Error: "Unable to login to <IP-address-of-Secondary>" When Adding Node to NetScaler in High Availability

Error: "Unable to login to <IP-address-of-Secondary>" When Adding Node to NetScaler in High Availability

book

Article ID: CTX207342

calendar_today

Updated On:

Description

The following error is displayed when trying to add a node to NetScaler in HA from GUI:
"unable to login to <IP-address-of-Secondary>"

User-added image

When adding the node using NetScaler CLI, the command will succeed however the status of the node added will be UNKNOWN/DOWN as shown in the following example:

> add ha node 1 10.107.20.110
 Done

> sh ha node
1)      Node ID:      0
        IP:   10.107.20.130 (NSMPX-5550-2)
        Node State: UP
        Master State: Primary
        Fail-Safe Mode: OFF
        INC State: DISABLED
        Sync State: ENABLED
        Propagation: ENABLED
        Enabled Interfaces : 0/1
        Disabled Interfaces : 1/6 1/5 1/4 1/3 1/2 1/1 0/2
        HA MON ON Interfaces : 0/1
        Interfaces on which heartbeats are not seen : None
        Interfaces causing Partial Failure: None
        SSL Card Status: UP
        Hello Interval: 200 msecs
        Dead Interval: 3 secs
        Node in this Master State for: 0:9:14:10 (days:hrs:min:sec)
2)      Node ID:      1
        IP:   10.107.20.110
        Node State: UNKNOWN/DOWN
        Master State: UNKNOWN
        Fail-Safe Mode: UNKNOWN
        INC State: UNKNOWN
        Sync State: UNKNOWN
        Propagation: UNKNOWN
        Enabled Interfaces : UNKNOWN
        Disabled Interfaces : UNKNOWN
        HA MON ON Interfaces : UNKNOWN
        Interfaces on which heartbeats are not seen : UNKNOWN
        Interfaces causing Partial Failure: UNKNOWN
        SSL Card Status: UNKNOWN

Resolution

Verify if "secure access only" is checked for the NSIP. With this setting, the NetScaler IP can only be accessed over 443.

User-added image

From NetScaler CLI run the following command to confirm if "secure access only" is enabled::

show ns ip 10.107.20.110

        IP: 10.107.20.110
        Netmask: 255.255.255.0
        Type: NetScaler IP
        Traffic Domain: 0
        state: Enabled
        arp: Enabled
        arpResponse: NONE
        icmp: Enabled
        icmpResponse: NONE
        vserver: NA
        management access: Enabled
          telnet: Enabled
          ftp: Enabled
          ssh: Enabled
          gui: SecureOnly

To resolve this issue, disable the "secure access only" option on NSIP if it is enabled.

Starting from NetScaler build 11.0-66+ onwards there is separate check box "Secure Access" as shown below when adding HA nodes from GUI. So if "Secure access only" is enabled on NSIP on both nodes that you are adding in HA, then check this "Secure Access" checkbox to successfully add HA nodes.

User-added image

Problem Cause

In builds prior to NetScaler 11.0-65 it is a limitation/behavior that NetScaler initiates the request to other node in HA on port 80. So if "secure access only" is enabled on both nodes then the other node will not respond due to "secure only access" being enabled on NSIP. Starting from NetScaler builds 11.0-66+ there is a separate check box "Secure Access" to add nodes in HA if "secure access only" is checked for NSIP.

Issue/Introduction

The following error is displayed when trying to add a node to NetScaler in HA from GUI: "unable to login to "
Powered by Wolken Software