Re: Error in Master Orchestrator Security Group

SecdetKrypton

I have the following problem: I have a security group and I can ping the 3 members from the master orchestrator; they have licensing and have a correct connection, however they appear in a down state.

[Expert@SG01-SITE-s01-01:0]# cphaprob state

Cluster Mode: HA Over LS

ID Unique Address Assigned Load State Name

1 (local) 192.0.2.1 100% ACTIVE SG01-SITE-s01-01
2 192.0.2.2 0% DOWN SG01-SITE-s01-02
3 192.0.2.3 0% DOWN SG01-SITE-s01-03

Active PNOTEs: None

Last member state change event:
Event Code: CLUS-112004
State change: DOWN -> ACTIVE
Reason for state change: USER DEFINED PNOTE
Event time: Thu May 21 21:17:57 2026

Martijn

Hi,

Can you SSH to the other SGM's from the Orchestrator and get more information:

#cphaprob stat
#cphaprob -l list

What version are you running?

Are there any custom pnotes configured?

Martijn

SecdetKrypton

Hi

The curious thing is that it does switch and does not lose internet connection, but members 2 and 3 appear in a down state.

[Expert@SG01-SITE-s01-01:0]# cphaprob stat

Cluster Mode: HA Over LS

ID Unique Address Assigned Load State Name

1 (local) 192.0.2.1 100% ACTIVE SG01--SITE-s01-01
2 192.0.2.2 0% DOWN SG01--SITE-s01-02
3 192.0.2.3 0% DOWN SG01--SITE-s01-03

Active PNOTEs: None

Last member state change event:
Event Code: CLUS-112004
State change: DOWN -> ACTIVE
Reason for state change: USER DEFINED PNOTE
Event time: Thu May 21 21:17:57 2026
[Expert@SG01-C5-SITE-s01-01:0]# cphaprob -l list

Built-in Devices:

Device Name: CoreXL Configuration
Current state: OK

Registered Devices:

Device Name: Fullsync
Registration number: 0
Timeout: none
Additional description: Running
Current state: OK
Time since last report: 22662.8 sec

Device Name: Policy
Registration number: 1
Timeout: none
Current state: OK
Time since last report: 22660.1 sec

Device Name: during_boot
Registration number: 2
Timeout: none
Current state: OK
Time since last report: 45584.3 sec

Device Name: routed
Registration number: 3
Timeout: none
Additional description: OK
Current state: OK
Time since last report: 45471.5 sec

Device Name: cxld
Registration number: 4
Timeout: 30 sec
Current state: OK
Time since last report: 45786.2 sec
Process Status: UP

Device Name: HD
Registration number: 5
Timeout: none
Current state: OK
Time since last report: 45786.2 sec

Device Name: fwd
Registration number: 6
Timeout: 30 sec
Current state: OK
Time since last report: 45781.6 sec
Process Status: UP

Device Name: Init
Registration number: 7
Timeout: none
Current state: OK
Time since last report: 45770.3 sec

Device Name: sgm_pmd
Registration number: 8
Timeout: 30 sec
Current state: OK
Time since last report: 0.4 sec

Device Name: lb_configd
Registration number: 9
Timeout: 30 sec
Current state: OK
Time since last report: 0.7 sec

Device Name: sgm_lsp
Registration number: 10
Timeout: 30 sec
Additional description: Member lost connectivity with the Orchestrators and other members in the Security Group
Current state: OK
Time since last report: 0.3 sec

Device Name: DSD
Registration number: 11
Timeout: none
Current state: OK
Time since last report: 22621.9 sec

Device Name: Iterator
Registration number: 12
Timeout: none
Current state: OK
Time since last report: 22650.1 sec

Device Name: LACP_SYNC
Registration number: 13
Timeout: none
Current state: OK
Time since last report: 45529.1 sec

Device Name: cvpnd
Registration number: 14
Timeout: none
Current state: OK
Time since last report: 0.7 sec

emmap

We need to see 'cphaprob list' from the other SGMs, from 2 and 3. From SGM1 if you use the command 'm 1_2' and 'm 1_3' you can ssh over to the other SGMs to check their pnotes and see why they are down.

Are you a member of CheckMates?

Error in Master Orchestrator Security Group