Last Modified: Jun 19, 2025
Affected Product(s):
BIG-IQ Platform
Known Affected Versions:
8.3.0
Opened: Oct 15, 2024 Severity: 3-Major
Setting up automatic HA failover returns an error similar to the following: An error occurred while adding the BIG-IQ: Error: ha-secondary: Username and/or password is incorrect Error: ha-quorum: Username and/or password is incorrect Error: ha-primary: Username and/or password is incorrect Restjavad log on primary CM would have an entry similar to the following: [WARN][01 Jan 2024 01:00:00 UTC][/shared/ha/add-peer-task/abcdefgh-1234-abcd-1234-abcdefghijkl/worker AddPeerTaskWorker] [/bin/bash, -c, /usr/bin/ha_corosync_config.sh -p <primary_discovery_ip> -s <secondary_discovery_ip> -q <quorum_discovery_ip> -r primary -a <floating_ip> -m] failed with exit code 1, stdout: haclient:x:189:hacluster, stderr: Error: ha-quorum: Username and/or password is incorrect Error: ha-secondary: Username and/or password is incorrect Error: ha-primary: Username and/or password is incorrect
The user 'hacluster' could not be authenticated remotely, hence the HA autofailover setup task fails.
- BIG-IQ CMs and DCD (Quorum) are configured to remotely authenticate (eg. TACACS+) users for CLI access.
If the issue has already occurred, the cluster would need to be rebuilt by running the following on the primary and secondary CMs and on DCDs: ha_reset -f <device local discovery IP> reset-data-collection-cluster Add 'hacluster' user in the CMs and Quorum DCD's /config/bigip/auth/localusers. Note that this will not survive reboots. Add at least one DCD into the cluster that will be used as quorum device, then configure the autofailover HA. Use the guide in https://my.f5.com/manage/s/article/K11948 for creating a script that would add hacluster user into /config/bigip/auth/localusers everytime that the CMs and Quorum device reboot.
None