Description

This article explains the steps to take if the primary server fails over to the secondary due to a health check failure of the 'radiusd' service.

Scope

FortiNAC-F: 7.2.8.

Solution

After upgrading to version 7.2.8, if the primary server repeatedly fails over to the secondary due to a health check failure of the 'radiusd' service, despite the service being "Active" and running, the following workaround can be applied to prevent the failover process.

Steps to be taken:

• Check the output.processManager logs and confirm if the below is found in the logs:

• Check the status of the 'radiusd' service. It should be running:

• Now, there are 2 options that can be used to stop the primary server from failing over to the secondary.

First option:

• Navigate to FortiNAC_F GUI -> Network -> RADIUS -> Require Message-Authenticator Field -> If it is set to 'Enabled', set it to 'Auto'.
• Check the output.processManager logs again and wait for sometime to see if the logs again show signs for a failover or the logs look good. If the Primary is not failing over to the secondary after changing the 'Message Authenticator' field, there is no need to use the Second Option.
• If the logs still show signs of a failover due to 'radiusd' service failure, use the second option.

Second Option: 

• Run the following command to disable the health check for the 'radiusd' service, which should not cause a failover.

 globaloptiontool -name highAvail.radiusCheckEnabled -set false

• Check the logs again and this should fix the failover issue.