- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiWeb HA - cfg_state:Not sync
Im trying to troubleshoot what happen that HA isnt synced. I did try debug commands but no luck :)
Please suggest where to search for solution. Below example logs:
FW600D-RZ-0~ $ dia system ha sync-config get-status
The sync config status is enable.
|
|
diag system ha status
HA information
Model=FortiWeb-600D 7.07,build0151(GA),230519, Mode=active-passive Group=2
|
|
HA group member information: is_manage_master=1.
LocalSN: FV600DXXX
MasterSN: FV600DXXX
FV600D3XXX: Primary, 3, 0, 50617820, 47648191, FW600D-RZ-01
FV600D3XXX: Secondary, 4, 0, 50606741, 47638346, FW600D-VWG-02
|
|
diag system ha confd_status
HA information
Model=FortiWeb-600D 7.07,build0151(GA),230519, Mode=active-passive Group=2
HA group member information: is_manage_master=1. cfg_state:Not sync
LocalSN: FV600D3XXXX confd
member cnt: 2
msg_queue:0 file_queue:0 md5_rep_ignore:0 do_md5sum:242
FV600D3XXXX: Primary
pending:0 update:0 time:0 sync:0 cfg_state:Not sync
SYS: 4159F01630575F9FDF120EDB1EC3638B
CLI: 7853F4D9511E41F8A8EB471011D431EC
FV600D3XXXX: Secondary
pending:15190758 update:15190758 time:14703206 sync:3 cfg_state:Not sync
SYS: EA37493ACD179F1BE010EEE407335714
CLI: 7853F4D9511E41F8A8EB471011D431EC
Solved! Go to Solution.
- Labels:
-
FortiWeb
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PROBLEM SOLVED.
It TURNS OUT THAT THE DISK LOG HAD A FAILURE. SO WE HAD TO REPLACE IT, SYNC AGAIN AND NOW Its ALL FINE. :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @romank ,
Have you tried removing the HA config and try to configure again ? Does it sync ?
Here you have more information on how to troubleshoot HA issues :
https://docs.fortinet.com/document/fortiweb/7.2.3/troubleshooting-guide/182034/ha-trouble-shooting
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interesting is that, on the backup peer all is "SUCCESS" but on primary only those seems to be bad.
FW600D-RZ-0~ # dia system ha sync-stat
Image SUCCESS
Config SUCCESS
System SUCCESS
CLI SUCCESS
Signature SUCCESS
GeoDB SUCCESS
AV SEND_TIMEOUT
IpReputation SEND_TIMEOUT
HarvestCredentials SUCCESS
Tsl-ca SUCCESS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Perhaps reboot can resolve.
If i was in your position i was going to delete the HA config and re configure and see the status.
If you have found a solution, please like and accept it to make it easily accessible for others.
Created on 12-15-2023 03:03 AM Edited on 12-15-2023 03:05 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Im trying to avoid such solution for now. Why? I did reboot Secondary peer, and now it stays in "INIT" mode ;p
Is it break sth (except HA) if im gonna break it? cuz then i'll have to login on each deavice and config HA, true?
There is a dedicated cli command to disconnect from HA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can troubleshoot the HA with these commands :
https://docs.fortinet.com/document/fortiweb/7.2.3/troubleshooting-guide/182034/ha-trouble-shooting
I believe Yes, it will break only HA normally, and then you will need to reconfigure again on each node.
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PROBLEM SOLVED.
It TURNS OUT THAT THE DISK LOG HAD A FAILURE. SO WE HAD TO REPLACE IT, SYNC AGAIN AND NOW Its ALL FINE. :)