Test case 3
Starting position:
-
Intermediate CA certificate Microsoft Azure TLS Issuing CA 06 installed on both FortiAnalyzer.
-
Deleted the Baltimore CA certificate.
-
Rebooted both FortiAnalyzer.
-
FAZHA001 is the primary.
-
FAZHA002 is the secondary.
-
lynx001 continuous ping targeting the VIP 10.0.10.10.
-----BEGIN CERTIFICATE-----
MIIF8zCCBNugAwIBAgIQAueRcfuAIek/4tmDg0xQwDANBgkqhkiG9w0BAQwFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0yMDA3MjkxMjMwMDBaFw0yNDA2MjcyMzU5NTlaMFkxCzAJBgNVBAYTAlVT
MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKjAoBgNVBAMTIU1pY3Jv
c29mdCBBenVyZSBUTFMgSXNzdWluZyBDQSAwNjCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBALVGARl56bx3KBUSGuPc4H5uoNFkFH4e7pvTCxRi4j/+z+Xb
wjEz+5CipDOqjx9/jWjskL5dk7PaQkzItidsAAnDCW1leZBOIi68Lff1bjTeZgMY
iwdRd3Y39b/lcGpiuP2d23W95YHkMMT8IlWosYIX0f4kYb62rphyfnAjYb/4Od99
ThnhlAxGtfvSbXcBVIKCYfZgqRvV+5lReUnd1aNjRYVzPOoifgSx2fRyy1+pO1Uz
aMMNnIOE71bVYW0A1hr19w7kOb0KkJXoALTDDj1ukUEDqQuBfBxReL5mXiu1O7WG
0vltg0VZ/SZzctBsdBlx1BkmWYBW261KZgBivrql5ELTKKd8qgtHcLQA5fl6JB0Q
gs5XDaWehN86Gps5JW8ArjGtjcWAIP+X8CQaWfaCnuRm6Bk/03PQWhgdi84qwA0s
sRfFJwHUPTNSnE8EiGVk2frt0u8PG1pwSQsFuNJfcYIHEv1vOzP7uEOuDydsmCjh
lxuoK2n5/2aVR3BMTu+p4+gl8alXoBycyLmj3J/PUgqD8SL5fTCUegGsdia/Sa60
N2oV7vQ17wjMN+LXa2rjj/b4ZlZgXVojDmAjDwIRdDUujQu0RVsJqFLMzSIHpp2C
Zp7mIoLrySay2YYBu7SiNwL95X6He2kS8eefBBHjzwW/9FxGqry57i71c2cDAgMB
AAGjggGtMIIBqTAdBgNVHQ4EFgQU1cFnOsKjnfR3UltZEjgp5lVou6UwHwYDVR0j
BBgwFoAUTiJUIBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMHYG
CCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu
Y29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln
aUNlcnRHbG9iYWxSb290RzIuY3J0MHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9j
cmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwN6A1oDOG
MWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5j
cmwwHQYDVR0gBBYwFDAIBgZngQwBAgEwCAYGZ4EMAQICMBAGCSsGAQQBgjcVAQQD
AgEAMA0GCSqGSIb3DQEBDAUAA4IBAQB2oWc93fB8esci/8esixj++N22meiGDjgF
+rA2LUK5IOQOgcUSTGKSqF9lYfAxPjrqPjDCUPHCURv+26ad5P/BYtXtbmtxJWu+
cS5BhMDPPeG3oPZwXRHBJFAkY4O4AF7RIAAUW6EzDflUoDHKv83zOiPfYGcpHc9s
kxAInCedk7QSgXvMARjjOqdakor21DTmNIUotxo8kHv5hwRlGhBJwps6fEVi1Bt0
trpM/3wYxlr473WSPUFZPgP1j519kLpWOJ8z09wxay+Br29irPcBYv0GMXlHqThy
8y4m/HyTQeI2IMvMrQnwqPpY+rLIXyviI2vLoI+4xKE4Rn38ZZ8m
-----END CERTIFICATE-----
openssl x509 -inform der -in ~/Downloads/Microsoft\ Azure\ TLS\ Issuing\ CA\ 06.cer -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
xxxxxxx
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
Validity
Not Before: Jul 29 12:30:00 2020 GMT
Not After : Jun 27 23:59:59 2024 GMT
Subject: C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS
Issuing CA 06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b5:46:01:19:79:e9:bc:77:28:15:12:1a:e3:dc:
e0:7e:6e:a0:d1:64:14:7e:1e:ee:9b:d3:0b:14:62:
e2:3f:fe:cf:e5:db:c2:31:33:fb:90:a2:a4:33:aa:
8f:1f:7f:8d:68:ec:90:be:5d:93:b3:da:42:4c:c8:
b6:27:6c:00:09:c3:09:6d:65:79:90:4e:22:2e:bc:
2d:f7:f5:6e:34:de:66:03:18:8b:07:51:77:76:37:
f5:bf:e5:70:6a:62:b8:fd:9d:db:75:bd:e5:81:e4:
30:c4:fc:22:55:a8:b1:82:17:d1:fe:24:61:be:b6:
ae:98:72:7e:70:23:61:bf:f8:39:df:7d:4e:19:e1:
94:0c:46:b5:fb:d2:6d:77:01:54:82:82:61:f6:60:
a9:1b:d5:fb:99:51:79:49:dd:d5:a3:63:45:85:73:
3c:ea:22:7e:04:b1:d9:f4:72:cb:5f:a9:3b:55:33:
68:c3:0d:9c:83:84:ef:56:d5:61:6d:00:d6:1a:f5:
f7:0e:e4:39:bd:0a:90:95:e8:00:b4:c3:0e:3d:6e:
91:41:03:a9:0b:81:7c:1c:51:78:be:66:5e:2b:b5:
3b:b5:86:d2:f9:6d:83:45:59:fd:26:73:72:d0:6c:
74:19:71:d4:19:26:59:80:56:db:ad:4a:66:00:62:
be:ba:a5:e4:42:d3:28:a7:7c:aa:0b:47:70:b4:00:
e5:f9:7a:24:1d:10:82:ce:57:0d:a5:9e:84:df:3a:
1a:9b:39:25:6f:00:ae:31:ad:8d:c5:80:20:ff:97:
f0:24:1a:59:f6:82:9e:e4:66:e8:19:3f:d3:73:d0:
5a:18:1d:8b:ce:2a:c0:0d:2c:b1:17:c5:27:01:d4:
3d:33:52:9c:4f:04:88:65:64:d9:fa:ed:d2:ef:0f:
1b:5a:70:49:0b:05:b8:d2:5f:71:82:07:12:fd:6f:
3b:33:fb:b8:43:ae:0f:27:6c:98:28:e1:97:1b:a8:
2b:69:f9:ff:66:95:47:70:4c:4e:ef:a9:e3:e8:25:
f1:a9:57:a0:1c:9c:c8:b9:a3:dc:9f:cf:52:0a:83:
f1:22:f9:7d:30:94:7a:01:ac:76:26:bf:49:ae:b4:
37:6a:15:ee:f4:35:ef:08:cc:37:e2:d7:6b:6a:e3:
8f:f6:f8:66:56:60:5d:5a:23:0e:60:23:0f:02:11:
74:35:2e:8d:0b:b4:45:5b:09:a8:52:cc:cd:22:07:
a6:9d:82:66:9e:e6:22:82:eb:c9:26:b2:d9:86:01:
bb:b4:a2:37:02:fd:e5:7e:87:7b:69:12:f1:e7:9f:
04:11:e3:cf:05:bf:f4:5c:46:aa:bc:b9:ee:2e:f5:
73:67:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:C1:67:3A:C2:A3:9D:F4:77:52:5B:59:12:38:29:E6:55:68:BB:A5
X509v3 Authority Key Identifier:
keyid:4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers -
URI:http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertGlobalRootG2.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertGlobalRootG2.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 2.23.140.1.2.2
1.3.6.1.4.1.311.21.1:
...
Signature Algorithm: sha384WithRSAEncryption
76:a1:67:3d:dd:f0:7c:7a:c7:22:ff:c7:ac:8b:18:fe:f8:dd:
b6:99:e8:86:0e:38:05:fa:b0:36:2d:42:b9:20:e4:0e:81:c5:
12:4c:62:92:a8:5f:65:61:f0:31:3e:3a:ea:3e:30:c2:50:f1:
c2:51:1b:fe:db:a6:9d:e4:ff:c1:62:d5:ed:6e:6b:71:25:6b:
be:71:2e:41:84:c0:cf:3d:e1:b7:a0:f6:70:5d:11:c1:24:50:
24:63:83:b8:00:5e:d1:20:00:14:5b:a1:33:0d:f9:54:a0:31:
ca:bf:cd:f3:3a:23:df:60:67:29:1d:cf:6c:93:10:08:9c:27:
9d:93:b4:12:81:7b:cc:01:18:e3:3a:a7:5a:92:8a:f6:d4:34:
e6:34:85:28:b7:1a:3c:90:7b:f9:87:04:65:1a:10:49:c2:9b:
3a:7c:45:62:d4:1b:74:b6:ba:4c:ff:7c:18:c6:5a:f8:ef:75:
92:3d:41:59:3e:03:f5:8f:9d:7d:90:ba:56:38:9f:33:d3:dc:
31:6b:2f:81:af:6f:62:ac:f7:01:62:fd:06:31:79:47:a9:38:
72:f3:2e:26:fc:7c:93:41:e2:36:20:cb:cc:ad:09:f0:a8:fa:
58:fa:b2:c8:5f:2b:e2:23:6b:cb:a0:8f:b8:c4:a1:38:46:7d:
fc:65:9f:26
FAZHA001 Microsoft Azure TLS Issuing CA 06 installed:
config system certificate ca
edit "Microsoft Azure TLS Issuing CA 06"
set ca "-----BEGIN CERTIFICATE-----
MIIF8zCCBNugAwIBAgIQAueRcfuAIek/4tmDg0xQwDANBgkqhkiG9w0BAQwFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0yMDA3MjkxMjMwMDBaFw0yNDA2MjcyMzU5NTlaMFkxCzAJBgNVBAYTAlVT
MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKjAoBgNVBAMTIU1pY3Jv
c29mdCBBenVyZSBUTFMgSXNzdWluZyBDQSAwNjCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBALVGARl56bx3KBUSGuPc4H5uoNFkFH4e7pvTCxRi4j/+z+Xb
wjEz+5CipDOqjx9/jWjskL5dk7PaQkzItidsAAnDCW1leZBOIi68Lff1bjTeZgMY
iwdRd3Y39b/lcGpiuP2d23W95YHkMMT8IlWosYIX0f4kYb62rphyfnAjYb/4Od99
ThnhlAxGtfvSbXcBVIKCYfZgqRvV+5lReUnd1aNjRYVzPOoifgSx2fRyy1+pO1Uz
aMMNnIOE71bVYW0A1hr19w7kOb0KkJXoALTDDj1ukUEDqQuBfBxReL5mXiu1O7WG
0vltg0VZ/SZzctBsdBlx1BkmWYBW261KZgBivrql5ELTKKd8qgtHcLQA5fl6JB0Q
gs5XDaWehN86Gps5JW8ArjGtjcWAIP+X8CQaWfaCnuRm6Bk/03PQWhgdi84qwA0s
sRfFJwHUPTNSnE8EiGVk2frt0u8PG1pwSQsFuNJfcYIHEv1vOzP7uEOuDydsmCjh
lxuoK2n5/2aVR3BMTu+p4+gl8alXoBycyLmj3J/PUgqD8SL5fTCUegGsdia/Sa60
N2oV7vQ17wjMN+LXa2rjj/b4ZlZgXVojDmAjDwIRdDUujQu0RVsJqFLMzSIHpp2C
Zp7mIoLrySay2YYBu7SiNwL95X6He2kS8eefBBHjzwW/9FxGqry57i71c2cDAgMB
AAGjggGtMIIBqTAdBgNVHQ4EFgQU1cFnOsKjnfR3UltZEjgp5lVou6UwHwYDVR0j
BBgwFoAUTiJUIBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMHYG
CCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu
Y29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln
aUNlcnRHbG9iYWxSb290RzIuY3J0MHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9j
cmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwN6A1oDOG
MWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5j
cmwwHQYDVR0gBBYwFDAIBgZngQwBAgEwCAYGZ4EMAQICMBAGCSsGAQQBgjcVAQQD
AgEAMA0GCSqGSIb3DQEBDAUAA4IBAQB2oWc93fB8esci/8esixj++N22meiGDjgF
+rA2LUK5IOQOgcUSTGKSqF9lYfAxPjrqPjDCUPHCURv+26ad5P/BYtXtbmtxJWu+
cS5BhMDPPeG3oPZwXRHBJFAkY4O4AF7RIAAUW6EzDflUoDHKv83zOiPfYGcpHc9s
kxAInCedk7QSgXvMARjjOqdakor21DTmNIUotxo8kHv5hwRlGhBJwps6fEVi1Bt0
trpM/3wYxlr473WSPUFZPgP1j519kLpWOJ8z09wxay+Br29irPcBYv0GMXlHqThy
8y4m/HyTQeI2IMvMrQnwqPpY+rLIXyviI2vLoI+4xKE4Rn38ZZ8m
-----END CERTIFICATE-----"
set comment "Created by CA certificate"
next
end
FAZHA002 Microsoft Azure TLS Issuing CA 06 installed:
config system certificate ca
edit "Microsoft Azure TLS Issuing CA 06"
set ca "-----BEGIN CERTIFICATE-----
MIIF8zCCBNugAwIBAgIQAueRcfuAIek/4tmDg0xQwDANBgkqhkiG9w0BAQwFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0yMDA3MjkxMjMwMDBaFw0yNDA2MjcyMzU5NTlaMFkxCzAJBgNVBAYTAlVT
MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKjAoBgNVBAMTIU1pY3Jv
c29mdCBBenVyZSBUTFMgSXNzdWluZyBDQSAwNjCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBALVGARl56bx3KBUSGuPc4H5uoNFkFH4e7pvTCxRi4j/+z+Xb
wjEz+5CipDOqjx9/jWjskL5dk7PaQkzItidsAAnDCW1leZBOIi68Lff1bjTeZgMY
iwdRd3Y39b/lcGpiuP2d23W95YHkMMT8IlWosYIX0f4kYb62rphyfnAjYb/4Od99
ThnhlAxGtfvSbXcBVIKCYfZgqRvV+5lReUnd1aNjRYVzPOoifgSx2fRyy1+pO1Uz
aMMNnIOE71bVYW0A1hr19w7kOb0KkJXoALTDDj1ukUEDqQuBfBxReL5mXiu1O7WG
0vltg0VZ/SZzctBsdBlx1BkmWYBW261KZgBivrql5ELTKKd8qgtHcLQA5fl6JB0Q
gs5XDaWehN86Gps5JW8ArjGtjcWAIP+X8CQaWfaCnuRm6Bk/03PQWhgdi84qwA0s
sRfFJwHUPTNSnE8EiGVk2frt0u8PG1pwSQsFuNJfcYIHEv1vOzP7uEOuDydsmCjh
lxuoK2n5/2aVR3BMTu+p4+gl8alXoBycyLmj3J/PUgqD8SL5fTCUegGsdia/Sa60
N2oV7vQ17wjMN+LXa2rjj/b4ZlZgXVojDmAjDwIRdDUujQu0RVsJqFLMzSIHpp2C
Zp7mIoLrySay2YYBu7SiNwL95X6He2kS8eefBBHjzwW/9FxGqry57i71c2cDAgMB
AAGjggGtMIIBqTAdBgNVHQ4EFgQU1cFnOsKjnfR3UltZEjgp5lVou6UwHwYDVR0j
BBgwFoAUTiJUIBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMHYG
CCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu
Y29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln
aUNlcnRHbG9iYWxSb290RzIuY3J0MHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9j
cmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwN6A1oDOG
MWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5j
cmwwHQYDVR0gBBYwFDAIBgZngQwBAgEwCAYGZ4EMAQICMBAGCSsGAQQBgjcVAQQD
AgEAMA0GCSqGSIb3DQEBDAUAA4IBAQB2oWc93fB8esci/8esixj++N22meiGDjgF
+rA2LUK5IOQOgcUSTGKSqF9lYfAxPjrqPjDCUPHCURv+26ad5P/BYtXtbmtxJWu+
cS5BhMDPPeG3oPZwXRHBJFAkY4O4AF7RIAAUW6EzDflUoDHKv83zOiPfYGcpHc9s
kxAInCedk7QSgXvMARjjOqdakor21DTmNIUotxo8kHv5hwRlGhBJwps6fEVi1Bt0
trpM/3wYxlr473WSPUFZPgP1j519kLpWOJ8z09wxay+Br29irPcBYv0GMXlHqThy
8y4m/HyTQeI2IMvMrQnwqPpY+rLIXyviI2vLoI+4xKE4Rn38ZZ8m
-----END CERTIFICATE-----"
set comment "Created by CA certificate"
next
end
Result:
After executing diagnose ha failover
on the primary (FAZHA001), the ping to the VIP was stocked. FortiAnalyzer HA worked as expected and the new primary is now FAZHA002 (see below). After ~2min 30sec, the ping starts woking again and the VIP IP address is transferred to the new primary FAZHA002.
lynx001 ping:
azureuser@lynx01:~$ ping 10.0.10.10
PING 10.0.10.10 (10.0.10.10) 56(84) bytes of data.
64 bytes from 10.0.10.10: icmp_seq=1 ttl=64 time=0.802 ms
64 bytes from 10.0.10.10: icmp_seq=2 ttl=64 time=0.680 ms
64 bytes from 10.0.10.10: icmp_seq=3 ttl=64 time=0.691 ms
64 bytes from 10.0.10.10: icmp_seq=4 ttl=64 time=0.710 ms
64 bytes from 10.0.10.10: icmp_seq=5 ttl=64 time=0.839 ms
64 bytes from 10.0.10.10: icmp_seq=16 ttl=64 time=0.875 ms
From 10.0.10.6 icmp_seq=110 Destination Host Unreachable
From 10.0.10.6 icmp_seq=111 Destination Host Unreachable
From 10.0.10.6 icmp_seq=112 Destination Host Unreachable
...
From 10.0.10.6 icmp_seq=164 Destination Host Unreachable
From 10.0.10.6 icmp_seq=165 Destination Host Unreachable
From 10.0.10.6 icmp_seq=166 Destination Host Unreachable
64 bytes from 10.0.10.10: icmp_seq=169 ttl=64 time=1.42 ms
64 bytes from 10.0.10.10: icmp_seq=170 ttl=64 time=0.840 ms
64 bytes from 10.0.10.10: icmp_seq=171 ttl=64 time=0.934 ms
64 bytes from 10.0.10.10:
FAZHA001 diagnose ha status:
HA-Status: Secondary
up-time: 45.737s
config-sync: Allow
serial-no: FAZVMSTMxxxxxxx3
fazuid: 3433169053
hostname: fazha001
load balance status: 0x8
HA-Primary fazha@10.0.10.5 FAZVMSTMxxxxxxx4
ip: 10.0.10.5
serial-no: FAZVMSTMxxxxxxx4
fazuid: 4148610926
hostname: fazha002
conn-st: up
up/down-time: 44.364s
conn-msg:
cfgsync-st: up, 23.352s
data-init-sync-st: done, 41.033s
FAZHA001 checking HA log:
tail -f /var/private/clusterd/faz-ha.log
2023/02/02 12:34:13 <5750> main: #0: 10.0.10.10 port1 00:0d:3a:bb:fc:4a
2023/02/02 12:34:13 <5750> main: -> BACKUP
2023/02/02 12:34:13 <5750> to_BACKUP: -> BACKUP
2023/02/02 12:35:56 <7453> check_empty: platform=FAZVM64-AZURE
2023/02/02 12:35:56 <7453> main: #0: 10.0.10.10 port1 00:0d:3a:bb:fc:4a
2023/02/02 12:35:56 <7453> main: -> MASTER
2023/02/02 12:35:57 [add-ip] 10.0.10.10 is private IP
2023/02/02 12:37:27 [add-ip] removed ip 10.0.10.10 from NIC fazha002-NIC0
2023/02/02 12:37:27 [add-ip] removed ip 10.0.10.10 in subnet /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/CMM_RG_FAZHA/providers/Microsoft.Network/virtualNetworks/CMM_Vnet_FAZ/subnets/cmm_vnet_dc01
2023/02/02 12:37:27 [add-ip] Update NIC fazha001-NIC0, add secondary IP 10.0.10.10
2023/02/02 12:40:52 <8880> check_empty: platform=FAZVM64-AZURE
2023/02/02 12:40:52 <8880> main: #0: 10.0.10.10 port1 00:0d:3a:bb:fc:4a
2023/02/02 12:40:52 <8880> main: -> STOP
2023/02/02 12:40:52 <8880> main: -> STOP
2023/02/02 12:40:53 <8899> check_empty: platform=FAZVM64-AZURE
2023/02/02 12:40:53 <8899> main: #0: 10.0.10.10 port1 00:0d:3a:bb:fc:4a
2023/02/02 12:40:53 <8899> main: -> BACKUP
2023/02/02 12:40:53 <8899> to_BACKUP: -> BACKUP
FAZHA002 diagnose ha status:
HA-Status: Primary
up-time: 26.769s
config-sync: Allow
serial-no: FAZVMSTMxxxxxxx4
fazuid: 4148610926
hostname: fazha002
load balance status: 0x0
HA-Secondary fazha@10.0.10.4 FAZVMSTMxxxxxxx3
ip: 10.0.10.4
serial-no: FAZVMSTMxxxxxxx3
fazuid: 3433169053
hostname: fazha001
conn-st: up
up/down-time: 25.869s
conn-msg:
cfgsync-st: up, 1.055s
data-init-sync-st: done, 18.911s
FAZHA002 checking HA log:
tail -f /var/private/clusterd/faz-ha.log
2023/02/02 12:34:15 [add-ip] lookupSubnetIDByIP() /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/CMM_RG_FAZHA/providers/Microsoft.Network/virtualNetworks/CMM_Vnet_FAZ/subnets/cmm_vnet_dc01
2023/02/02 12:34:15 [add-ip] Update NIC fazha002-NIC0, add secondary IP 10.0.10.10
2023/02/02 12:35:55 <4624> check_empty: platform=FAZVM64-AZURE
2023/02/02 12:35:55 <4624> main: #0: 10.0.10.10 port1 60:45:bd:f5:2b:32
2023/02/02 12:35:55 <4624> main: -> STOP
2023/02/02 12:35:55 <4624> main: -> STOP
2023/02/02 12:35:55 <4636> check_empty: platform=FAZVM64-AZURE
2023/02/02 12:35:55 <4636> main: #0: 10.0.10.10 port1 60:45:bd:f5:2b:32
2023/02/02 12:35:55 <4636> main: -> BACKUP
2023/02/02 12:35:55 <4636> to_BACKUP: -> BACKUP
2023/02/02 12:40:53 <6104> check_empty: platform=FAZVM64-AZURE
2023/02/02 12:40:53 <6104> main: #0: 10.0.10.10 port1 60:45:bd:f5:2b:32
2023/02/02 12:40:53 <6104> main: -> MASTER
2023/02/02 12:40:54 [add-ip] 10.0.10.10 is private IP
2023/02/02 12:42:24 [add-ip] removed ip 10.0.10.10 from NIC fazha001-NIC0
2023/02/02 12:42:24 [add-ip] removed ip 10.0.10.10 in subnet /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/CMM_RG_FAZHA/providers/Microsoft.Network/virtualNetworks/CMM_Vnet_FAZ/subnets/cmm_vnet_dc01
2023/02/02 12:42:24 [add-ip] Update NIC fazha002-NIC0, add secondary IP 10.0.10.10
2023/02/02 12:45:00 <7137> check_empty: platform=FAZVM64-AZURE
2023/02/02 12:45:00 <7137> main: #0: 10.0.10.10 port1 60:45:bd:f5:2b:32