1 Reply Latest reply on Jan 7, 2016 10:29 PM by Vinnie Lima

    F5 Load Balancer migration from Cisco ACE for MAS BSA 8.7

    Vinnie Lima

      Hi There,


      Migrating a customer's existing BSA 8.7 MAS (4 app servers) from using an old Cisco ACE (basic ICMP, round robin). They are having issues with uneven load distributions, and want to move to a F5 BIGIP load balancer as part of their infrastructure modernization.


      We setup three F5 load balancer templates (10840, 10841, and 10843 - note this is a BSA part of CLM environment thus the port numbers) which define the 4 member app server nodes in each template.  Templates for the Auth and App server ports (10840, 10841) use persistence of 1 hour based on source address.  Template for Web Services port (10843) has no persistence, as it is used by CLM and this is working fine.


      All app servers already have the necessary blasadmin configurations, and have been double checked:


      set AppServer ValidateRequestURL false

      set AuthServer AppServiceURLs service:appsvc.bladelogic:blsess://<VIP.FQDN>:10841

      set AuthServer ProxyServiceURLs service:proxysvc.bladelogic:blsess://<VIP.FQDN>:10842

      When I perform a blcred acquire, the following is the credential acquired:


      # blcred cred -list

      Username:         BLAdmin

      Authentication:   SRP

      Issuing Service:  service:authsvc.bladelogic:blauth://<VIP.FQDN>:10840

      Expiration Time:  Fri Jan 08 04:58:41 PST 2016

      Maximum Lifetime: Fri Jan 08 04:58:41 PST 2016

      Client address:

      Authorized Roles:




      Destination URLs:



      But when you attempt to launch the Console UI and connect with the acquired credentials, the following happens:




      Using the VIP from the Cisco ACE does not cause this problem.  The acquired credentials look exactly the same as using the new VIP.


      Any suggestions?