FW/pri/act# sh failover history

==========================================================================

Group     From State                 To State                   Reason

==========================================================================

16:17:43 EEST Aug 5 2019

    1     Sync File System           Bulk Sync                  Detected an Active mate

16:17:57 EEST Aug 5 2019

    2     Bulk Sync                  Standby Ready              Detected an Active mate

16:17:57 EEST Aug 5 2019

    1     Bulk Sync                  Standby Ready              Detected an Active mate

16:20:20 EEST Aug 5 2019

    0     Sync Config                Sync File System           Recovered from communication failure

16:20:20 EEST Aug 5 2019

    0     Sync File System           Bulk Sync                  Recovered from communication failure

16:20:21 EEST Aug 5 2019

    1     Standby Ready              Bulk Sync                  No Error

16:20:21 EEST Aug 5 2019

    2     Standby Ready              Bulk Sync                  No Error

16:20:21 EEST Aug 5 2019

    0     Bulk Sync                  Standby Ready              Recovered from communication failure

16:20:27 EEST Aug 5 2019

    2     Bulk Sync                  Standby Ready              No Error

16:20:37 EEST Aug 5 2019

    1     Bulk Sync                  Standby Ready              No Error

16:20:58 EEST Aug 5 2019

    1     Standby Ready              Just Active                Failover state check

16:20:59 EEST Aug 5 2019

    1     Just Active                Active Drain               Failover state check

16:20:59 EEST Aug 5 2019

    1     Active Drain               Active Applying Config     Failover state check

16:20:59 EEST Aug 5 2019

    1     Active Applying Config     Active Config Applied      Failover state check

16:20:59 EEST Aug 5 2019

    1     Active Config Applied      Active                     Failover state check

16:21:00 EEST Aug 5 2019

    0     Standby Ready              Just Active                Failover state check

16:21:00 EEST Aug 5 2019

    0     Just Active                Active Drain               Failover state check

16:21:00 EEST Aug 5 2019

    0     Active Drain               Active Applying Config     Failover state check

16:21:00 EEST Aug 5 2019

    0     Active Applying Config     Active Config Applied      Failover state check

16:21:00 EEST Aug 5 2019

    0     Active Config Applied      Active                     Failover state check

===================================================

sh failover state

               State          Last Failure Reason      Date/Time
This host  -   Primary
    Group 1    Active         Comm Failure             16:16:24 EEST Aug 5 2019
    Group 2    Standby Ready  Comm Failure             16:16:24 EEST Aug 5 2019
Other host -   Secondary
    Group 1    Standby Ready  None
    Group 2    Active         None

====Configuration State===
        Sync Done - STANDBY
====Communication State===
        Mac set

Hello Mohammed, 

I will have this point in mind for future deployments. 

So right now I cannot tell which asa failed. The management connection is a L2. 

In failover state, only active asa shows comm failure. The secondary shows none. 

All in all, there is not a command in asa I could determine where the actual failure occurred(Hardware fault, software fault). 

Regards, 

Konstantinos

hi,

can you check for errors on the failover cable with a show interface g0/x?

most of our active-standby FW deployment have direct failover cable between them.

this will save switch ports and avoid design complexity and troubleshooting.

we have very few deployments via L2 switch or patch panels if the two FWs are in different racks..

Hello, 

This is the output of the command 

Interface Ethernet1/16 "", is up, line protocol is up

  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

        MAC address zzzz.zzzz.zzzz, MTU not set

        IP address unassigned

Interface Ethernet1/16.4001 "FAILOVER", is up, line protocol is up

  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

        VLAN identifier 4001

        Description: LAN Failover Interface

        MAC address zzzz.zzzz.zzzz, MTU 1500

        IP address xxx.xxx.xxx.xxx, subnet mask xxx.xxx.xxx.xxx

Interface Ethernet1/16.4002 "FOLINK", is up, line protocol is up

  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

        VLAN identifier 4002

        Description: STATE Failover Interface

        MAC address zzzz.zzzz.zzzz, MTU 1500

        IP address xxx.xxx.xxx.xxx, subnet mask xxx.xxx.xxx.xxx

Is that any helpful?

Regards, 

Konstantinos

Not really. I think we would like to see the output of each member of the cluster on their HA interface.

https://www.tunnelsup.com/understanding-cisco-asa-interface-counters-and-statistics/

Hi bro

  I have same issue failover history "Recovered from communication failure" , how troubshoot it? 

  two unit ping eachouther not any packet loss.

Hi Konstantinos

I have similar trouble with ASA. Do you recollect whether you got it resolved? If yes.. Can you please brief me how?

Regards

Hariz

Hi bro 

  I have same too . have you  find any resolution ?

Hi Jadon

It is not yet resolved. Im still searching for the solution, please let me know if you find something. 

Hi harizmthaha

  I found a temporay solution . you can try increase the HA poll time ,interface time.

  in my use case. the HA state  comm failure due to HA pairs lost community , when HA pairs community lost packet .

Hi Jadon,

Thanks for letting me know. we have planned for Rommon and IOS upgrade this week. I will update you if that permanently fixes this trouble.