Technical Note: HA synchronization and admin account
Description
Scope
Solution
When two units form a cluster, it is not possible to change or delete the “admin” account. Any attempt to do this will create a synchronization issue and the HA system.admin checksums will not match.
Scope
FortiOS v4.3 and above.
Solution
It is not recommended to delete or rename admin account.
However, if this must be done, the change should be made on the master first, and then connect to the slave on console and make the same change.
However, if this must be done, the change should be made on the master first, and then connect to the slave on console and make the same change.
fw-cluster-ha1 (global) # config system admin
fw-cluster-ha1 (admin) # delete admin
Cannot delete super admin 'admin'!
command_cli_delete:5271 delete table entry admin unset oper error ret=-37
Command fail. Return code -37
fw-cluster-ha1 (admin) # rename admin to wex
fw-cluster-ha1 (admin) # delete wex