Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Milan_Bako
New Contributor

HA reboot multiple times in 1 hour

Hi,

 

I have 2 Forigate 60C units and I want them in HA a-p mode.

The first I have configured and works fine.

I have connected the second directly to the first using only the HA interface (DMZ). (No other interface are connected.)

I have on both Fortigate unit 5.2.2 firmware, same interface setup ((global) # set internal-switch-mode interface)

and the same HA config on both unit:

 

show system ha config system ha set group-name "HOBTest" set mode a-p set password ENC R/27bBHCCVlLRW8ZFzlGrRR4jBP9FzdWywbliO3NRKGIwDFAuupADl29j2juX+0hS7LI7TKBGKrlluViL6JsDD1cNqRu+sYwYao0F0y2v3mY9Xk31cT/x8tVkiEAQtT689YmzMkZMiL/MoPjNnHT2dR9LBLKCITeDperpLQAGvidhLHFmmfTOp4fEDmQbYRvwhAGMg== set hbdev "dmz" 100 set override disable

set priority 120                 /// this value is 130 at the primary unit set monitor "internal5" "wan1" end

 

After an hour of waiting and about 20 times reboot I decided to post this for you, maybe you can give me some help.

 

The next log repeats itselfs continously:

 

System is starting...

FGT60C3G13027938 login: 00000.519 cw_acd: can not find board mac from interfaces: (internal, port1, internal). Using DFLT MAC. slave's external files are not in sync with master, sequence:0. (type CERT_LOCAL) slave's external files are not in sync with master, sequence:1. (type CERT_LOCAL) slave's external files are not in sync with master, sequence:2. (type CERT_LOCAL) slave's external files are not in sync with master, sequence:3. (type CERT_LOCAL) slave's external files are not in sync with master, sequence:4. (type CERT_LOCAL) slave succeeded to sync external files with master slave's configuration is not in sync with master's, sequence:0 slave's configuration is not in sync with master's, sequence:1 slave's configuration is not in sync with master's, sequence:2 slave's configuration is not in sync with master's, sequence:3 slave's configuration is not in sync with master's, sequence:4 slave starts to sync with master logout all admin users

The system Please stand by while rebooting the system. Restarting system. ▒

FortiGate-60C (19:55-03.18.2013) Ver:04000031 Serial number: FGT60C3G13027938 CPU(00): 525MHz Total RAM: 1GB Initializing boot device... Initializing MAC... nplite#0 Press any key to display configuration menu...... Reading boot image... 1123233 bytes. Initializing firewall...

System is starting...

FGT60C3G13027938 login: 00000.705 cw_acd: can not find board mac from interfaces: (internal, port1, internal). Using DFLT MAC. slave's external files are not in sync with master, sequence:0. (type CERT_LOCAL) slave's external files are not in sync with master, sequence:1. (type CERT_LOCAL) slave's external files are not in sync with master, sequence:2. (type CERT_LOCAL) slave's external files are not in sync with master, sequence:3. (type CERT_LOCAL) slave's external files are not in sync with master, sequence:4. (type CERT_LOCAL) slave succeeded to sync external files with master slave's configuration is not in sync with master's, sequence:0 slave's configuration is not in sync with master's, sequence:1 slave's configuration is not in sync with master's, sequence:2 slave's configuration is not in sync with master's, sequence:3 slave's configuration is not in sync with master's, sequence:4 slave starts to sync with master logout all admin users

The system Please stand by while rebooting the system. Restarting system.

 

Thank you in advance for any help.

Milan

 

 

5 REPLIES 5
ede_pfau
SuperUser
SuperUser

hi,

 

I've seen this kind of trouble recently with a 60D running v5.2.2 as well. Somehow there are remnants of the old config still in the new, internal-ports-are-separate config. The names 'internal' and 'port1' should not be in use - only 'internal1' to 'internal5' and 'wan1', 'wan2', 'dmz'.

Could you look through both config files (after backing up) to see if all interface definitions look correct? That is, 'type=physical' and not '=switch' or such. And that the rest of the config has been translated correctly.

 

I was a bit puzzled that you wrote that the configs were identical, they should not be. At least hostname, HA priority and HA override are independent of each other.

 

What you could try as well is to factory reset the slave, put in the bare necessary HA information and connect it to the master. Of course then the config is out of sync, the unit should be configured and rebooted automatically.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Adrian_Buckley_FTNT

slave's external files are not in sync with master, sequence:4. (type CERT_LOCAL)

This message refers to the FortiGuard update files (AV, IPS, etc).

slave's configuration is not in sync with master's, sequence:0

This refers to the configuration itself, obviously

 

Ede has some good suggestions, if those don't work i'd suggest wiping the slave entirly and reloading the firmware (maybe going to far as TFTP.

 

 

Fullmoon

reset the slave unit (do not restore the primary config to slave unit). highly recommended change the hostname of each devices (PrimarySerial,SecondarySerial), configure the HA settings of slave unit, once physical connection properly connected, power up first the master followed by slave then just wait for a few minutes so that slave  unit would sync to master unit

Fortigate Newbie

Fortigate Newbie
Fullmoon

reset the slave unit (do not restore the primary config to slave unit). highly recommended change the hostname of each devices (PrimarySerial,SecondarySerial), configure the HA settings of slave unit, once physical connection properly connected, power up first the master followed by slave then just wait for a few minutes so that slave  unit would sync to master unit

Fortigate Newbie

Fortigate Newbie
Milan_Bako
New Contributor

Hi,

 

I have tried what you have said and made a factory reset on secondary unit.

After that configured only the HA (with lower priority) and the internals to interface mode.

 

I have connected after that the two units via the HA interface and suddenly the primary restarted itself and the secondary became the master. So I have checked the console of the rebooted master which did the same sh1t then the other unit yesterday. Restarting restarting restarting...

 

Then I have decided to take out the HA interface and from the original primary unit copied the config to my PC.

Then I did a factory reset here too and configured the HA and internals to interface mode.

 

Connected the HA and surprise it works.

Then copied the original config to the master and sync with the secondary and still works...

Have no idea what was the problem but I wrote down here a "solution". (In test enviorment its ok but it should work in normal cases too.)

 

Thank you again for the replies.

 

Bests,

Milan

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors