HA Sync Error after Upgrade : "Unable to connect to Primary. Please check the network connectivity from secondary to Primary" after upgrade
Article ID: CTX322891
Updated On:
Description
After upgrading HA pair, below errors are observed with HA communication.
> HA Functionality breaks with RPC Secure ON.
> When trying to establish sync between primary and secondary we get the error : "Unable to establish connection with the secondary.
Resolution
++ Enable TLS1.2 on internal services for 3008 port and RPC secure communication will be successful.
• Browse to Traffic Management > Services > Internal Services on the GUI and see if internal services nsrpcs-127.0.0.1-3008 and nsrpcs-::1l-3008 had TSLv1.2 disabled.
•Enabled TLS v1.2 on both HA nodes, and both nodes were able to synchronize. (It may be the case that you can enable this configuration on the primary and it will sync to the secondary automatically. If not, then manually make this change on the secondary as well.
• Browse to Traffic Management > Services > Internal Services on the GUI and see if internal services nsrpcs-127.0.0.1-3008 and nsrpcs-::1l-3008 had TSLv1.2 disabled.
•Enabled TLS v1.2 on both HA nodes, and both nodes were able to synchronize. (It may be the case that you can enable this configuration on the primary and it will sync to the secondary automatically. If not, then manually make this change on the secondary as well.
Problem Cause
From the latest versions 12.1 and 13.0, SSL3, TLS1.0, TLS1.1 is depreciated. Hence HA communication fails if TLS1.2 remains disabled.
TLS1.2 is not automatically enabled when the instance is upgraded from a lower firmware version.
Hence this must be configured manually.
Was this article helpful?
Yes
No
Powered by
