HA running configuration not sync

MohammedAsik · ‎06-19-2019

Hi Team

We are facing the issue with HA running config not synchronized

>> We have restarted the both active and passive firewall management server and push the configuration by execute the cli command 'request high-availability sync-to-remote running-config' but its showing as " Failed to synchronize running configuration with HA peer". We have tried with both via cli and GUI but its fail.

>> In Passive firewall not able to login via GUI properly. after I enter the login credentials of firewall it will automatically exit the firewall,sometime only i can able to to login properly.

>> While execute the mp-log ha_agent.log

+0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:30:57.317 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:30:57.317 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:31:06.045 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:31:06.045 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:31:06.045 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:32:42.804 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2745): Ending monitor increase holdup on commit end
2019-06-19 12:32:42.804 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1234): Ending monitor holdup increase after commit in 60 seconds
2019-06-19 12:32:42.804 +0530 Error: ha_state_stop_increase_monitor_holdup(src/ha_state.c:1243): Got into montior holdup increase stop without start
2019-06-19 12:35:49.250 +0530 debug: ha_sysd_mgmt_finsync_notifier_callback(src/ha_sysd.c:2521): Mgmtsrvr sent finsync failure.

>> Please help us to resolve this issue.

Thanks & Regards
Mohammed Ashik

kiwi · ‎06-19-2019

Hi @MohammedAsik ,

Did you make a recent change which triggered this behaviour ?

Have you tried again after reverting the change ?

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

OtakarKlier · ‎06-19-2019

Hello,

Also if this is the first time you setup HA on these units, you will first need to perform a manual sync by clicking the Sync to Peer hyperlink.

Regards,

MohammedAsik · ‎06-19-2019

Hi kiwi

Yeah we reverted the change and tried.

But it didn't help us

MohammedAsik · ‎06-19-2019

Hi Otakar

This is not a new configuration. Already which is working fine..

From last two days we are facing the running configuration sync issue.

Note : We have tried by clicking the Sync to Peer hyperlink but its not sync

MP18 · ‎06-19-2019

Check the config log to see what was last change made?

Also try this from Passive PA --request high-availability sync-to-remote running-config'

MP

Help the community: Like helpful comments and mark solutions.

MP18 · ‎06-19-2019

Do you have link monitoring enabled?

MP

Help the community: Like helpful comments and mark solutions.

MP18 · ‎06-19-2019

check this link

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8NCAS

MP

Help the community: Like helpful comments and mark solutions.

Sanssj · ‎06-19-2019

on the passive device can you break the HA by using " request system restart" and verify sync once it is up(as it will restart the all the system deamons).
before that on the passive device cli generate a techsupport file & do a scp to the TAC upload server for analysis.

MP18 · ‎06-20-2019

any update on this?

MP

Help the community: Like helpful comments and mark solutions.

MohammedAsik · ‎06-26-2019

Hello

Already we have referred this article. but it couldn't help us

Regards

Asik

ITICID · ‎08-11-2020

So, I wanted to chime in here because I had the same issue, and solved it. This was near the top of my google search, so hopefully it helps somebody else.

The resolution was to manually sync the configurations, then once synced, perform the automatic synch, which succeeded.

To manually sync, go to Device->Setup->Operations, then "save a named configuration snapshot". Open it in a text editor. There will be some basic information that you need to edit manually: management address and HA IPs and peer IPs, and hostname. It will help to make a note of all of this information beforehand, and then search the document by the IPs you are looking to edit. Other than that, everything can be overwritten.

Once the edits have been made, jump on the backup FW to the same screen, and Import named configuration snapshot. Then Load named configuration snapshot and commit.

Once committed, you can go back to the primary FW and force the auto-synch.

Hope this helped somebody!

Greg

Sr Network Engineer, Industrial Color

ifstciss · ‎08-17-2020

Yep I had this too. Turns out, there was a commit lock present on the peer device.

I found out because attempting a manual sync (on the active device) gave an error about it.

Too bad the system log on the dashboard doesn't simply show that right away.

BrandonBogle · ‎10-19-2021

This helped me out today. Thank you for the post and response.

danoman2 · ‎04-15-2022

Digging this up from the grave. Having a similar issue. I'm questioning the command you selected. I believe this would push the passive devices config to the active device. Would it not? request high-availability sync-to-remote running-config, to me indicates syncing to the active device. Wouldnt I run this on the Active device to push it to the passive device?

Unlock your full community experience!

HA running configuration not sync

HA running configuration not sync

Show your appreciation!