Hi all, new to this world after a decade of supporting and managing Sonicwalls. Done a few smaller setups of Fortigate 60E's, but this is my first big one, setting up a new HA pair of 400E's in active/passive setup. I updated firmware on both devices to FortiOS v6.4.1 build1637 (GA) and am now repeatedly getting this error in the console of the master unit, whenever the secondary unit is online. The error does not appear in the console of the secondary unit.
get_ha_sync_obj_sig_4dir: stat /etc/cert/ca/988a38cb.0 error 2
get_ha_sync_obj_sig_4dir: stat /etc/cert/ca/5c44d531.0 error 2
get_ha_sync_obj_sig_4dir: stat /etc/cert/ca/157753a5.0 error 2
HA status in the GUI looks normal.
Can you please help me work through how to troubleshoot and resolve this issue? I'm struggling to find a command that lets me see what these certificates are, or what "error 2" is. I haven't loaded any of my own certificates yet.
Thanks in advance for your help!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
same Problem here with ticket Number: 4105192
tried in different ways, always with the same result -.-
because nobody of the support team could really help me i have solved the problem "qiuck & dirty". Compare Backup of Master & slave FGT. Change the Master Backup to restore to slave FGT. the following must be changed: hostname ha device priority
I was seeing them as well on multiple clusters. I was just preparing to update one of the clusters to 6.4.2 and saw this in the console:
get_ha_sync_obj_sig_4dir: stat /etc/cert/ca/988a38cb.0 error 2 get_ha_sync_obj_sig_4dir: stat /etc/cert/ca/5c44d531.0 error 2 get_ha_sync_obj_sig_4dir: stat /etc/cert/ca/157753a5.0 error 2 get_ha_sync_obj_sig_4dir: stat /etc/cert/ca/def36a68.0 error 2 get_ha_sync_obj_sig_4dir: stat /etc/cert/ca/c0ff1f52.0 error 2 get_ha_sync_obj_sig_4dir: stat /etc/cert/ca/988a38cb.0 error 2
but after the upgrade, I saw this on the console of the original master just after it came online after the reboot.
get_ha_sync_obj_sig_4dir delete broken symbolic link /etc/cert/ca/988a38cb.0 --> /etc/cert/ca/root_NetLock_Arany_(Class_Gold)_Főtanúsítvány.cer get_ha_sync_obj_sig_4dir delete broken symbolic link /etc/cert/ca/5c44d531.0 --> /etc/cert/ca/root_Staat_der_Nederlanden_Root_CA_-_G2.cer get_ha_sync_obj_sig_4dir delete broken symbolic link /etc/cert/ca/157753a5.0 --> /etc/cert/ca/root_AddTrust_External_Root.cer
I have been debugging/watching the console, no more errors. Maybe they added a root cert cleanup? I have not scrubbed the full release notes but...
Bug was solved on version 6.4.2
https://docs.fortinet.com/document/fortigate/6.4.2/fortios-release-notes/289806/resolved-issues
Check under HA bus number 639307
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.