1. Break High Availability from GUI by clearing the VIP (if it is in place) and secondary Node Information:
   
   

2. Factory reset Secondary Node (it will delete all settings and data on the node this is executed at):

execute factoryreset all-setting

3. Rebuild the High Availability and the following error is displayed:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:gUhJsXoJ4kOwa0H7O6VLygp0yh45o5nMMl85ZXPBp4o.
Please contact your system administrator.
Add correct host key in /home/root/.ssh/known_hosts to get rid of this message.
Offending ED25519 key in /home/root/.ssh/known_hosts:6
Host key for 192.168.40.121 has changed and you have requested strict checking.
Host key verification failed.
SSH key verification failed from 192.168.40.120 to 192.168.40.121. Verify that the SSH key for 192.168.40.120 is configured on 192.168.40.121.

Solution:

On FortiNAC v7.2.6, v7.2.7:

execute ssh-known-hosts remove-host ha <secondary-NAC-IP>
execute ssh-known-hosts add ha admin <secondary-NAC-IP>
execute ssh-known-hosts show ha

On FortiNAC version 7.4.0 and above:

execute ssh-known-hosts show current-user <secondary-NAC-IP>

execute ssh-known-hosts remove-host current-user <secondary-NAC-IP>

Note: On FortiNAC v7.2.5 and lower, change the IP of the Secondary Node or upgrade to FortiNAC v7.2.6 or greater.