Overview
While trying to configure Kerio Control in HA mode, the connection between Master and Slave device might be failing. If the interface settings or HA variables are misconfigured, Kerio Control will generate the appropriate status and validation failed message.
This article describes various status messages and the Health Check details for High Availability configuration.
Description
Status Messages
|
Message
|
Details
|
|---|---|
| OK | On master, it means master has virtual IP. On the slave, it means the master is up and the slave doesn't have any virtual IP |
| Master Down | This will show on a slave, means "Master down and slave has virtual IP" so virtual IP successfully moved to a slave |
| Failure (No Virtual IPs Assigned) | This is shown on master and it shows a transient state where HA started but there is no virtual IP assigned yet. After a short period of time, the master will get virtual IP and the state will move to OK |
| Failure (Master down, Slave no Virtual IPs) | This is shown on the slave and it is also a transient state where the master is down, the slave became an active device but there is no virtual IP assigned yet in slave. After a short period of time, the slave will get IP and the state will move to "Master Down" |
| Failure (ucarp failed) | This can be shown on both master and slave and means UCARP process is not running currently. To debug UCARP related problems, the user can enable Syslog messages in Debug logs where UCARP puts all its logs |
| Disabled | This is a default status that appears on both Master and Slave appliance when High Availability is disabled. |
Health Check Messages
| Message | Details |
| Successful | There is no problem with the peer and the High Availability gets activated successfully. |
| Validation Failed (Secrets are not matching. | This appears when the Master and Slave appliance have different shared secret configured and they couldn't be matched during validation. |
| Validation Failed (Appliance type should be the same for master and slave.) | This appears when the Master and Slave hardware box models are not identical. You can only set up HA for the same model of hardware box or between two software appliances
i.e. you can't set up HA between the software appliance and NG100, or between NG100 and NG300. The only exception is WiFi so you can pair NG100 and NG100W so HA doesn't include WiFi info while checking appliance type. |
| Validation Failed (Version should be the same for master and slave.) | Build version should match between master and slave |
| Validation Failed (Interface names are not matching.) | Master and Slave should have the same interface names even if it is not used in HA (interface number should match also) |
| Validation Failed (Both machines are in the same mode.) | Both machines have the same Instance Mode |
| Validation Failed (Peer token is invalid.) | Peer is sending some old token that we don't hold now. This is a transient state, after this message peer automatically renew its token and this message should move to Successful |
| Validation Failed(Master and slave should have different device names.) | This appears when the Master and Slave appliances have the same Device Name set. |
| Validation Failed (No response) | This indicates either peer is down, HA disabled, or HA Sync traffic is blocked. HA Sync traffic is using only Sync/Status interface selected on HA configuration page and it is a UDP traffic using port 11921. Within the Trusted interface Group this sync traffic is not blocked by default, but it depends on the setup. |
| Health check failed. | After validating the appliance configuration, the peer is then monitored with heartbeat. This status appears when the validation was done successfully but later it lost connection to the peer. |
Example of disabled Network Interface in Master configuration causing HA failure.
Master side
Slave side
