go down, if the GTM servers or virtual servers lose their explicitly defined links. Preliminary testing suggests that when these explicit links are lost, GTM might auto-match the server IP addresses (or virtual servers) to a different link, and this link might be different from the one the user explicitly configured. This occurs after adding a new IP address to the server. This can be examined by using tmsh to list the server and its associated explicit link. Workaround: When configuring servers that are using explicit links, using tmsh (not the web UI) to edit the server properties, prevents explicit links from being erased. |
| 464708 |
"DNS logging does not support Splunk format log. It failed to log the events, instead logging err msg: hostname=""XXXXXXXXXXXXX.XX"",errdefs_msgno=""01230140:3:""" DNS logging does not log Splunk format to HSL. DNS logging and Splunk format log. Workaround: None. |
| 480795 |
[GTM] Move address from one HA redundant LTM to another could cause bigip monitor failure. Only one of the redundant LTM systems get probed. If the probed LTM is standby, it ignores the probe request. Available BIG-IP redundant LTM server is marked down; the monitor does not work, and all hosted virtual servers are marked down. BIG-IP redundant LTM server configuration with one address at 'Address List' and another at 'Peer Address List', one of the addresses is moved from another. Workaround: Delete the moved address and add it back, or delete the redundant server and re-create it. |
| 486995 |
Objects that are dependent on a specific server name do not work as expected. For example, if the configuration contained a large number of objects (900 objects) based off one core GTM server, there is no way to rename an object if the GTM server is created with an incorrect name. Cannot rename GTM server object after creation. This occurs when creating a GTM object using an incorrect name. Workaround: A workaround for this situation is to directly modify the GTM configuration file, bigip_gtm.conf, doing a search and replace for old name with the new name. Perform the edits in a temporary file using a copy of the original. Once modified, You can replace the existing bigip_gtm.conf. Once replaced, run the command: 'tmsh load sys config gtm-only'. Important: This action causes the renamed server and its related pool members to become unavailable for the duration of one monitor interval. |
| 487144 |
Customer may see the following critical error message showing that they can not locate the keys from the FIPS: "FIPS acceleration device failure: cannot locate key" SSL can not locate the key from the FIPS card, and SSL will not function properly. There is FIPS card in the BIG-IP and the key is retrieved. Workaround: None. |
| 511865 |
GTM external monitor is not correctly synced in GTM sync group without device group. The GTM external monitor is not synced correctly and configuration fails on the peer GTM system. The system posts an error similar to the following: err iqsyncer[20361]: 011ae104:3: Gtm config sync result from local mcpd: result { result_code 17237778 result_message '01070712:3: Values (/Common/bad_external_monitor.sh) specified for external monitor parameter (/Common/external_test 2 RUN_I=): foreign key index (to_file) do not point at an item that exists in the database.' } This occurs when the following conditions are met: 1. GTM systems exist in the same GTM sync group but not in the same device group. The GTM external monitor refers to non-default system file. Workaround: Configure both GTM systems in the same GTM sync group and the same device group. |
| 517609 |
When searching received data for bytes that are regex metacharacters such as $ (dollar sign), . (period), ? (question mark), etc., the search string typically requires backslash characters to escape these. Such escaped characters result in non-matching behavior in GTM monitors without warning in the GUI. The GUI also validates Perl (non-POSIX) character classes such as \d rather than [:digit:], but these Perl extensions do not search properly. If a GTM monitor's expression contains regex Perl extension character classes or escaped regex metacharacters, a member's status might be incorrectly labeled. Any running GTM monitor. Workaround: "When escaping a regular expression metacharacter, an \x5C can be entered as a substitute for a backslash. If searching for whitespace or digits, use [:space:] and [:digit:] rather than \s and \d. For example, searching for 'HTTP/ 1.1' in a GTM HTTP monitor, you can enter the search expression HTTP/ 1\x5C.1, which the regex compiler interprets as 'HTTP/ 1\.1', to search for the period character rather than interpreting the period ( . ) as the 'any non-null byte' metacharacter." |
| 523198 |
DNS resolver multiplexing might cause unexpected behaviors, resulting in multiple error message: notice hud_msg_queue is full. TMM cores or connflows not expiring. System posts messages similar to the following: notice hud_msg_queue is full. This occurs with a DNS resolver configured. Workaround: None. |
| 532859 |
ZRD could not be able to create reverse zones for zone types other than Master. Could not create reverse zones for types other than MASTER. Creating zone for ZRD with zone types other than Master. Workaround: None. |
| 569472 |
tmm cores with sigsegv within lb_why_pmbr_str. tmm cores. "1. Disable a GTM pool or pool member; 2. pool-member-selection is enabled for load-balancing-decision-log-verbosity" Workaround: Disable pool-member-selection for load-balancing-decision-log-verbosity. |
