Sophos UTM HA node stuck in RESERVED state

Question

Hey there, 
 
 I have a active passive UTM-Cluster which got configured by an external. 
 The second node is configured to be reserved after a fw-update and was there reserved at 9.710 since the upgrade to 9.711. 
 In the meantime the active node got updated to 9.711 and on monday to 9.712. After the update to 9.712 I recognized that the slave node is in reserved state and I wanted to upgrade it to the latest state, but it only got updated to 9.711 and came back up in reserved state. 
 
 If I now trigger it to update to the latest version it shows the following in the HA log: 
 2022:09:07-08:39:21 fw-extern-1 ha_up2date[31269]: starting system up2date to '9.712012'
2022:09:07-08:39:21 fw-extern-1 ha_up2date[31269]: No up2date path to '9.712012', try to fix it 
2022:09:07-08:39:21 fw-extern-1 ha_up2date[31269]: calling /sbin/audld.plx --types=sys --ha-override --proxy 198.19.250.2:9009
2022:09:07-08:39:21 fw-extern-2 ha_proxy[4959]: Connect (file descriptor 5): node1 [198.19.250.1]
2022:09:07-08:39:22 fw-extern-2 ha_proxy[4959]: Request (file descriptor 5): CONNECT us1.utmu2d.sophos.com:443 HTTP/1.1
2022:09:07-08:39:22 fw-extern-2 ha_proxy[4959]: No proxy for us1.utmu2d.sophos.com
2022:09:07-08:39:22 fw-extern-2 ha_daemon[4441]: id="38A0" severity="info" sys="System" sub="ha" seq="M: 222 22.106" name="Node 1 changed state: RESERVED(4096) -> UP2DATE(256)"
2022:09:07-08:39:22 fw-extern-2 ha_proxy[4959]: Established connection to host "us1.utmu2d.sophos.com" using file descriptor 7.
2022:09:07-08:39:22 fw-extern-2 ha_proxy[4959]: Not sending client headers to remote machine
2022:09:07-08:39:33 fw-extern-2 ha_proxy[4959]: Closed connection between local client (fd:5) and remote client (fd:7)
2022:09:07-08:39:33 fw-extern-2 ha_proxy[29206]: Connect (file descriptor 6): node1 [198.19.250.1]
2022:09:07-08:39:33 fw-extern-2 ha_proxy[29206]: Request (file descriptor 6): CONNECT us1.utmu2d.sophos.com:443 HTTP/1.1
2022:09:07-08:39:33 fw-extern-2 ha_proxy[29206]: No proxy for us1.utmu2d.sophos.com
2022:09:07-08:39:33 fw-extern-2 ha_proxy[29206]: Established connection to host "us1.utmu2d.sophos.com" using file descriptor 7.
2022:09:07-08:39:33 fw-extern-2 ha_proxy[29206]: Not sending client headers to remote machine
2022:09:07-08:39:35 fw-extern-2 ha_proxy[29206]: Closed connection between local client (fd:6) and remote client (fd:7)
2022:09:07-08:39:35 fw-extern-1 ha_up2date[31269]: calling /sbin/auisys.plx --types=sys --upto 9.712012
2022:09:07-08:39:35 fw-extern-1 ha_up2date[31269]: done (auisys has gone into the background) 
 And then nothing happens anymore until I click the reboot button for this machine in the webadmin which leads to a reserved state in 9.711 again. 
 Unfortunately I am not able to ssh into the slave machine and push the gpg files to it, as I don't have the former SSH password for it as the configuration was done by an external. I habe changed the loginusers ssh password at the active machine, but it does not sync to the reserved one. 
 Has somebody a clue how I can fix this? Maybe there is a possibility to sync the gpg file 9.711 to 9.712 to the reserved node without ssh into it? 
 
 Thanks in advance for every help provided and best regards 
 Alex

Vivek Jagad · Accepted Answer

Hello Alex L&uuml;ttgen , Thank you for reaching out to the community, in this scenario I would suggest break the HA and then upgrade & sync the appliance > proceed to built the HA again. > Otherwise if you can ssh into the HA then you may refer the following KBA: Perform a Sophos UTM Up2Date from the command line - https://support.sophos.com/support/s/article/KB-000034275?language=en_US > Run Up2Date - https://support.sophos.com/support/s/article/KB-000034903?language=en_US > What is the Up2date process for HA and Cluster systems? - https://support.sophos.com/support/s/article/KB-000034345?language=en_US

Sophos UTM HA node stuck in RESERVED state

Top Replies