Introduction
In this article we will see how we can reactivate a F5 BIG-IP VE (Virtual Edition) Appliance that has an expired license. When the license is expired the BIG-IP Configuration utility gets stuck in “Configuration Utility restarting…” and you cannot login. We will focus on one of the latest VE versions 11.6.x where most of the usual methods to reactivate will not work.
Lab Environment
The full lab logical design can be seen .
Problem
Recently I had an issue where my BIG-IP Local Traffic Manager (LTM) and Global Traffic Manager (GTM) devices had an expired license. I was using a 45 days license which I failed to reactivate it got expired. I first noticed that there was an issue with the appliance when I tried to open the BIG-IP Configuration utility. As shown in the following screenshot it got stuck in “Configuration Utility restarting…” and I wasn’t able to login.
Luckily I had a user with SSH access to the F5 BIG-IP VE appliance. If you don’t have SSH access to the appliance you are in big trouble. In such cases I wasn’t able to find a solution and had to reinstall the BIG-IP device and redo all the configurations. As said I was lucky enough to have SSH access to I logged to the appliance and check the license by running [show sys license] . As you can see from the following screenshot the license was expired.
Using username "admin". Using keyboard-interactive authentication. Password: Last login: Thu Jun 25 23:10:38 2015 from 192.168.1.1 admin@(f5-ltm-b-01)(cfg-sync Standalone)(INOPERATIVE)(/Common)(tmos)# show sys license Warning: license has expired Sys::License Licensed Version 11.6.0 Registration key ABCDE- ABCDE – ABCDE – ABCDE – ABCDEF Licensed On 2015/06/10 License Start Date 2015/06/09 License End Date 2015/07/26 Service Check Date 2015/06/08 Platform ID Z100 Active Modules APM, Base, VE (XCPDPCE-PJTQEGD) Anti-Virus Checks Base Endpoint Security Checks Firewall Checks Network Access Secure Virtual Keyboard APM, Web Application Machine Certificate Checks Protected Workspace Remote Desktop
You will also notice other signs that there is something wrong like the work INOPERATIVE. The expired license also causes a lot of other issue that can manifest in different ways. For example when running [load sys config] it will fails:
admin@(f5-ltm-b-01)(cfg-sync Standalone)(INOPERATIVE)(/Common)(tmos)# load sys config Loading system configuration… /defaults/asm_base.conf /defaults/config_base.conf /defaults/ipfix_ie_base.conf /defaults/ipfix_ie_f5base.conf /defaults/low_profile_base.conf /defaults/low_security_base.conf /defaults/policy_base.conf /defaults/wam_base.conf /defaults/analytics_base.conf /defaults/apm_saml_base.conf /defaults/app_template_base.conf /defaults/classification_base.conf /defaults/daemon.conf /defaults/profile_base.conf /defaults/sandbox_base.conf /defaults/security_base.conf /defaults/urldb_base.conf /usr/share/monitors/base_monitors.conf Loading configuration… /config/bigip_base.conf /config/bigip_user.conf /config/bigip.conf 01070356:3: Load balancing feature not licensed. Unexpected Error: Loading configuration process failed.
Generally you can find a lot of F5 articles and forum posts describing how to install a license again and activate the device.
Some articles describe the use of commands like the following to achieve activation:
Ref:
Unfortunately the BIG-IP VE appliance has not bash shell access, therefore you cannot execute any of these commands. In the BIG-IP Virtual Edition Appliance you only have access to the Traffic Management Shell (tmsh) utility. the BASH shell is disabled. Even if you try to grant bash access to your user, the command will run successfully, but you will not be granted access.
Others describe that such problems might be resolved by restoring a F5 configuration with commands such as:
Ref:
This again doesn’t work because the license has already expired so the load cannot complete and fails.
Solution