Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA Sync Errors and Documentation Unclear

    HA/CARP/VIPs
    1
    1
    771
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      boomi
      last edited by

      I've resolved my issue but wanted to clarify a few questions, if only for future reference in case someone else does the same thing. Both firewalls are on whatever 2.5.2-RELEASE I was able to download yesterday.

      1- Can you not use link local 169.254.0.0/16 for the sync interface? I picked 169.254.55.0/30, and prior to changing this to a different subnet (10.10.55.0/24), I repeatedly got the following:

      Nov 27 09:46:11 fw1-a php-fpm[336]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://169.254.55.2:443/xmlrpc.php.
      Nov 27 09:46:21 fw1-a php-fpm[336]: /rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
      Nov 27 09:46:21 fw1-a php-fpm[336]: /rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
      Nov 27 09:46:21 fw1-a php-fpm[336]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://169.254.55.2:443/xmlrpc.php.
      Nov 27 09:46:32 fw1-a php-fpm[336]: /rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
      Nov 27 09:46:32 fw1-a php-fpm[336]: /rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
      Nov 27 09:46:32 fw1-a php-fpm[336]: /rc.filter_synchronize: XMLRPC versioncheck:  -- 21.7
      Nov 27 09:46:32 fw1-a php-fpm[336]: /rc.filter_synchronize: The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!
      

      A packet capture did show bidirectional traffic. There's nothing in between the firewalls, they're just two VM's on an ESXi host at home.

      2 - Does the default 'admin' have rights that are not itemized on the user manager page? I clearly (now) see and understand the comment in the guide stating "This must be admin, or the same user on both nodes with the “System - HA node sync” privilege".

      What's surprising is that when I created my 'fwsyncuser' and assigned it to the 'admins' group, it does NOT have the same rights as 'admin'. I had to manually assign the 'System - HA node sync' privilege. I don't think it was unreasonable to assume that mimicking the group membership of the admin user would grant the same privileges. I would like the guide to specifically state that I have to manually make this assignment.

      Without the sync privilege, I got the following, which is expected:

      Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://10.10.55.3:443/xmlrpc.php.
      Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: Exception calling XMLRPC method host_firmware_version #-2 : Authentication failed: not enough privileges
      Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: New alert found: Exception calling XMLRPC method host_firmware_version #-2 : Authentication failed: not enough privileges
      Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://10.10.55.3:443/xmlrpc.php.
      Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: Exception calling XMLRPC method host_firmware_version #-2 : Authentication failed: not enough privileges
      Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: New alert found: Exception calling XMLRPC method host_firmware_version #-2 : Authentication failed: not enough privileges
      Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: XMLRPC versioncheck:  -- 21.7
      Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.