FortiWeb HA - cfg_state:Not sync

romank · ‎12-11-2023

Im trying to troubleshoot what happen that HA isnt synced. I did try debug commands but no luck :)

Please suggest where to search for solution. Below example logs:

FW600D-RZ-0~ $ dia system ha sync-config get-status
The sync config status is enable.
|
|
diag system ha status
HA information

Model=FortiWeb-600D 7.07,build0151(GA),230519, Mode=active-passive Group=2
|
|
HA group member information: is_manage_master=1.
LocalSN: FV600DXXX
MasterSN: FV600DXXX
FV600D3XXX: Primary, 3, 0, 50617820, 47648191, FW600D-RZ-01
FV600D3XXX: Secondary, 4, 0, 50606741, 47638346, FW600D-VWG-02
|
|
diag system ha confd_status
HA information

Model=FortiWeb-600D 7.07,build0151(GA),230519, Mode=active-passive Group=2

HA group member information: is_manage_master=1. cfg_state:Not sync
LocalSN: FV600D3XXXX confd
member cnt: 2
msg_queue:0 file_queue:0 md5_rep_ignore:0 do_md5sum:242
FV600D3XXXX: Primary
pending:0 update:0 time:0 sync:0 cfg_state:Not sync
SYS: 4159F01630575F9FDF120EDB1EC3638B
CLI: 7853F4D9511E41F8A8EB471011D431EC
FV600D3XXXX: Secondary
pending:15190758 update:15190758 time:14703206 sync:3 cfg_state:Not sync
SYS: EA37493ACD179F1BE010EEE407335714
CLI: 7853F4D9511E41F8A8EB471011D431EC

rkr

romank · ‎01-19-2024

PROBLEM SOLVED.

It TURNS OUT THAT THE DISK LOG HAD A FAILURE. SO WE HAD TO REPLACE IT, SYNC AGAIN AND NOW Its ALL FINE. :)

rkr

View solution in original post

dbu · ‎12-11-2023

Hi @romank ,
Have you tried removing the HA config and try to configure again ? Does it sync ?

Here you have more information on how to troubleshoot HA issues :

https://docs.fortinet.com/document/fortiweb/7.2.3/troubleshooting-guide/182034/ha-trouble-shooting

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

romank · ‎12-14-2023

Interesting is that, on the backup peer all is "SUCCESS" but on primary only those seems to be bad.

FW600D-RZ-0~ # dia system ha sync-stat
Image SUCCESS
Config SUCCESS
System SUCCESS
CLI SUCCESS
Signature SUCCESS
GeoDB SUCCESS
AV SEND_TIMEOUT
IpReputation SEND_TIMEOUT
HarvestCredentials SUCCESS
Tsl-ca SUCCESS

rkr

dbu · ‎12-14-2023

Perhaps reboot can resolve.

If i was in your position i was going to delete the HA config and re configure and see the status.

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

romank · ‎12-15-2023

Im trying to avoid such solution for now. Why? I did reboot Secondary peer, and now it stays in "INIT" mode ;p

Is it break sth (except HA) if im gonna break it? cuz then i'll have to login on each deavice and config HA, true?

There is a dedicated cli command to disconnect from HA.

rkr

dbu · ‎12-15-2023

You can troubleshoot the HA with these commands :

https://docs.fortinet.com/document/fortiweb/7.2.3/troubleshooting-guide/182034/ha-trouble-shooting

I believe Yes, it will break only HA normally, and then you will need to reconfigure again on each node.

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

romank · ‎01-19-2024

PROBLEM SOLVED.

It TURNS OUT THAT THE DISK LOG HAD A FAILURE. SO WE HAD TO REPLACE IT, SYNC AGAIN AND NOW Its ALL FINE. :)

rkr