Jump to content
Welcome to our new Citrix community!

High availability and stayprimary is one node fails

Recommended Posts



I cant find what happens in this scenario:

2 Netscaler ADC, one set to Stayprimary and other to Seconday in a HA config.

IF the Netscaler set to Stayprimary fails(let say it is shutdown or if a MPX and has a hardware error), will the secondary then be active if "StayPrimary" cant be reached?

Or is it as I think, the seconday need to be set to primary manually....





Link to comment
Share on other sites

STAYSECONDARY when applied means this node will NEVER take over the primary role until the setting is removed regardless of the state of the primary ADC.  It is used typically for maintenance events to PREVENT failover when it would not be wanted. But while it is set you do not have a secondary member that can become primary so you have no redundancy in the HA pair.  It is still particpating in ha propagation/sync events so the config is up to date (barring things like being on different builds during an upgrade when that behavior might be suspended.)  If you need failover to occur, you need the hastatus set to ENABLED and not staysecondary outside of the limited maintenance events like an upgrade or other scenario.


STAYPRIMARY is more of a preferred primary setting. It prevent VOLUNTARY failover of the primary ADC if it is currently in a healthy state. If something goes wrong with the primary, then failover to secondary is allowed (if secondary can take over), but when the preferred primary recovers it will reclaim the role and fallback. Stayprimary doesn't prevent failover if there is an issue...as long as the secondary can in fact take over.


So if you have NSA (StayPrimary) and NSB (STAYSECONDARY), if anything brings the NSA system offline...then you have no HA failover as NSB is unable to take over.


Regarding FAILSAFE mode:

IF you enable FAILSAFE mode it will force a PRIMARY system in a scenario that would otherwise result in two secondaries. But it cannot override staysecondary or disabled states.

If NSA (stayprimar) lost a valid nic/channel, then it would be unhealthy and want to failover to NSB. But if NSB was also set to staysecondary, both would be offline in normal HA.

If FAILSAFE MODE is enabled, the system would like to make the healthy ADC (NSB) primary but with staysecondary set it can't, so instead it forces NSA to continue to GARP IPs and own traffic as a primary system. Though with a failed interface, some traffic may work other may fail.  Gives a chance for the traffic that works to still work and other traffic to maybe addressed by backup methods before data center failover functions like GSLB kick in.

However, if your NSA is offline, then failsafe mode won't do you any good as it is non-functioning.  NSB is set to staysecondary.  Until this setting is removed no primary exists.




  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...