FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
This article describes the typical circumstances behind the 'HA Role Change'.
Scope
FortiAuthenticator.
Solution
Event ID 40000 describes that the FortiAuthenticator detected its HA Role had changed.
This event ID will only show the HA Role of the local device, which simply means all cluster members can possibly have different log outputs for this event ID. This event ID also can show the cluster size via the field 'cluster size'.
The sample system event message(s) will be looked like below:
On FortiAuthenticator (Primary) which had changed its role to 'Secondary':
date=2025-04-18 time=11:55:01+0000 oid=444666 logid=40000 cat="Event" subcat="High Availability" level="information" nas="" action="" status="" msg="The device is now the HA Secondary (cluster size = 2)" user=""
On FortiAuthenticator (Secondary) which had changed its role to 'Primary':
date=2025-05-28 time=11:55:01+0000 oid=333777 logid=40000 cat="Event" subcat="High Availability" level="information" nas="" action="" status="" msg="The device is now the HA Primary (cluster size = 2)" user=""
Reasons to check HA role:
To ensure the correct role assignment of the FortiAuthenticator and select the active node to handle authentication requests.
For easier diagnosis which helps to narrow down the problematic nodes. This will be upon request from TAC support if required.
