F5 LTM: Failed appliance replacement

I did not think it would take that much effort but apparently, it is not an easy process unless you have a .ucs backup file. Also helps if you have HA (Active/Standby) setup. So as you read this create a .ucs backup file right away. 

  • Once on the console of the new appliance, use username root and password default, not admin account to log in. If you use admin you will be prompted to change your password. This changes the password for root also! However, the admin account is disabled for terminal access. To log back in use root and new password.

localhost login: admin
You are required to change your password immediately (root enforced)
Changing password for admin.
(current) UNIX password:
New BIG-IP password:
Retype new BIG-IP password:
Last failed login: Thu Nov 19 11:37:43 PST 2020 on ttyS0
There was 1 failed login attempt since the last successful login.
This account is currently not available.

  • If you ever created a QKView file and uploaded it to iHealth then you would think you can grab config from there and restore your appliance to normal condition but unfortunately, it is not the case. The only use for it I found is to extract certain sections and speed up configuration recovery. For example, take config/.bigip_emergency.conf file and load Management IP (use verify to check as an option)

[root@localhost:NO LICENSE:Standalone] config # tmsh

root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# load sys config from-terminal merge
Enter configuration. Press CTRL-D to submit or CTRL-C to cancel.
sys management-ip x.x.x.x/24 { }
sys management-route default {
gateway x.x.x.x
network default
sys global-settings {
mgmt-dhcp disabled


  • Now you can Web into management IP with username adminand password admin and go through Setup to enable license. Take note of your license as you may need it if you decide to restore from the .ucs file. The appliance will/may reboot/loose IP config during licensing. Re-apply management IP configuration and continue with the Setup
  • In HA setup you may have to upgrade/downgrade the appliance version. On 12.1.2 ISO upload status did not reflect the progress so I had to switch to SCP to upload the file. After that, I refreshed the web page on F5 and the image showed up as uploaded. Install new image and reboot. 

Now if you have .ucs backup file, you can upload and restore it to the appliance. Make sure and have copy of the license info.

I’ve tried doing .ucs restore in HA mode and it did not work. Primary active appliance started acting up, license on new appliance was overwritten and I had to call support for reset. I ended up with factory reset and doing steps below.

  • Next, configure manually Trunks (LACP), Vlans, and Interfaces in the GUI. I could not come up with an easy way to extract that info from the QKView file so I ended up building it in the GUI.
  • Once the above is complete you can import Self IPs and IP Routes extracted from config/.bigip.conf file using CLI and “load sys config from-terminal merge” command. Here is a sample of commands.

  • Next is device sync options. This will only apply if you have a redundant appliance that contains a complete configuration. As I’ve followed this link all worked as described and I finally had full HA restored.



Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar