Skip to main content
darisandy
Staff
darisandy
Staff
February 9, 2026

Troubleshooting Tip: FortiAuthenticator Load Balancer Active-Active is not working during a failover

  • February 9, 2026
  • 0 replies
  • 141 views
Description This article describes how to troubleshoot during a failed failover on FortiAuthenticator with Load Balancer Active-Active mode.
Scope FortiAuthenticator.
Solution

Not all settings are synchronized when Load Balancer Active-Active is deployed.

 

image.png

 

So any basic required settings for each node need to be properly configured first.

 

Troubleshooting tools:

  1. Packet capture, to see if there's actually an incoming authentication request into the Secondary node.
  2. FortiAuthenticator debug page to check the HA sync and authentication process:

 

https://<FortiAuthenticator IP Address>/debug/ 

 

Things that may be worth checking:

  1. Interface feature setting: Network -> Interface -> Select the Interface name -> Services options.
  2. Remote Authentication Server.
    If required, both nodes need to join the same Active Directory domain.
  3. Shared key for the RADIUS Client.

 

Make sure both nodes' keys are the same as what is configured on the RADIUS Client.

 

Related article:

Technical Tip: How to configure FortiAuthenticator load-balancing cluster
    Terms & ConditionsAccessibility statement