- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-19-2019 06:14 AM
Hi Team
We are facing the issue with HA running config not synchronized
>> We have restarted the both active and passive firewall management server and push the configuration by execute the cli command 'request high-availability sync-to-remote running-config' but its showing as " Failed to synchronize running configuration with HA peer". We have tried with both via cli and GUI but its fail.
>> In Passive firewall not able to login via GUI properly. after I enter the login credentials of firewall it will automatically exit the firewall,sometime only i can able to to login properly.
>> While execute the mp-log ha_agent.log
+0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:30:57.317 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:30:57.317 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:31:06.045 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:31:06.045 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:31:06.045 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:32:42.804 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:32:42.804 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:32:42.804 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:35:49.250 +0530 debug: ha_sysd_mgmt_finsync_notifier_callback(src/ha_sysd.c:2521): Mgmtsrvr sent finsync failure.
>> Please help us to resolve this issue.
Thanks & Regards
Mohammed Ashik
06-19-2019 06:32 AM
Hi @MohammedAsik ,
Did you make a recent change which triggered this behaviour ?
Have you tried again after reverting the change ?
Cheers !
-Kiwi.
06-19-2019 07:25 AM
Hello,
Also if this is the first time you setup HA on these units, you will first need to perform a manual sync by clicking the Sync to Peer hyperlink.
Regards,
06-19-2019 07:45 AM
Hi kiwi
Yeah we reverted the change and tried.
But it didn't help us
06-19-2019 09:26 PM
Hi Otakar
This is not a new configuration. Already which is working fine..
From last two days we are facing the running configuration sync issue.
Note : We have tried by clicking the Sync to Peer hyperlink but its not sync
06-19-2019 09:33 PM
Check the config log to see what was last change made?
Also try this from Passive PA --request high-availability sync-to-remote running-config'
06-19-2019 09:39 PM
Do you have link monitoring enabled?
06-19-2019 09:45 PM
check this link
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8NCAS
06-19-2019 10:30 PM
on the passive device can you break the HA by using " request system restart" and verify sync once it is up(as it will restart the all the system deamons).
before that on the passive device cli generate a techsupport file & do a scp to the TAC upload server for analysis.
06-20-2019 10:02 PM
any update on this?
06-26-2019 01:30 AM
Hello
Already we have referred this article. but it couldn't help us
Regards
Asik
08-11-2020 08:48 PM
So, I wanted to chime in here because I had the same issue, and solved it. This was near the top of my google search, so hopefully it helps somebody else.
The resolution was to manually sync the configurations, then once synced, perform the automatic synch, which succeeded.
To manually sync, go to Device->Setup->Operations, then "save a named configuration snapshot". Open it in a text editor. There will be some basic information that you need to edit manually: management address and HA IPs and peer IPs, and hostname. It will help to make a note of all of this information beforehand, and then search the document by the IPs you are looking to edit. Other than that, everything can be overwritten.
Once the edits have been made, jump on the backup FW to the same screen, and Import named configuration snapshot. Then Load named configuration snapshot and commit.
Once committed, you can go back to the primary FW and force the auto-synch.
Hope this helped somebody!
Greg
08-17-2020 04:08 PM
Yep I had this too. Turns out, there was a commit lock present on the peer device.
I found out because attempting a manual sync (on the active device) gave an error about it.
Too bad the system log on the dashboard doesn't simply show that right away.
10-19-2021 01:56 PM
This helped me out today. Thank you for the post and response.
04-15-2022 05:18 AM
Digging this up from the grave. Having a similar issue. I'm questioning the command you selected. I believe this would push the passive devices config to the active device. Would it not? request high-availability sync-to-remote running-config, to me indicates syncing to the active device. Wouldnt I run this on the Active device to push it to the passive device?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!