Altostratus
AltostratusOk, fiddled a bit with it and apparently this is what was malfunctioning.
The unit with the failed rekey had been a part of another cluster previously, but was reset to default by means of "tmsh load sys config default". However the master key still remains apparently.
This caused it to refuse to join any new sync-failover relationships and also any attempts to reset the master key to something else, with the same error message btw.
The solution to this, the inability to reset the master key, was solved by removing all the configuration regarding user AD/LDAP authentication and reloading the config. Then resetting the master key to the same as the other new working unit and thereafter config syncing to to malfunctioning unit by normal means.
The remaining question is though. Is this as intended? Do you need to know that you must reset the master key after you remove a unit from a previous trust relationship? Also, the inability to rekey it without removing any traces of authentication from the config seems like a bug.
