Im trying to troubleshoot what happen that HA isnt synced. I did try debug commands but no luck :)
Please suggest where to search for solution. Below example logs:
FW600D-RZ-0~ $ dia system ha sync-config get-status
The sync config status is enable.
|
|
diag system ha status
HA information
Model=FortiWeb-600D 7.07,build0151(GA),230519, Mode=active-passive Group=2
|
|
HA group member information: is_manage_master=1.
LocalSN: FV600DXXX
MasterSN: FV600DXXX
FV600D3XXX: Primary, 3, 0, 50617820, 47648191, FW600D-RZ-01
FV600D3XXX: Secondary, 4, 0, 50606741, 47638346, FW600D-VWG-02
|
|
diag system ha confd_status
HA information
Model=FortiWeb-600D 7.07,build0151(GA),230519, Mode=active-passive Group=2
HA group member information: is_manage_master=1. cfg_state:Not sync
LocalSN: FV600D3XXXX confd
member cnt: 2
msg_queue:0 file_queue:0 md5_rep_ignore:0 do_md5sum:242
FV600D3XXXX: Primary
pending:0 update:0 time:0 sync:0 cfg_state:Not sync
SYS: 4159F01630575F9FDF120EDB1EC3638B
CLI: 7853F4D9511E41F8A8EB471011D431EC
FV600D3XXXX: Secondary
pending:15190758 update:15190758 time:14703206 sync:3 cfg_state:Not sync
SYS: EA37493ACD179F1BE010EEE407335714
CLI: 7853F4D9511E41F8A8EB471011D431EC
Solved! Go to Solution.
PROBLEM SOLVED.
It TURNS OUT THAT THE DISK LOG HAD A FAILURE. SO WE HAD TO REPLACE IT, SYNC AGAIN AND NOW Its ALL FINE. :)
Hi @romank ,
Have you tried removing the HA config and try to configure again ? Does it sync ?
Here you have more information on how to troubleshoot HA issues :
https://docs.fortinet.com/document/fortiweb/7.2.3/troubleshooting-guide/182034/ha-trouble-shooting
Interesting is that, on the backup peer all is "SUCCESS" but on primary only those seems to be bad.
FW600D-RZ-0~ # dia system ha sync-stat
Image SUCCESS
Config SUCCESS
System SUCCESS
CLI SUCCESS
Signature SUCCESS
GeoDB SUCCESS
AV SEND_TIMEOUT
IpReputation SEND_TIMEOUT
HarvestCredentials SUCCESS
Tsl-ca SUCCESS
Perhaps reboot can resolve.
If i was in your position i was going to delete the HA config and re configure and see the status.
Created on 12-15-2023 03:03 AM Edited on 12-15-2023 03:05 AM
Im trying to avoid such solution for now. Why? I did reboot Secondary peer, and now it stays in "INIT" mode ;p
Is it break sth (except HA) if im gonna break it? cuz then i'll have to login on each deavice and config HA, true?
There is a dedicated cli command to disconnect from HA.
You can troubleshoot the HA with these commands :
https://docs.fortinet.com/document/fortiweb/7.2.3/troubleshooting-guide/182034/ha-trouble-shooting
I believe Yes, it will break only HA normally, and then you will need to reconfigure again on each node.
PROBLEM SOLVED.
It TURNS OUT THAT THE DISK LOG HAD A FAILURE. SO WE HAD TO REPLACE IT, SYNC AGAIN AND NOW Its ALL FINE. :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.