【现象】
USG6300E V600R007C20SPC300 双机热备,日志提示主备防火墙配置不一致,原因为秘钥不一致。怀疑是RSA秘钥不一致。
Oct 7 2021 11:52:21+08:00 USG6300E_A %HRPI/4/COCHK(l)[2]:The configurations between active and standby device is different(The key pairs of the active and standby devices are inconsistent(VsysID = 0). To solve this problem, run the pki rsa local-key-pair backup all-sys and pki certificate backup all-sys commands.).
【排查过程】
在主机上执行pki rsa local-key-pair match-slave命令,比较双机热备状态下主备设备所有RSA密钥对是否一致
HRP_M[USG6300E_A] pki rsa local-key-pair match-slave
Info: Obtaining RSA key pair from the standby device, please wait.
Error: The RSA key pair on the standby device is not the same as that on the active device.   //报错表示主备rsa秘钥不一致
HRP_M[USG6300E_A]
【解决方法】
在主机上执行:pki rsa local-key-pair backup 命令,然后再查pki rsa local-key-pair match-slave,正常
HRP_M[USG6300E_A] pki rsa local-key-pair backup //将主设备上所有的RSA密钥对批量备份到备设备
Info: Sending start info to standby device.
Info: Backing up all RSA key pairs to standby device.
Info: Waitting for backup result.
Info: RSA key pair backup succeeded.                               //提示RSA key同步成功
HRP_M[USG6300E_A] pki rsa local-key-pair match-slave   //重新比较
Info: Obtaining RSA key pair from the standby device, please wait.
Info: All RSA key pairs are the same .                                //现在提示是相同的,没有报错,表示RSA的秘钥已经一致
HRP_M[USG6300E_A]










![苹果cms使用火车头发布数据报错:“SQLSTATE[22001]:String data,right truncated:1406 Data too long for column ‘vod_blurb’ at row 1”-下雪啦资源网](https://www.xiaxuela.com/wp-content/uploads/2020/12/da6b8ce280dece1-300x95.png)








 
        
暂无评论内容