HA Sync Error after Upgrade : "Unable to connect to Primary. Please check the network connectivity from secondary to Primary"
Article ID: CTX282530
Updated On:
Description
After upgrading HA pair, below errors are observed with HA communication.
> HA breaks with RPC Secure ON.
> When trying to sync configuration between primary and secondary, error : "Unable to establish connection with the secondary. Command propagation failed." is displayed. Or error : "Unable to fetch configuration from primary, please check ns.log for reason"
Resolution
++ Enable TLS1.2 on internal services for 3008 port and RPC secure communication will be successful.
• Browse to Traffic Management > Services > Internal Services on the GUI and see if internal services nsrpcs-127.0.0.1-3008 and nsrpcs-::1l-3008 had TSLv1.2 disabled.
•Enabled TLS v1.2 on both HA nodes, and both nodes were able to synchronize. (It may be the case that you can enable this configuration on the primary and it will sync to the secondary automatically. If not, then manually make this change on the secondary as well.)
• Browse to Traffic Management > Services > Internal Services on the GUI and see if internal services nsrpcs-127.0.0.1-3008 and nsrpcs-::1l-3008 had TSLv1.2 disabled.
•Enabled TLS v1.2 on both HA nodes, and both nodes were able to synchronize. (It may be the case that you can enable this configuration on the primary and it will sync to the secondary automatically. If not, then manually make this change on the secondary as well.)
Problem Cause
From the latest versions 13.0-64.35, SSL3, TLS1.0, TLS1.1 is depricated. Hence HA communication fails if TLS1.2 is disabled. TLS1.2 is not automatically enabled when the instance is upgraded from a lower firmware version, this must be configured manually.
Additional Information
https://support.citrix.com/article/CTX231184
Was this article helpful?
Yes
No
Powered by
