we have 2 SRX320. Physically connected (3 ports for OOB, fabric and Control)SRX-A and SRX-B both load factory defaultthe goal is to form cluster but secondary(node1) is disabled, based on failure codes CF "request chassis cluster configuration-synchronize" do nothingPlease think that both firewall config is "fresh from out of the box"
Could you please share the output for the below command?
user@host> show chassis cluster information configuration-synchronization
Alternatively, Is it possible to delete all the configuration from both the nodes except the root authentication password, try to form a cluster once again? Let me know how it goes.
The factory default configuration usually pre-configure some of the ports that will be used later in chassis cluster (fxp0/control-link) and if one of these ports have configuration previous you form the chassis cluster, then you will have issues forming the cluster.
The fact that one node is in disable state means that the control-link is not fully coming up and this will also explain the CF alarm because the configuration is synchronized via the control-link.
I will advise to take the nodes back to standalone mode and use a "delete" at the configuration level to delete all existing config. Right after that set a root password and then commit the changes. After this go ahead and form the cluster again:
# set root-authentication plain-text-password
# run set chassis cluster cluster-id [#] node [#] reboot
Hope this helps you.
Another suggested test:
When the SRXs are in standalone mode, if you want to confirm that the cabling/ports are good, you could configure IP addresses on the ports that will be use for control-link and ping between them. This will confirm that there are no problems at the physical layer.
Thank you. This works