This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA setup Sophos UTM Home not working, not able to update.

I have used one Sophos UTM 9 home setup for years now. I am trying to create a HA environment now.

The original installation has got version 9.700-5, the most recent downloadable file at the moment is 9.605-1. So i used that file for my second installation. I have also tried to manually update the installation.

The HA log:

2019:11:27-18:31:27 sophosutm02-2 ha_daemon[3919]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 58 27.134" name="HA daemon shutting down (SIGTERM)"

2019:11:27-18:31:27 sophosutm02-2 ha_daemon[3919]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 59 27.134" name="Executing (nowait) /etc/init.d/ha_mode shutdown"

2019:11:27-18:31:27 sophosutm02-2 ha_mode[5777]: calling shutdown

2019:11:27-18:31:27 sophosutm02-2 ha_mode[5777]: shutdown: waiting for last ha_mode done

2019:11:27-18:31:27 sophosutm02-2 ha_mode[5777]: /var/mdw/scripts/confd-sync: /usr/local/bin/confd-sync stopped

2019:11:27-18:31:27 sophosutm02-2 ha_mode[5777]: shutdown done (started at 18:31:27)

2019:11:27-18:31:27 sophosutm02-2 ha_daemon[3919]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 60 27.149" name="HA daemon exits (SIGTERM)"

2019:11:27-18:32:43 sophosutm01-1 ha_daemon[7784]: id="38A0" severity="info" sys="System" sub="ha" seq="M: 38 43.203" name="Access granted to remote node 2!"

2019:11:27-18:32:58 sophosutm01-1 ha_daemon[7784]: id="38A0" severity="info" sys="System" sub="ha" seq="M: 39 58.202" name="Request reset MTU size to 1500 (ignored)"

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 46 10.304" name="HA control: cmd = 'build'"

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 47 10.318" name="HA control: cmd = 'up2date successful'"

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 48 10.318" name="Set UTM version to 9.605001

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 49 10.318" name="up2date to 9.605001 successful"

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 50 10.318" name="start/reset initial synchronization timer = 0"

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 51 10.318" name="state change UP2DATE(256) -> ACTIVE(0)"

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 52 10.318" name="check up2date: version conflict with MASTER"

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 53 10.318" name="state change ACTIVE(0) -> UP2DATE(256)"

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 54 10.318" name="Starting local up2date 9.605001 -> 9.700005"

2019:11:27-18:33:10 sophosutm02-2 ha_up2date[5298]: starting system up2date to '9.700005'

2019:11:27-18:33:10 sophosutm02-2 ha_up2date[5298]: No up2date path to '9.700005', try to fix it

2019:11:27-18:33:10 sophosutm02-2 ha_up2date[5298]: calling /sbin/audld.plx --types=sys --ha-override --proxy 198.19.250.1:9009

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 55 10.830" name="Monitoring interfaces for link beat: eth2"

2019:11:27-18:33:10 sophosutm02-2 ha_daemon[3928]: id="38A3" severity="debug" sys="System" sub="ha" seq="S: 56 10.830" name="Netlink: Found link beat on eth2 again!"

2019:11:27-18:33:13 sophosutm01-1 ha_proxy[8358]: Connect (file descriptor 6): node2 [198.19.250.2]

2019:11:27-18:33:13 sophosutm01-1 ha_proxy[8358]: Request (file descriptor 6): CONNECT us1.utmu2d.sophos.com:443 HTTP/1.0

2019:11:27-18:33:13 sophosutm01-1 ha_proxy[8358]: No proxy for us1.utmu2d.sophos.com

2019:11:27-18:33:13 sophosutm01-1 ha_proxy[8358]: Established connection to host "us1.utmu2d.sophos.com" using file descriptor 7.

2019:11:27-18:33:13 sophosutm01-1 ha_proxy[8358]: Not sending client headers to remote machine

2019:11:27-18:33:16 sophosutm02-2 ha_daemon[3928]: id="38A0" severity="info" sys="System" sub="ha" seq="S: 57 16.100" name="Monitoring interfaces for link beat: eth2"

2019:11:27-18:33:22 sophosutm01-1 ha_proxy[8358]: Closed connection between local client (fd:6) and remote client (fd:7)

2019:11:27-18:33:22 sophosutm01-1 ha_proxy[12672]: Connect (file descriptor 6): node2 [198.19.250.2]

2019:11:27-18:33:22 sophosutm01-1 ha_proxy[12672]: Request (file descriptor 6): CONNECT us1.utmu2d.sophos.com:443 HTTP/1.0

2019:11:27-18:33:22 sophosutm01-1 ha_proxy[12672]: No proxy for us1.utmu2d.sophos.com

2019:11:27-18:33:23 sophosutm01-1 ha_proxy[12672]: Established connection to host "us1.utmu2d.sophos.com" using file descriptor 7.

2019:11:27-18:33:23 sophosutm01-1 ha_proxy[12672]: Not sending client headers to remote machine

2019:11:27-18:33:30 sophosutm01-1 ha_proxy[12672]: Closed connection between local client (fd:6) and remote client (fd:7)

2019:11:27-18:33:30 sophosutm02-2 ha_up2date[5298]: calling /sbin/auisys.plx --types=sys --upto 9.700005

2019:11:27-18:33:31 sophosutm02-2 ha_up2date[5298]: done (auisys has gone into the background)

Could someone tell me how to fix this? The status of node 2 is UP2DATE at the moment. The log above runs in a loop, the node keeps trying to update as far as i can see.



This thread was automatically locked due to age.
Parents
  • Hello "Operations",

    I would go the manual route: break up the HA-config again, give an IP to the second device and update that one by hand.

    Get the update form here: https://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.605001-700005.tgz.gpg

    and upload that to the second device, wait some 30 seconds to unpack the package and then apply that same level 9.700-5 to your backup firewall.

    Once they both have the same OS level, try to get HA going again.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello "Operations",

    I would go the manual route: break up the HA-config again, give an IP to the second device and update that one by hand.

    Get the update form here: https://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.605001-700005.tgz.gpg

    and upload that to the second device, wait some 30 seconds to unpack the package and then apply that same level 9.700-5 to your backup firewall.

    Once they both have the same OS level, try to get HA going again.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data