• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HA Sync Errors and Documentation Unclear

Scheduled Pinned Locked Moved HA/CARP/VIPs
1 Posts 1 Posters 771 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    boomi
    last edited by Nov 27, 2021, 3:31 PM

    I've resolved my issue but wanted to clarify a few questions, if only for future reference in case someone else does the same thing. Both firewalls are on whatever 2.5.2-RELEASE I was able to download yesterday.

    1- Can you not use link local 169.254.0.0/16 for the sync interface? I picked 169.254.55.0/30, and prior to changing this to a different subnet (10.10.55.0/24), I repeatedly got the following:

    Nov 27 09:46:11 fw1-a php-fpm[336]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://169.254.55.2:443/xmlrpc.php.
    Nov 27 09:46:21 fw1-a php-fpm[336]: /rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
    Nov 27 09:46:21 fw1-a php-fpm[336]: /rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
    Nov 27 09:46:21 fw1-a php-fpm[336]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://169.254.55.2:443/xmlrpc.php.
    Nov 27 09:46:32 fw1-a php-fpm[336]: /rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
    Nov 27 09:46:32 fw1-a php-fpm[336]: /rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
    Nov 27 09:46:32 fw1-a php-fpm[336]: /rc.filter_synchronize: XMLRPC versioncheck:  -- 21.7
    Nov 27 09:46:32 fw1-a php-fpm[336]: /rc.filter_synchronize: The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!
    

    A packet capture did show bidirectional traffic. There's nothing in between the firewalls, they're just two VM's on an ESXi host at home.

    2 - Does the default 'admin' have rights that are not itemized on the user manager page? I clearly (now) see and understand the comment in the guide stating "This must be admin, or the same user on both nodes with the “System - HA node sync” privilege".

    What's surprising is that when I created my 'fwsyncuser' and assigned it to the 'admins' group, it does NOT have the same rights as 'admin'. I had to manually assign the 'System - HA node sync' privilege. I don't think it was unreasonable to assume that mimicking the group membership of the admin user would grant the same privileges. I would like the guide to specifically state that I have to manually make this assignment.

    Without the sync privilege, I got the following, which is expected:

    Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://10.10.55.3:443/xmlrpc.php.
    Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: Exception calling XMLRPC method host_firmware_version #-2 : Authentication failed: not enough privileges
    Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: New alert found: Exception calling XMLRPC method host_firmware_version #-2 : Authentication failed: not enough privileges
    Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://10.10.55.3:443/xmlrpc.php.
    Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: Exception calling XMLRPC method host_firmware_version #-2 : Authentication failed: not enough privileges
    Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: New alert found: Exception calling XMLRPC method host_firmware_version #-2 : Authentication failed: not enough privileges
    Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: XMLRPC versioncheck:  -- 21.7
    Nov 27 10:05:52 fw1-a php-fpm[337]: /rc.filter_synchronize: The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!
    
    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received