This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

HA running configuration not sync

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

HA running configuration not sync

MohammedAsik
L3 Networker

‎06-19-2019 06:14 AM

Hi Team

 

We are facing the issue with HA running config not synchronized 

 

 

>> We have restarted the both active and passive firewall management server and push the configuration by execute the cli command 'request high-availability sync-to-remote running-config' but its showing as " Failed to synchronize running configuration with HA peer". We have tried with both via cli and GUI but its fail.

 

 

>> In Passive firewall not able to login via GUI properly. after I enter the login credentials of firewall it will automatically exit the firewall,sometime only i can able to to login properly. 

 

>> While execute the mp-log ha_agent.log

+0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:30:57.317 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:30:57.317 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:31:06.045 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:31:06.045 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:31:06.045 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:32:42.804 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:32:42.804 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:32:42.804 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:35:49.250 +0530 debug: ha_sysd_mgmt_finsync_notifier_callback(src/ha_sysd.c:2521): Mgmtsrvr sent finsync failure.

 

>> Please help us to resolve this issue.

 

Thanks & Regards
Mohammed Ashik

0 Likes Likes
14 REPLIES 14

kiwi
Community Team Member

‎06-19-2019 06:32 AM

Hi @MohammedAsik ,

 

Did you make a recent change which triggered this behaviour ?

Have you tried again after reverting the change ?

 

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

OtakarKlier
Cyber Elite
Cyber Elite
In response to kiwi

‎06-19-2019 07:25 AM

Hello,

Also if this is the first time you setup HA on these units, you will first need to perform a manual sync by clicking the Sync to Peer hyperlink.

 

Regards,

0 Likes Likes

MohammedAsik
L3 Networker
In response to kiwi

‎06-19-2019 07:45 AM

Hi kiwi 

 

Yeah we reverted the change and tried. 

 

But it didn't help us

0 Likes Likes

MohammedAsik
L3 Networker
In response to MohammedAsik

‎06-19-2019 09:26 PM

Hi Otakar

 

This is not a new configuration. Already which is working fine..

From last two days we are facing the running configuration sync issue.

 

Note : We have tried by clicking the Sync to Peer hyperlink but its not sync

 

 

0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to MohammedAsik

‎06-19-2019 09:33 PM

Check the config log to see what was last change made?

Also try this from Passive PA  --request high-availability sync-to-remote running-config'

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to MohammedAsik

‎06-19-2019 09:39 PM

Do you have link monitoring enabled?

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to MohammedAsik

‎06-19-2019 09:45 PM

check this link

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8NCAS

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Sanssj
L2 Linker

‎06-19-2019 10:30 PM

on the passive device can you break the HA by using " request system restart" and verify sync once it is up(as it will restart the all the system deamons).
before that on the passive device cli generate a techsupport file & do a scp to the TAC upload server for analysis.

0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to MohammedAsik

‎06-20-2019 10:02 PM

any update on this?

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

MohammedAsik
L3 Networker
In response to MP18

‎06-26-2019 01:30 AM

Hello

 

Already we have referred this article. but it couldn't help us

 

Regards

Asik

0 Likes Likes

ITICID
L1 Bithead
In response to MohammedAsik

‎08-11-2020 08:48 PM

So, I wanted to chime in here because I had the same issue, and solved it. This was near the top of my google search, so hopefully it helps somebody else.

 

The resolution was to manually sync the configurations, then once synced, perform the automatic synch, which succeeded.

 

To manually sync, go to Device->Setup->Operations, then "save a named configuration snapshot". Open it in a text editor. There will be some basic information that you need to edit manually: management address and HA IPs and peer IPs, and hostname. It will help to make a note of all of this information beforehand, and then search the document by the IPs you are looking to edit. Other than that, everything can be overwritten.

 

Once the edits have been made, jump on the backup FW to the same screen, and Import named configuration snapshot. Then Load named configuration snapshot and commit. 

 

Once committed, you can go back to the primary FW and force the auto-synch.

 

Hope this helped somebody!

 

Greg

Sr Network Engineer, Industrial Color

ifstciss
L1 Bithead
In response to ITICID

‎08-17-2020 04:08 PM

Yep I had this too. Turns out, there was a commit lock present on the peer device.

I found out because attempting a manual sync (on the active device) gave an error about it.

Too bad the system log on the dashboard doesn't simply show that right away.

(1)

BrandonBogle
L1 Bithead

‎10-19-2021 01:56 PM

This helped me out today. Thank you for the post and response. 

0 Likes Likes

danoman2
L3 Networker
In response to MP18

‎04-15-2022 05:18 AM

Digging this up from the grave.  Having a similar issue.  I'm questioning the command you selected.  I believe this would push the passive devices config to the active device.  Would it not?  request high-availability sync-to-remote running-config, to me indicates syncing to the active device.  Wouldnt I run this on the Active device to push it to the passive device?

  • 39444 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks