hashicorp
diff --git a/‎content/consul/v1.22.x/content/commands/force-leave.mdx‎
Lines changed: 1 addition & 1 deletion b/‎content/consul/v1.22.x/content/commands/force-leave.mdx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/consul/v1.22.x/content/docs/east-west/mesh-gateway/federation.mdx‎
Lines changed: 1 addition & 1 deletion b/‎content/consul/v1.22.x/content/docs/east-west/mesh-gateway/federation.mdx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/consul/v1.22.x/content/docs/error-messages/consul.mdx‎
Lines changed: 3 additions & 1 deletion b/‎content/consul/v1.22.x/content/docs/error-messages/consul.mdx‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎content/consul/v1.22.x/content/docs/manage/disaster-recovery/backup-restore.mdx‎
Lines changed: 7 additions & 4 deletions b/‎content/consul/v1.22.x/content/docs/manage/disaster-recovery/backup-restore.mdx‎
Lines changed: 7 additions & 4 deletions
@@ -57,7 +57,7 @@ consul force-leave ec2-001-staging
 ```
 
 When run on a server that is part of a
-[WAN gossip pool](/consul/tutorials/networking/federation-gossip-wan),
+[WAN gossip pool](/consul/docs/east-west/wan-federation/vms),
 `force-leave` can remove failed servers in other datacenters from the WAN pool.
 
 The identifying node-name in a WAN pool is `[node-name].[datacenter]`.
 
@@ -31,7 +31,7 @@ Ensure that your Consul environment meets the following requirements.
 * A local Consul agent is required to manage its configuration.
 * Consul [service mesh](//consul/docs/reference/agent/configuration-file/service-mesh#connect) must be enabled in both datacenters.
 * Each [datacenter](/consul/docs/reference/agent/configuration-file/general#datacenter) must have a unique name.
-* Each datacenters must be [WAN joined](/consul/tutorials/networking/federation-gossip-wan).
+* Each datacenters must be [WAN joined](/consul/docs/east-west/wan-federation/vms ).
 * The [primary datacenter](/consul/docs/reference/agent//configuration-file/general#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for service mesh certificates and is required for services in all datacenters to establish mutual TLS with each other.
 * [gRPC](/consul/docs/reference/agent/configuration-file/general#grpc_port) must be enabled.
 * If you want to [enable gateways globally](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/consul/docs/reference/agent/configuration-file/general#enable_central_service_config).
 
@@ -165,12 +165,14 @@ When restoring a Consul datacenter with a snapshot on new infrastructure, Consul
 
 This error means that in the new datacenter there is at least one node with the same `node_name` as a node in the snapshot's datacenter, but with a different `node_id`. This represents a consistency issue.
 
-There are two possible workarounds:
+There are three possible workarounds:
 
 1. Save the UUID from the previous node’s data directory. Then re-use that same UUID when you first start the agent on the new node. You can configure node IDs for your Consul agent nodes with the [`node_id` configuration parameter](/consul/docs/reference/agent/configuration-file/node#_node_id).
 
 1. Always use unique node names for your Consul datacenters so that there is no risk of conflicts. You can configure node names for your Consul agent nodes using the [`node_name`](/consul/docs/reference/agent/configuration-file/node#_node) configuration parameter.
 
+1. Perform a [`consul leave`](/consul/commands/leave) on each server and then start the server again. Do this one server at a time. Once all servers are restarted, the node ids will be set to the expected value, resolving the errors in the logs.
+
 ## ACL not found
 
 If Consul returns the following error, this indicates that you have ACL enabled in your cluster but you aren't passing a valid token.
 
@@ -35,17 +35,16 @@ To reduce the burden on the leader, it is possible to [run the snapshot command
 
 However, we still recommend you take `consistent` snapshots for write-heavy production use cases, or when you want to snapshot a cluster state immediately after a specific change.
 
+
 ## Workflow
 
 1. **Backup the Consul datacenter**: Use the `consul snapshot save` command to create a backup of the Consul datacenter.
 1. **Verify the backup**: Inspect the backup file to ensure it was created successfully.
 1. **Restore from snapshot**: Use the `consul snapshot restore` command to restore the Consul datacenter from the backup.
 
 
-
 ## Backup a Consul datacenter
 
-
 Run the basic snapshot command on one of the servers. Because it uses the default settings, this request runs in `consistent` mode.
 
 ```shell-session
@@ -68,6 +67,11 @@ Version      1
 
 For more information about the `snapshot inspect` sub-command and its output, refer to the [`consul snapshot inspect` CLI documentation](/consul/commands/snapshot/inspect).
 
+<Warning heading="Security warning">
+
+Consul snapshots contain extremely sensitive data, such as credentials in recoverable form. Store snapshots on an encrypted medium with sufficiently strict access controls in place.
+
+</Warning>
 
 
 ## Restore a Consul datacenter
@@ -83,10 +87,9 @@ $ consul snapshot restore backup.snap
 Restored snapshot
 ```
 
-
 ## Additional guidance
 
 For more information on disaster recovery, including detailed instructions on how to backup and restore Consul datacenters, refer to the following resources:
 
 - [Consul Disaster Recovery](/consul/docs/manage/disaster-recovery)
-- [Disaster recovery for WAN-federated datacenters](/consul/docs/manage/disaster-recovery/federation)
+- [Disaster recovery for WAN-federated datacenters](/consul/docs/manage/disaster-recovery/restore/secondary)