HA Sync issues



  • I am trying to set up sync with my backup firewall. But doesnt want to sync.

    Initializing
    Creating aliases
    Creating gateway group item...
    Generating Limiter rules
    Generating NAT rules
    Creating 1:1 rules...
    Creating outbound NAT rules
    Creating automatic outbound rules
    Setting up TFTP helper
    Generating filter rules
    Creating default rules
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching External Management of Device...
    Creating filter rule External Management of Device ...
    Creating filter rules External Management of Device ...
    Setting up pass/block rules
    Setting up pass/block rules External Management of Device
    Creating rule External Management of Device
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching ...
    Creating filter rule ...
    Creating filter rules ...
    Setting up pass/block rules
    Setting up pass/block rules
    Creating rule
    Pre-caching Allow VPN network to reach HMI network...
    Creating filter rule Allow VPN network to reach HMI network ...
    Creating filter rules Allow VPN network to reach HMI network ...
    Setting up pass/block rules
    Setting up pass/block rules Allow VPN network to reach HMI network
    Creating rule Allow VPN network to reach HMI network
    Pre-caching ICMP for Diagnostics...
    Creating filter rule ICMP for Diagnostics ...
    Creating filter rules ICMP for Diagnostics ...
    Setting up pass/block rules
    Setting up pass/block rules ICMP for Diagnostics
    Creating rule ICMP for Diagnostics
    Pre-caching Allow State Synchonization...
    Creating filter rule Allow State Synchonization ...
    Creating filter rules Allow State Synchonization ...
    Setting up pass/block rules
    Setting up pass/block rules Allow State Synchonization
    Creating rule Allow State Synchonization
    Pre-caching Allow Configuration Synchronization...
    Creating filter rule Allow Configuration Synchronization ...
    Creating filter rules Allow Configuration Synchronization ...
    Setting up pass/block rules
    Setting up pass/block rules Allow Configuration Synchronization
    Creating rule Allow Configuration Synchronization
    Creating IPsec rules...
    Creating uPNP rules...
    Generating ALTQ queues
    Loading filter rules
    Setting up logging information
    Setting up SCRUB information
    Processing down interface states
    Running plugins
    Done
    Building high availability sync information
    The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!

    System logs show:
    Oct 15 12:57:09 php-fpm 1191 /rc.filter_synchronize: New alert found: Exception calling XMLRPC method host_firmware_version #-2 : Authentication failed: not enough privileges
    Oct 15 12:57:09 php-fpm 1191 /rc.filter_synchronize: XMLRPC versioncheck: -- 18.8
    Oct 15 12:57:09 php-fpm 1191 /rc.filter_synchronize: The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!

    I can at least ping from back and forth between sync IPs and port 443 seems to be good in port testing. Sync firewall rules set up. I had initially accidentally set the username password on the backup sync devices HA Sync section but i then removed it.


  • Rebel Alliance Developer Netgate

    Are both firewalls running 2.4.4?
    Any errors in the logs on the secondary node?



  • Hi. No errors in the secondary node. I upgraded both firewalls to 2.4.4 beforehand since i heard there were sync issue with previous versions.


  • Rebel Alliance Developer Netgate

    Do you have anything setup that might be intercepting or taking the port 443 request? (port forward, nat reflection, proxy of some kind)



  • NATs and proxy are not set up. Im curious why it would say 'Authentication failed: not enough privileges'. I created a user account that has admin priveleges which has all access: WebCfg - All pages Allow access to all pages (admin privilege).
    Just for fun i also manually added the privilege:
    System - HA node sync Allow access to authenticate this user for HA sync via XMLRPC



  • So i glazed over the instruction which say 'no other user will work except admin'. Well i changed it to the admin user in the HA sync settings and it works now.


  • Rebel Alliance Developer Netgate

    You can use another user so long as it exists on both systems with the same privileges.

    Did you maybe only make that user on the secondary? If so, then the first time it synchronized it would work then after it would fail because the users from the primary overwrote it. If you make a sync user now with the right permissions -- make it on the primary -- then it will sync over, and then once it's on both nodes you can switch the sync process over to use it.



  • Yea im not sure, coulda swore i set them the same on both. I went ahead and changed the user back to the one i wanted on the primary node. Did a force sync and it works now...heh. hey it works. Thanks for the help!!