HA Sync issues
-
I am trying to set up sync with my backup firewall. But doesnt want to sync.
Initializing
Creating aliases
Creating gateway group item...
Generating Limiter rules
Generating NAT rules
Creating 1:1 rules...
Creating outbound NAT rules
Creating automatic outbound rules
Setting up TFTP helper
Generating filter rules
Creating default rules
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching External Management of Device...
Creating filter rule External Management of Device ...
Creating filter rules External Management of Device ...
Setting up pass/block rules
Setting up pass/block rules External Management of Device
Creating rule External Management of Device
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching ...
Creating filter rule ...
Creating filter rules ...
Setting up pass/block rules
Setting up pass/block rules
Creating rule
Pre-caching Allow VPN network to reach HMI network...
Creating filter rule Allow VPN network to reach HMI network ...
Creating filter rules Allow VPN network to reach HMI network ...
Setting up pass/block rules
Setting up pass/block rules Allow VPN network to reach HMI network
Creating rule Allow VPN network to reach HMI network
Pre-caching ICMP for Diagnostics...
Creating filter rule ICMP for Diagnostics ...
Creating filter rules ICMP for Diagnostics ...
Setting up pass/block rules
Setting up pass/block rules ICMP for Diagnostics
Creating rule ICMP for Diagnostics
Pre-caching Allow State Synchonization...
Creating filter rule Allow State Synchonization ...
Creating filter rules Allow State Synchonization ...
Setting up pass/block rules
Setting up pass/block rules Allow State Synchonization
Creating rule Allow State Synchonization
Pre-caching Allow Configuration Synchronization...
Creating filter rule Allow Configuration Synchronization ...
Creating filter rules Allow Configuration Synchronization ...
Setting up pass/block rules
Setting up pass/block rules Allow Configuration Synchronization
Creating rule Allow Configuration Synchronization
Creating IPsec rules...
Creating uPNP rules...
Generating ALTQ queues
Loading filter rules
Setting up logging information
Setting up SCRUB information
Processing down interface states
Running plugins
Done
Building high availability sync information
The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!System logs show:
Oct 15 12:57:09 php-fpm 1191 /rc.filter_synchronize: New alert found: Exception calling XMLRPC method host_firmware_version #-2 : Authentication failed: not enough privileges
Oct 15 12:57:09 php-fpm 1191 /rc.filter_synchronize: XMLRPC versioncheck: -- 18.8
Oct 15 12:57:09 php-fpm 1191 /rc.filter_synchronize: The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!I can at least ping from back and forth between sync IPs and port 443 seems to be good in port testing. Sync firewall rules set up. I had initially accidentally set the username password on the backup sync devices HA Sync section but i then removed it.
-
Are both firewalls running 2.4.4?
Any errors in the logs on the secondary node? -
Hi. No errors in the secondary node. I upgraded both firewalls to 2.4.4 beforehand since i heard there were sync issue with previous versions.
-
Do you have anything setup that might be intercepting or taking the port 443 request? (port forward, nat reflection, proxy of some kind)
-
NATs and proxy are not set up. Im curious why it would say 'Authentication failed: not enough privileges'. I created a user account that has admin priveleges which has all access: WebCfg - All pages Allow access to all pages (admin privilege).
Just for fun i also manually added the privilege:
System - HA node sync Allow access to authenticate this user for HA sync via XMLRPC -
So i glazed over the instruction which say 'no other user will work except admin'. Well i changed it to the admin user in the HA sync settings and it works now.
-
You can use another user so long as it exists on both systems with the same privileges.
Did you maybe only make that user on the secondary? If so, then the first time it synchronized it would work then after it would fail because the users from the primary overwrote it. If you make a sync user now with the right permissions -- make it on the primary -- then it will sync over, and then once it's on both nodes you can switch the sync process over to use it.
-
Yea im not sure, coulda swore i set them the same on both. I went ahead and changed the user back to the one i wanted on the primary node. Did a force sync and it works now...heh. hey it works. Thanks for the help!!
