A user has two instances of Panorama in the production network and is preparing to turn on Panorama HA. The Panorama VM at the primary site has been cloned and brought up on the secondary site, The MAC address, serial number, and management IP address have been changed. However, the two VMs have the same HA key and get an error when attempting the HA key exchange. Is there a way to regenerate the HA key in one of these instances of Panorama?
Resolution
To regenerate the HA encryption key:
Reset the SSH keys on one of the Panorama boxes by using the following CLI command: admin@Panorama97> debug system ssh-key-reset high-availability
Resync the keys between the two Panoramas by using the SCP export/import commands:
admin@Panorama97> SCP export high-availability-key + remote-port SSH port number on remote host * from from * to Destination (username@host:path)
admin@Panorama97> scp import high-availability-key + remote-port SSH port number on remote host * from Source (username@host:path)