Jump to content
Welcome to our new Citrix community!

ADC in HA mode on Azure failing to synchronize the gateway configuration

Recommended Posts

Hi Team,

I stood up a pair of ADC 12.1 in HA mode (following Azure's available template for HA) and proceeded with the configuration.

All went well until the gateway configuration was entered on the primary node. Every setting I define on the primary via GUI issues a pop-up message saying that the secondary node did not accept it, however the configuration will be synchronized anyways.

I initially thought that this was a behavior of such Azure's template until I rebooted the primary box. I then noticed that the secondary (which now is the primary) had all its config inherited from the primary adc but the gateway entry. Everything was there, except the gateway configuration.

Once the former primary box came up online, upon forcing a failover to restore the initial state I then lost the gateway configuration on both boxes.

Any help? Have I hit a known bug?



Link to comment
Share on other sites

Is your second ADC in the HA pair properly licensed for the GAteway feature?

If a valid license is not in effect on the secondary, then the propagation events will fail.

After failover, the unrecognized commands are ignored so they will be "lost" out of the runningconfig on the NEW PRIMARY, next syncrhonization event will result in the OLD primary/current secondary (your original A system) no longer having the setting either. On next save config as well.


So, the question is, what's causing the original propagation/synchronization issues?  

1) improper build variances or license issues between the A/B members of hte Ha pair.

2) blocked or prevented sync/prop communication between A to B ADC's which could be caused by a misconfiguration, sync/prop being disabled on one or other nodes, improper rpcnode configuration (password/secure flag), OR ACLs blocking access?

3) Is your HA pair configured with INC mode enabled (Independent network config)...which may have some impact if not properly managed (Default this would be off).


I would start with firmware and license comparisons as the most likely issue. Communication failure (item 2) is next.


The sync/prop issue may be a firmware bug. But I would check other common causes first.  But if no obvious communication failure reason is present; call tech support.

But the behavior of the second system not recognizing the config due to missing prop and then that becoming authoritative is what would happen in this context. The troubleshooting is why the prop/sync isn't working in the first place.

Link to comment
Share on other sites

Thanks Rhonda,

Connectivity does not seem to be playing a part on this issue, as everything else is synchonizing (configuration-wise) except the gateway entry.

Licensing: Both of them have the exact same license model Enterprise 3000, not that either.

The two boxes were deployed following the Azure HA template, meaning that they have exact same appliance settings and code release.

A colleague once had a similar issue deploying a pair of ADC in HA mode in AWS, he ended up standing up two pairs of ADC in HA deleted the two secondary boxes and promoted the second-pair primary as secondary, magically it fixed the problem. Wondering if it would be of anyone's knowledge such anomaly.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...