When srpc rules are enabled, either for Kerberos or SSK, Lustre HA failover is broken. That is to say, clients might not able to reconnect to targets that have been stopped and then restarted, whether on initial or pair node.