Peter
What you have posted looks fine. I do not see a problem so far.
There are several ways that we can investigate this problem. You can choose to do one at a time or to try to do several in parallel:
- you can check on the backup server and see if it is receiving the request from the router. If the backup server did see the request does it think that it responded to it?
- you can check and verify that the backup router has the same definition of the router as client that the primary server does.
- you can run debug on the router and see what the router says about the primary and whether it is attempting to get to the backup server.
I do not know if it is the same thing, but I had a situation a while back that sounds quite similar to your issue. In our situation something on the server was still running but it would not authenticate. It was sending a particular error code back to the router (I do not remember quite what it was) and the router did not treat that as something that would trigger failover to the backup server and it did local authentication. We saw that clearly in the debugs on the router. So how did you fail your primary server? Was it powered down, was the network cable unplugged, was some service stopped, or what?
HTH
Rick
HTH
Rick