This article describes how to re-build FortiNAC High Availability after breaking the HA and a Factory reset Secondary Node.
Scope
FortiNAC-F v7.2.6, v7.4.1, v7.6.0 or greater.
Solution
Steps to be followed:
Step 1: Break High Availability from GUI by clearing the VIP (if it is in place) and secondary Node Information:
Step 2: Factory reset Secondary Node:
execute factoryreset all-setting
Step 3: Rebuild the High Availability.
Error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:gUhJsXoJ4kOwa0H7O6VLygp0yh45o5nMMl85ZXPBp4o. Please contact your system administrator. Add correct host key in /home/root/.ssh/known_hosts to get rid of this message. Offending ED25519 key in /home/root/.ssh/known_hosts:6 Host key for 192.168.40.121 has changed and you have requested strict checking. Host key verification failed. SSH key verification failed from 192.168.40.120 to 192.168.40.121. Verify that the SSH key for 192.168.40.120 is configured on 192.168.40.121.
Solution:
execute ssh-known-hosts remove-host ha <secondaryIP> execute ssh-known-hosts add ha admin <secondaryIP> execute ssh-known-hosts show ha