Hello Charles,
Thank you for your query. We generally have seen that the secondary server UI issues are a by-product of network latency because the secondary server have to copy the pfdata file which contains all the details from primary. However we can troubleshoot this using the logs to find out the cause. Please follow the following and check the logs with the details as described and it can help you analyze and come to a conclusion as to why this would be happening. We will be checking the logs on the secondary server. For simplicity of analysis please use notepad++ for checking timestamp in the logs and deriving a pattern out of it.
Please go to the folder C:\Program Files\Multi-Factor Authentication Server\Logs which is default log location for MFA logs and you can use the logs to find more information . Check the MultiFactorAuthConfiguration_XXX logs (most recent one) to find what is the status of the connection . If it is Connected and online with the primary (master) server or not .
The first thing we would check if the replication is working between the primary (master) and the secondary (slave) server or not . Check the Log file MultiFactorAuthSvc.log . To be 100% sure of whether replication is working or not, check the logs on the slave server for the "Update loaded." message. If this is occurring on a regular basis, then replication is working as expected regardless of the status displayed for the server. You can also check the date on the PhoneFactor.pfdata file on the slave. If it is current, then replication is working.
Now proceed with checking the MultiFactorAuthSvc log to understand if issue is caused due to latency . Check the Log file MultiFactorAuthSvc.log . Search for the keyword “slave|Received” . This will filter the attempts of retrieving the Master Pfdata file from the master server. And it will list the duration taken in each case. This can give you more information if latency is the issue between master and slave. Generally it’s better to avoid running the MFA server UI on a slave server which is geographically distant from the master server. When launching the MFA Server UX on a slave, it connects to the master. The latency that can slow down replication can also contribute to slowness launching the UX. We generally do not recommended to run the MFA Server UX on a slave that is geographically separated from the master for this reason. In your case they are not too far but there could be network latency .
Check the MultiFactorAuthADSyncSvc MFA AD sync service should be set to Manual . Sometimes this is set to automatic which can cause UI issues as well. The service should not be running on the slave , Ideally it is called whenever needed and can be started so make sure its not set t automatic in the services console. If you check the Master server you may find that the logging for pfadssvc service will show that it keeps checking any changes in users information from AD if AD sync/import has been set.
I hope the above data and analysis of the same can help you find a pattern and get the cause of the issue. If the explanation above does not help you to obtain the details , please let us know and we will try to further help you on this.
Thank you.