How to reset a KempID password?

You can reset your KempID here

How to update the license on a LoadMaster?

System Configuration -> System Administration -> Update License

What is the difference between “online” and “offline” licensing?

with online licensing the LoadMaster will pull down the license from Kemp’s licensing server,

This is a requirement for Free LoadMasters

If the LoadMaster is not able to connect to Kemp’s licensing server or if it is in a secure environment then use offline license,

This will give you a link to open on any browser that has access to the internet,

Filling in your KempID and password here will send an email to this KempID with your new license,

This will then have to be applied to the LoadMaster

Can I use offline licensing with a Free LoadMaster?

No, part of the requirements of using a free LoadMaster is that it is connected to the internet

“Please keep in mind that the licensing steps vary for the Free LoadMaster, such as the fact that online licensing is the only available licensing method. Refer to the next section for instructions on how to license the Free LoadMaster.”

License Troubleshooting

For online licensing make sure the license checks are successful

Connection to default gateway

If this fails please recheck the setting in the initial setup,
confirm that the gateway is correct and that you have the correct subnet

Connection to DNS

If this fails please recheck the setting in the initial setup,
confirm that the gateway is correct and DNS entry is correct

Resolve Licensing Server

If this fails please then your DNS server is unable to find our license server
please use a public DNS or check your DNS server to confirming it is forwarding DNS requests correctly

Connection to License server (

If this fails, then the LoadMaster is not able to contact “” and “” on HTTPS 443
please check your firewalls

Cannot build symbol table - disabling symbol lookups

This is a normal bootup message that occurs on LoadMasters

What is the recommended firmware?

Kemp recommends upgrading to the LTS

L7: Connection timed out (x.x.x.x:p->y.y.y.y:p-><nodest>)[0] (waiting for initial client request)

"Waiting for initial client request" occurs when the client connects but does not send any data. The client in question is x.x.x.x, the VS is y.y.y.y, the third address is the RS. In this case, the RS has not been selected, since there has been no data from the client that can be used to determine which to select.

Can I upgrade from firmware X to the current GA firmware?

Please see tde table below for tde firmware update patd

Firmware Upgrade to        
5.1.X 5.1-74 -> 6.0-42-> 7.0-10I -> (LTS) -> 7.2.44 (GA)
6.0.X 6.0-42-> 7.0-10I -> (LTS) -> 7.2.44 (GA)
7.0.X 7.0-10I -> (LTS) -> 7.2.44 (GA)
7.1.X (LTS) -> 7.2.44 (GA)
7.2.X 7.2.44 (GA)

32-bit systems can only upgrade to LTS
see below for list of 32-bit models

GEO firmware versions??

L7: Connection timed out (x.x.x.x:p->y.y.y.y:p->z.z.z.z:p)[0] (unconnected)

"Unconnected" timeouts are a result of connection attempts which were not completed to the real server. LoadMaster has determined which real server should take the connection and has initiated a TCP connection to the server, however the server did not respond. This may be due to a failed real server which has not been marked as failed by the healthcheck. It could also be caused by a very slow response time.

Does my LoadMaster support the latest firmware?

Check the list below,
If the unit is 32-bit you can only upgrade as far as LTS
If the unit is not on the list below, please check our End of life cycle

32-bit Systems 64-bit Systems
LM-GEO 5.1-74 ->
6.0.X LM-X3
LM-2200 LM-X15
  Bare Metal

L7: Connection timed out (x.x.x.x:p->y.y.y.y:p->z.z.z.z:p)[0] (connected)

"Connected" timeouts indicate that the connection to the real server has been established and that data may have been transferred. The connection was disconnected because the idle timeout has been reached. This type of timeout is normal and is mostly the result of clients simply abandoning the connection.

The default for the timeout is 660s. This timeout can be found in System Configuration > Miscellaneous Options > L7 Configuration. The 'L7 Connection Timeout (secs)' is the global value for this timer. If it is set to 0, it will use the default value. This value can be overridden by the 'Idle Connection Timeout' in each virtual service.

How to upgrade firmware?

Step 1) Back up the LoadMaster

KEMP recommends taking a backup of the LoadMaster as a restore point which can be used if needed. To back up the LoadMaster, go to System Configuration > System Administration > Backup/Restore. Click Create Backup File.

Certificates need to be backed up separately. For instructions on how to back up certificates refer to the following article: How do I back up certificates?. Alternately, you can take a snapshot of the virtual machine if you have a Virtual LoadMaster.

Step 2) Download the patch

  • Log into the 
  • KEMP Support Centre.
  • Click Downloads.
  • Select the appropriate LoadMaster type/model.
  • Download the appropriate firmware release.

Step 3) Install the patch (Start on Standby unit if in HA)

  • In the WUI, go to System Configuration > System Administration > Update Software.
  • Click Choose File.
  • Browse to and select the patch file.
  • Click Update Machine.
  • Follow the prompts to apply the patch.

Step 3.5) If the update fails due to "License disallows further software updates" please refer to this article:


Step 4) Reboot

You will be prompted to reboot the LoadMaster. Please do so.

Step 5) Clear the browser cache

After patching, if there are any problems using the WUI, please clear the browser cache and restart the browser.

Step 6) Repeat the process for the partner unit (if applicable)

LoadMaster Highly Available (HA) pairs require each unit be patched separately. Following this process will achieve the least amount of down time since once one fail-over is required. The overall process is as follows:

  • Patch the Standby unit via the individual IP address.
  • Reboot the upgraded unit.
  • Check to ensure the patched unit is back online (try to access the LoadMaster administrative IP address, which usually the eth0 IP address).
  • Now the patch the active unit.
  • Reboot the upgraded unit.

L7: Real Server Connect attempt failed (x.x.x.x:p->y.y.y.y:p)

This message indicates that the server was unreachable for client connections even though the healthcheck is passing. This can be due to several factors. Most likely the healthcheck is not operating at a high enough level, the healthcheck considers the server up whereas in reality the server is not ready to accept connections. This can also happen if the server has just gone down and the healthcheck has not yet failed.

In a wildcard service, these messages mean that a connection to your wildcard service was attempted but was not able to connect because the real server rejected the request. This can happen when a client tries to access a service which does not exist on the real server; LoadMaster accepts the connection and attempts to forward it, but the server refuses it and thus LoadMaster closes the initial client connection. These are normal noise for a wildcard service.