06-29-2022 12:41 AM
We have 2 PA-850
They are working in HA mode
When i got the handover they gave the admin credentials
The secondary was always active
When i tried to login to the passive one the admin password did't work
At the end i logged in with the initial password created on first deployment 2 years ago
And it was not changing from Web or CLI
The issue fixed after when i upgraded from 9.0.4 to 9.1.13-h1
06-29-2022 12:26 PM
Kind of sounds like the config sync that happens between the active/passive unit wasn't working for quite a while and the upgrade and restart fixed that. It could be something as simple as the passive having a config lock every time you ran a commit, which would have prevented the configuration sync from working properly. You should be able to review the system logs on the passive unit to verify if that's the case.
06-30-2022 03:10 AM
There was no commit lock
The new admins were created but passwords of old admin was valid and all new passwords not valid
Even SSH keys were not valid for login
06-30-2022 01:35 PM
Hmm .. That's a puzzle. The way the firewall's HA configuration sync works you shouldn't ever run into an instance where parts of the configuration are syncing and some aren't. Outside of everything specific to the device under <deviceconfig/>, you don't have any other differences in the configuration. Admin accounts aren't device specific, so if it loaded the new users it should have loaded the new phash values in the configuration.
I'd still saying reviewing the configuration history on the passive unit will likely point towards a breakdown in that configuration sync process for some reason or another until you upgraded. Maybe it was running a new enough configuration to have the new admins, but failed prior to the old admins or new passwords and such actually got added?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!