07-06-2022 09:16 AM
Hello all
I am struggling with something on our Azure setup.
I have created public load balancer with two ASAv's behind it running active/standby HA.
I am fairly sure that when I set them up and configured HA, that it was working OK. But a few weeks later, the secondary firewall stopped communicating and went into a disabled state for HA.
The primary can reach the AD ok and authenticate, but the secondary seems to be getting rejected by the AD.
This is the output from show fail history
16:12:42 UTC Jul 6 2022: Error Connection - No response to access token request from https://login.microsoftonline.com/
16:12:47 UTC Jul 6 2022: Info Connection - Checking Authentication
16:12:47 UTC Jul 6 2022: Error Connection - No response to access token request from https://login.microsoftonline.com/
16:12:52 UTC Jul 6 2022: Info Connection - Checking Authentication
16:12:52 UTC Jul 6 2022: Error Connection - No response to access token request from https://login.microsoftonline.com/
16:12:57 UTC Jul 6 2022: Info Connection - Checking Authentication
16:12:57 UTC Jul 6 2022: Error Connection - No response to access token request from https://login.microsoftonline.com/
16:13:02 UTC Jul 6 2022: Info Connection - Checking Authentication
16:13:02 UTC Jul 6 2022: Error Connection - No response to access token request from https://login.microsoftonline.com/
16:13:07 UTC Jul 6 2022: Info Connection - Checking Authentication
p8-1b# sh fail
Failover On
Failover Mode: Cloud
Failover Unit: Secondary
Failover State: Disabled
Internal State: Starting
Last Failover at: never
I have checked and the config is exactly the same for failover as the primary, and I am using the management interface to route traffic to the AD.
A packet capture on each firewall reveals that traffic is reaching the AD and we see a two-way tcp conversation. Both captures look identical.
So what am I missing and what area should I be looking at to try and troubleshoot this issue? I cannot find any documentation on this at all.
Thanks in advance
James
07-06-2022 09:41 AM
07-06-2022 10:44 AM
Thanks, that is one option I have considered but it is simply the time it takes to complete.
The issue I have with this approach, is that even if it fixes the issue, how do I know it will not occur again in the future?
Regards
James
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide