Here is what one of our team members said about your post:
"I can see how the ipsec psk change could cause issues. Once the MD receives a change and is still unable to connect to the MM, the rollback mechanism gets triggered.
Therefore we should go through the right steps to make the change.
If we are pushing the MDs change in masterip, the change should be done from each node device on the MM. Example:
‘(SLR-MM82) [00:50:56:ae:69:14] #’
Then make the change on the MM from the /mm folder or where we initially configured localip.
As far as the claim that in 8.2 the ipsec psk length changed to 8 characters or less, I have just tested with base 8.2 code, and I am able to configure an ipsec psk with 15 characters.
(SLR-MM82) [mynode] (config) #show running-config | include localip
Building Configuration...
localip 0.0.0.0 ipsec aruba123
localip 1.1.1.1 ipsec aruba1234567890
(SLR-MM82) [mynode] (config) #"