Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

HA running configuration not sync

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

HA running configuration not sync

L3 Networker

Hi Team

 

We are facing the issue with HA running config not synchronized 

 

 

>> We have restarted the both active and passive firewall management server and push the configuration by execute the cli command 'request high-availability sync-to-remote running-config' but its showing as " Failed to synchronize running configuration with HA peer". We have tried with both via cli and GUI but its fail.

 

 

>> In Passive firewall not able to login via GUI properly. after I enter the login credentials of firewall it will automatically exit the firewall,sometime only i can able to to login properly. 

 

>> While execute the mp-log ha_agent.log

+0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:30:57.317 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:30:57.317 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:31:06.045 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:31:06.045 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:31:06.045 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:32:42.804 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:32:42.804 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:32:42.804 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:35:49.250 +0530 debug: ha_sysd_mgmt_finsync_notifier_callback(src/ha_sysd.c:2521): Mgmtsrvr sent finsync failure.

 

>> Please help us to resolve this issue.

 

Thanks & Regards
Mohammed Ashik

14 REPLIES 14

Community Team Member

Hi @MohammedAsik ,

 

Did you make a recent change which triggered this behaviour ?

Have you tried again after reverting the change ?

 

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hello,

Also if this is the first time you setup HA on these units, you will first need to perform a manual sync by clicking the Sync to Peer hyperlink.

 

Regards,

Hi kiwi 

 

Yeah we reverted the change and tried. 

 

But it didn't help us

Hi Otakar

 

This is not a new configuration. Already which is working fine..

From last two days we are facing the running configuration sync issue.

 

Note : We have tried by clicking the Sync to Peer hyperlink but its not sync

 

 

Check the config log to see what was last change made?

Also try this from Passive PA  --request high-availability sync-to-remote running-config'

MP

Help the community: Like helpful comments and mark solutions.

Do you have link monitoring enabled?

MP

Help the community: Like helpful comments and mark solutions.

check this link

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8NCAS

MP

Help the community: Like helpful comments and mark solutions.

L2 Linker

on the passive device can you break the HA by using " request system restart" and verify sync once it is up(as it will restart the all the system deamons).
before that on the passive device cli generate a techsupport file & do a scp to the TAC upload server for analysis.

any update on this?

MP

Help the community: Like helpful comments and mark solutions.

Hello

 

Already we have referred this article. but it couldn't help us

 

Regards

Asik

So, I wanted to chime in here because I had the same issue, and solved it. This was near the top of my google search, so hopefully it helps somebody else.

 

The resolution was to manually sync the configurations, then once synced, perform the automatic synch, which succeeded.

 

To manually sync, go to Device->Setup->Operations, then "save a named configuration snapshot". Open it in a text editor. There will be some basic information that you need to edit manually: management address and HA IPs and peer IPs, and hostname. It will help to make a note of all of this information beforehand, and then search the document by the IPs you are looking to edit. Other than that, everything can be overwritten.

 

Once the edits have been made, jump on the backup FW to the same screen, and Import named configuration snapshot. Then Load named configuration snapshot and commit. 

 

Once committed, you can go back to the primary FW and force the auto-synch.

 

Hope this helped somebody!

 

Greg

Sr Network Engineer, Industrial Color

Yep I had this too. Turns out, there was a commit lock present on the peer device.

I found out because attempting a manual sync (on the active device) gave an error about it.

Too bad the system log on the dashboard doesn't simply show that right away.

L1 Bithead

This helped me out today. Thank you for the post and response. 

Digging this up from the grave.  Having a similar issue.  I'm questioning the command you selected.  I believe this would push the passive devices config to the active device.  Would it not?  request high-availability sync-to-remote running-config, to me indicates syncing to the active device.  Wouldnt I run this on the Active device to push it to the passive device?

  • 39281 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!